GDPR readiness

B2B Integration SaaS is a web-based, multi-tenant, software-as-a-service (SaaS) platform that is a data-driven self-service solution with a flexible data schema that allows customers to determine the data elements to be stored, collected, and processed.

IBM services are designed to protect your proprietary content and data. For more information on and privacy and security, as well as the terms and conditions related to the B2B Integration SaaS can be found at these links:

Security and Data Access Controls

IBM has physical, administrative, and technological procedures in place to help ensure that all information processing facilities are secure. Additionally, IBM security standards for B2B Integration SaaS are audited annually using the ISO 27001 standards by a third party.

Only permanent personnel of IBM have access to the personal data that is processed on behalf of our customers. Employees receive training on data protection and other relevant requirements via face to face, video, or online methods. Additionally, board level employees, management, and IT Security attend GDPR awareness training.

Direct access to customer data (at the database layer) is restricted to authorized IBM personnel whose regular job responsibilities require such access and is reviewed by management and Information Security on a quarterly basis to ensure the access remains current and appropriate. Access to the infrastructure in the production environments hosting customer data is restricted to authorized personnel and requires a secure VPN with two-factor (software token) authentication. To access production servers, which are configured to deny direct login, administrators must use SSH to connect to a bastion host and authenticate using LDAP credentials that are independent of those used to access the corporate network; access to network devices is restricted and controlled via TACACS.

For more information regarding these procedures, visit these links:

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.