IBM Cloud Docs
Understanding compliance with Schematics

Understanding compliance with Schematics

IBM Cloud® Schematics actively participates in several industry compliance programs. As compliance focal, you can use the Schematics goals to check that your organization is adhering to the external and internal standards for your industry. For more information about monitoring compliance, see Getting started with Security and Compliance Center.

As a security or compliance focal, you can use the IBM Cloud Schematics goals to help ensure that your organization is adhering to the external and internal standards for your industry. By using the Security and Compliance Center to validate the resource configurations in your account against a profileA specification of a resource's capacities and capabilities. Different profiles are optimized for different workloads and use cases. A resource's pricing model might depend on its profile., you can identify potential issues as they arise.

All the goals for IBM Cloud Schematics are added to the IBM Cloud® Control Library but can also be mapped to other profiles.

To start monitoring your resources, check out Getting started with Security and Compliance Center.

Available goals for IBM Cloud Schematics

  • Check whether Schematics resources and actions must run in a designated location
  • Check whether Schematics is enabled with encryption
  • Check whether Schematics is enabled with IBM Log Analysis
  • Check whether Schematics has role-based access control (RBAC) for users
  • Check whether Schematics is enabled with IBM Cloud® Monitoring
  • Check whether Schematics workspaces is configured with a specific Terraform version

General Data Protection Regulation (GDPR) readiness

About GDPR and how Schematics adheres to it, see General Data Protection Regulation. View IBM's commitment to GDPR readiness to learn about IBM's GDPR readiness journey and the GDPR capabilities and offerings to support your compliance journey.

Privacy shield

Schematics is privacy shield that is certified. For more information, see the IBM Privacy Shield Privacy Policy for Certified IBM Cloud Services.

International Organization for Standardization (ISO)

Schematics is audited by a Third-party security firm and meet ISO 27001, ISO 27017, ISO 27018, and ISO 27701 requirements. For more information, see the Schematics Compliance page for links to the certificates. The following descriptions on the Schematics compliance page cover the Schematics service and respective certifications:

  • IBM Cloud Services (PaaS and SaaS) certified cloud product listing
  • IBM Cloud Services (PaaS and SaaS) certificate - ISO 27001
  • IBM Cloud Services (PaaS and SaaS) certificate - ISO 27017
  • IBM Cloud Services (PaaS and SaaS) certificate - ISO 27018
  • IBM Cloud Services (PaaS and SaaS) certificate - ISO 27701

SOC 2 Type 2 Certification

IBM provides a Service Organization Controls (SOC) two Type 2 report for Schematics. The reports evaluate IBM's operational controls according to the criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for service providers such as IBM Cloud to safeguard their clients data and information.

You can request an SOC 2 Type 2 report from the Client portal or contact your sales representative. Alternatively, you can open a support ticket with IBM Cloud Support.