IBM Support

QRadar: Compliance issues, audits and support policies

Question & Answer


This article informs administrators about QRadar® Support policies. This document outlines out-of-scope work for compliance cases and the responsibilities of the QRadar administrator. 


Responsibilities for Compliance issues

Compliance in Information Technology ensures that administrators follow strict laws and guidelines in regard to the information collected and stored within a network system. While you use IBM® QRadar® as a tool to protect the confidentiality, integrity, and availability of critical business assets, confidential information might be gathered along the way.  Each customer has to be aware of the information they gather and be aware of local and international laws that govern the use of that information.

Support type Description Responsibility
Compliance issues and support
QRadar® Support can assist with error messages or confirm product functionality for data obfuscation, retention issues, or IBM content packs. For example, QRadar Support can:
  1. Review Data Obfuscation configuration issues or assist with errors in the user interface or QRadar logs.
  2. Investigate issues where retention buckets do not remove event or flow data for the period designated. For common questions, see the Event and Flow Retention FAQ.
  3. Assist administrators where they experience issues with content in IBM compliance content extensions, such as the Compliance, NERC, PCI, HIPPA, SOX, or ISO27001 extensions. Users can report installation problems or open cases when the content contained within a compliance extension, such as a search, custom property, or reports do not function as expected or generate errors.
  4. Assist administrators to resolve Data Node issues or answer general questions about storage or data retention functionality on QRadar appliances.
QRadar technical support

To open a case or report a compliance issue, contact QRadar technical support.
Out-of-scope for QRadar Support The following activities are considered out-of-scope for technical support. QRadar Support reserves the right to close cases related to the following issues:
  1. Requests to confirm whether the data stored within QRadar meets industry compliance standards or local and international laws.
  2. Requests to audit QRadar systems for confidential information that might be collected from event or flow data.
  3. Writing rules, searches, or reports OR tuning existing content for compliance standards. For example, "I need help modifying {search name} for PCI DSS compliant?"
  4. Assistance with migrating data off appliances to long-term storage. 
  5. Reviewing retention buckets for compliance advice. QRadar Support cannot advise on retention policies to ensure data storage is compliant with local or international laws.
For more information, see the governing compliance bodies to review the specifications:

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
29 June 2021