Compliance
IBM® Cloud Pak for Business Automation as a Service complies with the following security assessments, which can apply to all add-on services on Cloud Pak for Business Automation as a Service.
Payment Card Industry Data Security Standard (PCI DSS)
PCI CSS is a data security standard for accepting or processing payment transactions. The
standard ensures consistent standards for merchants and service providers that store, process, or
transmit cardholder data. For more information, see PCI CSS
.
.Note: Currently, this certification is limited to specific data
centers within North America.
ISO Standards compliance
When the IBM Support team sets up
your tenant, they adhere to the following standardized procedures:
- 27001 Information Security Management
- 27017 Code of Practice for Information Security Controls
- 27018 Code of Practice for Protecting Personal Data in the Cloud
- 27701 Security techniques for privacy information management
Transport Layer Security (TLS)
Cloud Pak for Business Automation as a Service supports TLS 1.2 as the minimum level of secure communication to subscription endpoints. Supported ciphers are based on ECDHE_RSA key exchange with GCM/CBC based encryption.
For the IBM Operational Decision Manager components, see IBM Operational Decision Manager on Cloud support for Transport Layer Security.