Home cloud Compliance ISO 20243 IBM Cloud® compliance: ISO 20243
Illustration showing a person interacting with a computer interface, around which are a security shield and a globe on a pedestal
What is ISO 20243?

ISO/IEC 20243-1:2018 is a set of guidelines, requirements and recommendations to help assure the integrity of hardware and software products and protect them from the risk of malicious threats and counterfeiting.

Although issued by the International Organization for Standardization (ISO), the standard was originally created by the Open Group as the "Open Trusted Technology Provider Standard" (O-TTPS) and is still sometimes known by that name.

ISO 20243 dictates best practices for security throughout every phase of a product’s lifecycle: design, sourcing, build, fulfillment, distribution, sustainment and disposal. A product that has achieved O-TTPS certification has demonstrated strict compliance with all of ISO 20243's security guidelines.

Reports and other documentation

ISO 20243 – IBM self-assessment certifications - Open Trusted Technology Provider™ Standard (O-TTPS)

IBM position

IBM’s software products—all standardized and shared multi-tenant IBM cloud offerings, as well as IBM Systems Hardware Products—are all certified under The Open Group O-TTPS Certification Program Self-Assessed tier for O-TTPS and ISO/IEC 20243:2018. This demonstrates that IBM’s product lifecycle has implemented control requirements across three families: (1) product development; (2) secure engineering; and (3) supply chain security. IBM ISO 20243 certificates are published and generally available.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs