Data protection
We know that you have questions about security: How does IBM® protect my data? How is my data kept separate, and who has access? What happens if there is a data breach?
IBM uses a holistic, industry-leading approach to data security to help ensure that your data is protected.
What does IBM do to protect my data?
- IBM Cloud and its commitment to security: This application is built on a SOC 2 certified and ISO certified infrastructure. Multiple security layers, from multifactor authentication to secure physical closets, and restricted access to your data to help protect you on every level from the software down to the nuts and bolts.
- Separation of duty for support personnel: only a designated group of data center personnel can access the database if needed for support purposes. Every action is logged.
- IBM is committed to providing our clients and partners with innovative data privacy, security and governance solutions to assist them on their journey to GDPR compliance.
- Application to Privacy Shield: IBM joined the Privacy Shield Framework to comply with European Union (EU) data protection requirements personal data is transferred from the EU to the United States.
- Penetration testing: IBM Cloud services undergo penetration testing prior to production release, and are then tested regularly by IBM and authorized independent third parties.
What are the security controls in BTI?
- Roles (Customer Support Representative (CSR), Company admin, and Company user) govern specific privileges to read, write, and modify the database. For example, a user is restricted to viewing data and changing their personal dashboards. Customer Support Representative (CSR) and Company admin privileges are restricted to management of users, business views, and user groups.
- Passwords and authentication, including the use of the B2B Integration SaaS user ID to access the application. B2B Integration SaaS enforces password protection to help safeguard your personal information.
- Encrypted storage security.
- Encrypted communication channels.
What do I need to do to protect my data?
As a BTI user or administrator, you also have responsibilities in ensuring data confidentiality and integrity, and in preventing unauthorized access.
- Secure your passwords and computer.
- Don't share security credentials, such as your passwords.
- Guard against contamination of the data.
- Grant privileges sparingly. Allow the minimum level of access that is required for the job role.
- Remove users that are no longer actively using the application.
What if something happens?
The IBM state-of-the-art approach helps minimize the possibility of a data breach. However, there is always some level of risk. In the unlikely event of a problem, you are notified in accordance with IBM Security practices in a timely manner.
What is the BTI approach to security?
How do I contact IBM about my data concerns?
DPA@uk.ibm.comClients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.