Home cloud Compliance IBM Cloud SOC 2 compliance IBM Cloud® compliance: SOC 2
Illustration showing a person interacting with a computer interface, around which are a security shield and a globe on a pedestal
What is SOC 2?

Service Organization Control (SOC) reports are independent, third-party reports issued by assessors certified by the American Institute of Certified Public Accountants (AICPA) addressing the risk associated with an outsourced service. The AICPA has established Trust Services Criteria (TSC) for security, availability, processing integrity, confidentiality and privacy, against which service organizations may be assessed.

A SOC 2 report evaluates the internal controls that an organization has put in place to protect customer-owned data and provides details about the nature of those internal controls.

Contact an IBM representative to request SOC 2 reports.


IBM position

A SOC 2 report may be provided for IBM services that have implemented controls in accordance with their selected Trust Service Principles. The SOC 2 report demonstrates that IBM designed controls for the selected Trust Service Principles appropriately and that the controls operated effectively for the report period.

The services listed below have a SOC 2 Type 2 report available, representing a period of time during which controls were assessed. As such reports represent an assessment period in the past, a bridge letter may accompany a SOC 2 Type 2 report, in which IBM attests to service control continued performance since the last reporting period ended. 

IBM Service Descriptions (SDs) indicate if a given offering maintains SOC 2 Type 2 compliance status. Services below issue SOC 2 Type 2 reports at least once each year.

See the IBM Cloud infrastructure system description 


  1. IBM Cloud Activity Tracker (via Mezmo)
  2. IBM Cloud App ID
  3. IBM Cloud App Configuration
  4. IBM Cloud Backup
  5. IBM Cloud Backup for VPC
  6. IBM Cloud Bare Metal
  7. IBM Cloud Bare Metal Servers for VPC
  8. IBM Cloud Block Storage
  9. IBM Cloud Block Storage for VPC
  10. IBM Cloud Block Storage Snapshots for Virtual Private Cloud
  11. IBM Cloud Code Engine
  12. IBM Cloud Container Registry
  13. IBM Cloud Continuous Delivery
  14. IBM Cloud Databases for DataStax
  15. IBM Cloud Databases for Elasticsearch
  16. IBM Cloud Databases for EnterpriseDB
  17. IBM Cloud Databases for etcd
  18. IBM Cloud Databases for MongoDB
  19. IBM Cloud Databases for MySQL
  20. IBM Cloud Databases for PostgreSQL
  21. IBM Cloud Databases for Redis
  22. IBM Cloud Direct Link (1.0; Connect, Dedicated, Dedicated Hosting, Exchange)
  23. IBM Cloud Direct Link Connect (2.0)
  24. IBM Cloud Direct Link Dedicated (2.0)
  25. IBM Cloud DNS Services
  26. IBM Cloud Event Notifications
  27. IBM Cloud File Storage
  28. IBM Cloud Flow Logs for VPC
  29. IBM Cloud for VMware Solutions (Dedicated)
  30. IBM Cloud for VMware Solutions Shared
  31. IBM Cloud Foundry Public
  32. IBM Cloud Hardware Security Module
  33. IBM Cloud Hyper Protect Crypto Services
  34. IBM Cloud Internet Services Enterprise Next (via Cloudflare)
  35. IBM Cloud Internet Services Enterprise Package (via Cloudflare)
  36. IBM Cloud Internet Services Enterprise Usage Package (via Cloudflare)
  37. IBM Cloud Internet Services Standard (via Cloudflare)
  38. IBM Cloud Kubernetes Service and Red Hat® OpenShift® on IBM Cloud
  39. IBM Cloud Load Balancer
  40. IBM Cloud Messages for RabbitMQ
  41. IBM Cloud Monitoring (via Sysdig)
  42. IBM Cloud Object Storage
  43. IBM Cloud Object Storage (IaaS)
  44. IBM Cloud Platform – Core Services: Account Managment and Billing, IBM Cloud Catalog, IBM Cloud Global Search & Tagging, IBM Cloud Console, IBM Cloud Identity and Access Management and IBM Cloud Shell
  45. IBM Cloud Satellite
  46. IBM Cloud Schematics
  47. IBM Cloud Secrets Manager
  48. IBM Cloud Security and Compliance Center
  49. IBM Cloud Security and Compliance Center Workload Protection
  50. IBM Cloud Transit Gateway
  51. IBM Cloud Virtual Private Cloud
  52. IBM Cloud Virtual Private Cloud - Load Balancer for VPC: Application Load Balancer and Network Load Balancer
  53. IBM Cloud Virtual Private Cloud - VPN for VPC Site-to-Site Gateway and Client-to-Site Server
  54. IBM Cloud Virtual Private Endpoint for VPC
  55. IBM Cloud Virtual Server for VPC
  56. IBM Cloud Virtual Server for VPC - Auto Scale for VPC
  57. IBM Cloud Virtual Server for VPC - Dedicated Host for VPC
  58. IBM Cloud Virtual Servers
  59. IBM Cloudant Dedicated Cluster
  60. IBM Cloudant for IBM Cloud
  61. IBM Event Streams for IBM Cloud (Standard)
  62. IBM Event Streams for IBM Cloud (Enterprise)
  63. IBM Key Protect for IBM Cloud
  64. IBM Log Analysis (via Mezmo)
  65. IBM Power Virtual Server on IBM Cloud
  66. IPSec VPN
  67. SAP-Certified Cloud Infrastructure
Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs