2014 Corporate Responsibility Report

Security and privacy

Security is an important consideration for every organization around the world today. At IBM, we not only carefully consider security when developing our technology solutions, we also examine our internal systems and processes to assess how we can best reduce risk to help us maintain the continuity of our business. We know that security has a human element, so we continuously strive to reinforce a cybersecurity-aware culture within our company and throughout the communities around us.

To that end, each of IBM’s active employees completes a mandatory, annual cybersecurity and privacy course. Simulated phishing exercises are periodically conducted for employees to give them hands-on experience in recognizing and avoiding phishing attacks. Additional advanced training is provided on phishing and social engineering, and employees who administer IBM applications, systems and networks receive tailored education to make them aware of their security responsibilities.

Each October, IBM takes part in National Cybersecurity Awareness Month, led by the US Department of Homeland Security and the National Cyber Security Alliance. IBM is a corporate champion of the event and in 2014 used the occasion to launch a series of short, animated cybersecurity videos for employees. Also as part of the month-long event, IBM provides resources for employees to share with family members, neighbors, schools and communities. In addition, IBM conducts year-round IT security awareness campaigns — often focused on specific security risks, countries or business units — with articles, blogs, posters, flyers and other materials designed to reduce security risks and increase our employees’ cybersecurity IQ.

Privacy

Information has become one of the most important and influential forces in the world today. Information enables social progress and economic growth while empowering people, organizations, and communities. By collecting and using information in inventive ways, we are able to explore new opportunities, achieve new goals and gain a deeper understanding of the world around us.

However, as the value of information increases, so does the responsibility to safeguard it. Data can be closely tied to individuals, making it more sensitive. Organizations that collect data must work hard to earn the public’s trust in their ability to steward information, and in turn, consumers must take educated steps to protect themselves and their families.

At IBM, we believe that privacy and data protection must be built into the fabric of our business, and we take this responsibility seriously. We’ve built a globally recognized enterprise privacy program that follows privacy-by-design practices. Our software tools for performing global privacy assessments of IBM’s collection and use of data for our own enterprise have been updated to reflect changes in the law and the environment, and to help us improve risk management and usability.

ibm_governance_wallace_video_thumb

IBM’s Marie Wallace talks about privacy by design and humanizing analytics during a TED Institute presentation.