IBM Blueworks Live security policy

This topic describes the security policy followed by IBM Blueworks Live.

Development and engineering standards

IBM Blueworks Live development is done in accordance with the IBM® secure engineering framework to ensure that security is embedded throughout the software development lifecycle.

Privacy and security policies

IBM maintains privacy and security policies that are published and communicated to IBM employees through IBM's intranet site. Employees are required to re-certify annually.

IBM and its data center host each require privacy and security education training for individuals who support the data center where Blueworks Live is hosted.

Blueworks Live security policies and standards are re-evaluated annually to ensure they remain effective and up to date.

Incident management

Blueworks Live security incidents are handled in accordance with the incident response management program of the data center where Blueworks Live is hosted.

Blueworks Live has a documented Disaster Recovery response plan and incident management plan to ensure business continuity and effective response to emergencies.

Security audits and penetration testing

Blueworks Live has annual security audits and penetration tests. Penetration testing, or pen testing, is the practice of testing a computer system, network, or web application for potential security vulnerabilities that an attacker might exploit.

Blueworks Live also allows customers to perform their own penetration testing and security assessments on public URLs but this requires coordination with support to limit the possibility of IP addresses being blocked.

To request a penetration test, open a support ticket through the Blueworks Live support portal .

For more information, see IBM Trust Center .