Security planning

Secure systems do not occur by chance — they have to be designed and built in. Securing systems involves many detailed and sometimes complex steps. Systems may have to comply with strict security compliance regulations or standards.

Obtaining security compliance could take months. Integrating to secured systems may require program changes. Secured networks could impede system data flows. Systems may have to be audited before they are implemented into production.

Assuming your system will be secure and will work as expected when security controls are applied in production WILL result in unscheduled redesign or rework and project delay. Not planning or considering security prior to production or “go live” will add significant risks to your project.

Scope and caveat

We, however, want to make it absolutely clear that architecting, designing and ensuring the overall security of your system remains your responsibility. The recommendations in this document are applicable to the IBM® applications. They do not take into account how the applications fit within your corporate operational environment. They may not apply to your custom code or third party components. They also do not take into account your overall security risk and threat landscape.

Further, nothing herein shall be construed as limiting or reducing your obligations to comply with any applicable laws, regulations or industry standards relating to security or otherwise including, but not limited to, security regulations such as PCI DSS, if applicable. You may undertake activities that may affect compliance. For this reason, IBM is required to be specific only to the standard software that it provides.