Question & Answer
Question
Cause
Service Organization Control (SOC) reports are independent, third-party assessments conducted by auditors certified by the American Institute of Certified Public Accountants (AICPA). These reports are designed to address the risks associated with outsourcing services.
-
SOC 1 reports focus on an organization's internal controls over client-owned data related to financial reporting. These reports are intended for the use of the organization and their financial auditors, and are not publicly available.
-
SOC 2 reports apply to services that implement controls based on selected Trust Service Principles such as security, availability, and confidentiality.
Answer
SOC 1 and SOC 2 reports are only available for QRadar Cloud environments. These reports pertain to IBM Cloud’s internal controls—SOC 1 addressing financial reporting, and SOC 2 covering system security, availability, and confidentiality. They are maintained by the IBM Cloud compliance team for enterprise governance purposes.
For QRadar On-Premises deployments, which are installed and managed locally by the customer, SOC 1 and SOC 2 reports are not applicable or available by default. Since the on-prem environment falls outside IBM Cloud’s operational scope, these compliance reports are not generated for such installations.
However, if administrators require compliance documentation or assurance for their on-premises setup, we recommend reaching out to the IBM Expert Labs team. They may be able to provide guidance or alternative documentation relevant to the environment and compliance needs.
Related Information
Was this topic helpful?
Document Information
Modified date:
15 October 2025
UID
ibm17247643