FAQs for IBM Cloud for Financial Services
Answers to common questions about IBM Cloud for Financial Services and the IBM Cloud Framework for Financial Services.
What are the supported reference architectures for the IBM Cloud for Financial Services?
What is a consumer and what is an application provider?
We refer to the entity that uses (consumes) the application as the consumer and the entity that deploys (provides) the application as the application provider. This documentation generally assumes that you are a an application provider.
The application provider and consumer might be the same when the organization providing the application also consumes it (for example, a financial institution deploys an application for internal use by others in their company). Or, they can be different when a third-party ISV provides an application for a financial institution to use.
Application providers who are within financial institutions are not beholden to the IBM Cloud Framework for Financial Services control requirements.
What does it mean for a service to be IBM Cloud for Financial Services Validated?
IBM Cloud for Financial Services Validated designates that an IBM Cloud service or ecosystem partner service has evidenced compliance to the controls of the IBM Cloud Framework for Financial Services and can be used to build solutions that might themselves be validated.
Should I only use IBM or third-party managed services that are IBM Cloud for Financial Services Validated?
Generally speaking, you should strive to use only services which are Financial Services Validated in your solutions. However, depending on your circumstance there may be exceptions. See the best practice Use only services that are IBM Cloud for Financial Services Validated for more details and potential exceptions.
What if I don't want to use managed services, but I want to install and manage my own software?
Self-installed (or "bring your own") software from third parties is permitted without special approval. Examples include databases, logging stacks, web application firewalls, and so on. But just like first-party software you might develop and deploy, self-installed third-party software must comply with all of the requirements of the IBM Cloud Framework for Financial Services. And, it is your responsibility to provide appropriate supporting evidence.
For more information, see Ensure all usage of software meets IBM Cloud Framework for Financial Services controls.