Trust the security and privacy of IBM Watson Workspace and
IBM Work Services
IBM Watson Workspace and IBM Work Services offerings are secure by design, monitored around-the-clock, and aligned with key standards.
Organizations like yours, large and small, are relying on cloud services that are designed to be secure, protected and aligned with key standards. IBM Watson Workspace and IBM Work Services offerings are built leveraging IBM’s security leadership and culture of security being everyone’s responsibility so your data is yours and is protected by IBM.
Security is embedded throughout the lifecycle of our offerings.
- Deliver security by design, achieved through our Agile security embedded methodologies and culture.
- Focus on enforced standards, tested processes and dedicated tools to protect your data.
- Ensure annual security education and certification by employees.
- Provide operational security enforced by scanning and intrusion detection, continuously updated to keep ahead of new attack vectors.
- Perform regular audits to verify that operational security meets controls.
- Monitor a global security incident process 24x7 with trained personnel ready to strike in the event of a security incident.
- Minimize exposure to outside threats with multiple distinct and redundant architectures.
IBM Watson Workspace and IBM Work Services offerings align with IBM’s commitment to data ownership in a Cognitive world. Following are key points as taken from the IBM blog on data responsibility (https://www.ibm.com/blogs/policy/dataresponsibility-at-ibm/):
- You are not required to relinquish rights to your data to have the benefits of IBM’s Watson solutions and services.
- We believe the unique insights derived from your data are your competitive advantage, and we will not share them without your agreement.
- IBM client agreements are transparent. We will not use your data unless you agree to such use and we will limit that use to the specific purposes clearly described in the agreement.
- IBM employs industry-leading security practices to safeguard data. This includes use of encryption, access control methodologies, and proprietary consent management modules which allow us to restrict access to authorized users and to de-identify data in accordance with applicable permissions.
IBM Watson Workspace and IBM Work Services offerings are designed to protect your proprietary content and data.
- Access to your data, including any personal data, is allowed only by authorized personnel in accordance with principles of segregation of duties, strictly controlled under identity and access management policies, and monitored in accordance with IBM’s internal privileged user monitoring and auditing program.
- Access to your data is only granted as necessary to deliver services and support to you (that is, least required privilege).
- We are choosing strategically to align with many industry and country requirements, while continuously monitoring regulatory environments for new requirements.
- IBM Watson Workspace and IBM Work Services offerings utilize data centers located in the US.
- IBM Watson Workspace is Privacy Shield certified.
- IBM will sign EU Model Clauses (EUMC) agreements where required.
- IBM Watson Workspace and IBM Watson Work Services offerings are GDPR compliant.
Watson Workspace offerings utilize SSO for secure and unified logon through IBM ID.
Your data is encrypted in transit and at rest. While in transit, data is encrypted using TLS 1.2 or greater. When at rest, data is encrypted using AES 256 or greater. The following figures illustrate how and where encryption takes place in further detail.
Industry and Global Standard Alignment
IBM has a common set of security standards and information security controls implemented across the IBM Watson Work portfolio. We regularly review them against industry standards and regulations. IBM Watson Workspace and IBM Work Services offerings are aligned with the industry standards and we have an aggressive certification roadmap which includes general, horizontal (e.g., ISO27k, SOC 1, SOC 2, etc.); regional (e.g., GDPR, Cloud Computing Compliance Controls Catalogue, etc.) and industry-based certifications (e.g., HIPAA, PCI, FFIEC, etc.).
IBM Watson Workspace is Privacy Shield certified and IBM Workspace Plus certification is in progress. Details of IBM Privacy Shield certification can be found on IBM.com at https://www.ibm.com/privacy/details/us/en/privacy_shield.html.
IBM Watson Workspace and IBM Work Services are certified under the International Organization for Standardization (ISO) 27000 family of standards. From the ISO website:
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
IBM Watson Workspace and IBM Work Services offerings are audited by a third-party security firm and meet all of the requirements for ISO 27001:2013 certification. The certificate can be found on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=KUJ12445USEN.
Additionally, IBM Watson Workspace and IBM Work Services offerings have been audited and certified compliant to the ISO 27017:2015 and ISO 27018:2014 standards. The description of those standards from the ISO website is as follows:
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
The certificate for ISO 27017:2015 can be found at https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=KUJ12466USEN& and the ISO 27018:2014 certificate can be found at https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=KUJ12467USEN&.
All IBM offerings certified can be found in the Product listing External SDA https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=KUJ12444USEN&.