Customer Data Terms and Policies within IBM Technology Zone Environments

This document was created to answer IBM Technology Zone Users questions regarding using Customer Data in any IBM Technology Zone environment. 
 

IBM Technology Zone Terms and Conditions
The IBM Technology Zone Terms and Conditions are reviewed annually in alignment with guidance from the Business Information Security Office (BISO) and IBM Legal, including policies related specifically to customer data usage. Please always refer to the most recent Terms for the latest requirements.

In summary, it is your responsibility to properly classify any customer data used within IBM Technology Zone infrastructure. You must not use customer data—or any information that identifies individuals or organizations IBM does business with, including your own—within these environments. IBMers should review the Privacy@IBM: Guidance on PI/SPI for additional direction on data types that are inappropriate for use within TechZone. Additionally, End User Security Policies have been added to the Terms and Conditions to maintain a compliant and secure platform for all users. Continue reading this knowledge article to understand the classifications of Customer Data that we do/do not support.

Supported Customer Data Classifications: 

• Publicly available (example of data available through the web is BERKELEY SETI RESEARCH CENTER) -
• Anonymized / Obfuscated / Masked 
• Non-PI

IMPORTANT - Email your legal "one-pager" to the client prior to working with their publicly available, obfuscated data. (*signature not required). If customer has any concerns with agreement, you must engage with legal. Legal is working w/ CIO office to create a “contract generator” which will supersede existing “one pager” at a future date.

NOT Supported Customer Data Classifications:

• No regulated data allowed. 
• Regulated - PI, SPI, PCI, PHI, Financial Data, Other. 
• Governed by a plethora of global/federal/local regulations
• GDPR, HIPAA, GLB, FTC, CCPA, Sarbanes-Oxley, + many others.
   

Customer Data Classification Support

If you need support classifying customer data or a risk assessment associated with your engagement, please contact the Corporate BISO team directly in Slack: #corporate-biso-help.
 

Regulated Customer Data Environment Requests

If you have an environment that needs regulated customer data or you need an environment on TechZone that does not support the customer data option, please submit a TechZone Custom Request and select option "Environments for Regulated customer data". 

For this request, you would have to provide a customer's cloud account, and TechZone will provide credits to apply toward the cost of the project. To get started we need an estimate of the costs to set aside the credit amount to be applied to the customer account.

NOTE: Customer data environments may need to go through Business Information Security Office (BISO) for legal approval please be aware that this process can add an additional month for necessary legal reviews.