IBM continues to expand our compliance posture for our SaaS offerings with the availability of Type 2 reports for both SOC1 and SOC2 for IBM Cognos Analytics on Cloud. Working with our auditor, PricewaterhouseCoopers LLP, these services were assessed throughout the period May 1, 2020 to October 31, 2020.
What is SOC?
The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), is a standard for internal controls that protect information, data and applications stored in the cloud. Certified Public Accountants (CPAs) audit cloud service providers (CSPs) such as IBM, resulting in internal control reports on the services provided by a service organization such as the IBM Site Reliability Engineering team. SOC reports help customers assess and address the risks associated with an outsourced service.
What is an Internal Control?
An Internal control involves everything that controls risks to an organization. A process to evaluate an organization's objectives in operational effectiveness and efficiency. It is a means by which an organization's resources are directed, monitored, and measured. Resources that are both physical (infrastructure) and intangible(reliability). It plays an important role in detecting and preventing fraud and protecting the data, information, and applications on the cloud.
Why is it Important?
IBM Cognos Analytics on Cloud is a fully managed SaaS offering where a dedicated Site Reliability Engineering (SRE) are responsible for the administration, reliability, and availability of customer environments. This allows customers to outsource IT requirements to IBM so they can undertake more high value tasks in their organization.
This outsourcing done by our customers necessitates two things to be done by IBM. Firstly, to create the documented policies and procedures that make up the IBM security policy for the cloud including the infrastructure, platform and application. A continual focus towards our efforts on implementing our policy well, reviewing it often and continually improving both the features offered and our best practices for operating the services.
And secondly to obtain the compliance through certifications that represent the external assessment completed to ensure our security policies are being followed with rigor. Obtaining this certification is a measure of our commitment that we go to the additional process associated with hiring an external auditor and provide our customers with the reassurance that comes from a certification.
The SOC2 Type 2 report shows our customer the strength and quality of the IBM security policy in place with the assurance that it is being followed with operational effectiveness and efficiency.
How to obtain?
If you are a customer and would like to review the SOC1 Type 2 or the SOC2 Type reports please reach out to your IBM Sales representative.
Try it for yourself!
Want to see for yourself? Try IBM Cognos Analytics free for 30 days!
The Cognos Analytics trial includes:
- Ability to invite up to 5 users
- Full Capabilities of IBM Cognos Analytics on Demand
- A guided demo to explore the solution
- An AI-powered assistant that gives plain language answers
- Self-service analytics that allows any user to get insights
Learn more about IBM Cognos Analytics