Compliance

IBM Blueworks Live adheres to a number of standard certifications.

Blueworks Live is part of the IBM Cloud® Services ISMS ISO 27001:2013, 27017:2015, 27018:2014, and 27701:2019 certification program. The ISO standards specify the requirements for establishing, implementing, maintaining, and continually improving an information security management system. They also include requirements for the assessment and treatment of information security risks. See IBM Cloud compliance programs External link opens a new window or tab for more information. The IBM® certificates are available online.

  • ISO 27001 External link opens a new window or tab is a widely-adopted global security standard outlining the requirements for information-security management systems and provides a systematic approach to managing company and customer information based on periodic risk assessments.
  • ISO 27017 External link opens a new window or tab gives guidelines for information-security controls applicable to the provisioning and use of cloud services, as well as implementation guidance for both cloud service providers and cloud service customers.
  • ISO 27018 External link opens a new window or tab establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO 29100 for the public cloud computing environment.
  • ISO 27701 External link opens a new window or tab provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System.

Blueworks Live is hosted on IBM Cloud. SOC 2 audits are performed annually on the IBM data center facility to ensure that the facility is equipped to protect customer data. Service Organization Control (SOC) reports are independent, third-party reports issued by assessors certified by the American Institute of Certified Public Accountants (AICPA), addressing the risks associated with an outsourced service. SOC reports are internal control reports intended for organizations and the auditors who audit financial statements.

SOC 1 and SOC 2 reports for the data centers are available from IBM Cloud by opening a support ticket from the IBM support portal External link opens a new window or tab.

Customers who want to receive additional information or any other report, including the Penetration Test Executive Summary or ISO Statement of Applicability (SOA), must contact their sales team to complete a Non-Disclosure Agreement. For more information about pen testing, see IBM Blueworks Live security policy.

The Blueworks Live team reviews security and privacy-related activities for compliance with IBM requirements. Assessments and audits are completed annually by the Blueworks Live team to confirm compliance with its information security policies.

Workforce security education and awareness training is completed by the Blueworks Live team on an annual basis. IBM personnel are reminded of their job objectives, and their responsibility to meet ethical business conduct and Blueworks Live security obligations.