About IBM Cloud global compliance programs

As cloud computing markets continue to expand, so does the challenge of compliance and data protection across international boundaries. To help you meet global guidelines, IBM Cloud® provides programs and certifications that help you establish and strengthen compliance for a wide range of internationally recognized standards.

CSA STAR

The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote security assurance best practices within cloud computing. CSA provides the Security, Trust and Assurance Registry (STAR) — a free, publicly accessible registry that documents the security controls provided by cloud computing offerings.

IBM publishes several CSA STAR Level 1 Self-Assessment Consensus Assessments Initiative Questionnaires, including IBM Cloud® Infrastructure, IBM Cloud Platform, IBM Cloud Services, and IBM Watson® on IBM Cloud.

IBM Cloud services: ISO

IBM Cloud platform services certified with ISO 9000, ISO 22301, and ISO 31000 include:

IBM Cloud Bare Metal
IBM Cloud Block Storage
IBM Cloud Direct Link
IBM Cloud File Storage
IBM Cloud Hardware Security Module
IBM Cloud Object Storage
IBM Cloud Object Storage (IaaS)
IBM Cloud Virtual Servers

IBM Cloud ISO-certified services

See a list of IBM Cloud services certified with ISO 27001, 27017, and 27018.

View listing (PDF, 398 KB)

IBM corporate-wide certifications

IBM has obtained corporate-wide certifications for ISO 9001, ISO 14001, ISO 50001 and OHSAS 1800.

View more information

SOC

The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protect information stored in the cloud. Certified Public Accountants (CPAs) audit cloud service providers (CSPs), resulting in internal control reports on the services provided by a service organization. SOC reports can help users assess and address the risks associated with an outsourced service.

See the IBM Cloud infrastructure system description (PDF, 511 KB)

SOC 1 is an audit of the internal controls at a service organization implemented to protect client-owned data involved in client financial reporting. SOC 1 audits and reports are based on the Statement on Standards for Attestation Engagements (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).

SOC 2 audits, based on the AICPA Trust Service Principles and Criteria, gauge service organization internal controls implemented to protect customer-owned data. SOC 2 reports provide details about the nature of those internal controls.

Register or log in to request the IBM public cloud (infrastructure and PaaS) SOC 1 and SOC 2 reports.

Contact an IBM representative to request the SOC 1 and SOC 2 reports for all other IBM Cloud services.

A SOC 3 report is a condensed, publicly available version of the SOC 2 Type 2 audit report of controls put in place by service organizations. SOC 3 reports are intended for users that don't need the full details of an SOC 2 report. 

See the IBM Cloud infrastructure SOC 3 report (PDF, 417 KB)

See the IBM Cloud platform as a service (PaaS) SOC 3 report (PDF, 242 KB)

See the IBM Cloud Foundry Public SOC 3 report (PDF, 145 KB)

Learn more about the IBM Cloud platform services listed below.

SOC logo

IBM Cloud platform services with SOC 1 Type 2 reports include:

IBM Cloud App ID
IBM Cloud Bare Metal
IBM Cloud Block Storage
IBM Cloud Container Registry
IBM Cloud Databases for Elasticsearch
IBM Cloud Databases for etcd
IBM Cloud Databases for MongoDB
IBM Cloud Databases for PostgreSQL
IBM Cloud Databases for Redis
IBM Cloud Dedicated
IBM Cloud Direct Link
IBM Cloud File Storage
IBM Cloud for VMware Solutions
IBM Cloud Foundry Enterprise Environment
IBM Cloud Foundry Public
IBM Cloud Hardware Security Module
IBM Cloud Kubernetes Service
IBM Cloud Kubernetes Service — Red Hat® OpenShift® Kubernetes Service
IBM Cloud Messages for RabbitMQ
IBM Cloud Object Storage
IBM Cloud Object Storage (IaaS)
IBM Cloud Platform - Public
IBM Cloud Virtual Servers
IBM Cloudant® Dedicated Cluster
IBM Cloudant for IBM Cloud
IBM Event Streams for IBM Cloud Enterprise
IBM Key Protect for IBM Cloud
IBM Push Notifications for IBM Cloud

IBM Cloud platform services with SOC 2 Type 2 reports include:

IBM Cloud Activity Tracker with LogDNA (via LogDNA)
IBM Cloud App ID
IBM Cloud Bare Metal
IBM Cloud Block Storage
IBM Cloud Container Registry
IBM Cloud Databases for Elasticsearch
IBM Cloud Databases for etcd
IBM Cloud Databases for MongoDB
IBM Cloud Databases for PostgreSQL
IBM Cloud Databases for Redis
IBM Cloud Dedicated
IBM Cloud Direct Link
IBM Cloud File Storage
IBM Cloud for VMware Solutions
IBM Cloud Foundry Enterprise Environment
IBM Cloud Foundry Public
IBM Cloud Hardware Security Module
IBM Cloud Internet Services (via Cloudflare®)
IBM Cloud Kubernetes Service
IBM Cloud Kubernetes Service — Red Hat OpenShift Kubernetes Service
IBM Cloud Messages for RabbitMQ
IBM Cloud Object Storage
IBM Cloud Object Storage (IaaS)
IBM Cloud Platform - Public
IBM Cloud Virtual Servers
IBM Cloudant Dedicated Cluster
IBM Cloudant for IBM Cloud
IBM Event Streams for IBM Cloud Enterprise
IBM Key Protect for IBM Cloud
IBM Log Analysis with LogDNA (via LogDNA)
IBM Push Notifications for IBM Cloud

IBM Cloud infrastructure services and PaaS offerings in the SOC 3 report include:

Infrastructure —

IBM Cloud Bare Metal
IBM Cloud Block Storage
IBM Cloud Direct Link
IBM Cloud File Storage
IBM Cloud Hardware Security Module
IBM Cloud Object Storage (IaaS)
IBM Cloud Virtual Servers

PaaS —

IBM Cloud App ID
IBM Cloud Container Registry
IBM Cloud Databases for Elasticsearch
IBM Cloud Databases for etcd
IBM Cloud Databases for MongoDB
IBM Cloud Databases for PostgreSQL
IBM Cloud Databases for Redis
IBM Cloud Dedicated
IBM Cloud for VMware Solutions
IBM Cloud Foundry Enterprise Environment
IBM Cloud Foundry Public
IBM Cloud Kubernetes Service
IBM Cloud Kubernetes Service — Red Hat OpenShift Kubernetes Service
IBM Cloud Messages for RabbitMQ
IBM Cloud Object Storage
IBM Cloud Platform - Public
IBM Event Streams for IBM Cloud Enterprise
IBM Key Protect for IBM Cloud
IBM Push Notifications for IBM Cloud