What regulations does Cloud Pak for Data comply with?

Cloud Pak for Data complies with the following security and privacy assessments, which may or may not apply to all add-on services on Cloud Pak for Data.

Customers are responsible for ensuring their own readiness for the laws and regulations that apply to them.

Customers are responsible for identifying and interpreting any relevant laws and regulations that may affect their users and any actions their users might need to take to comply with these laws and regulations.

Customers must track whether personal information is present in their data. Cloud Pak for Data is not aware of the presence of personal information in the data that it handles.

Accessibility

IBM is committed to accessibility. Accessibility features that follow compliance guidelines are included in the content and documentation to benefit users with disabilities.

For more information, see Accessibility features in product content and documentation.

FIPS compliance

Federal Information Processing Standards (FIPS) are standards and guidelines issued by the National Institute of Standards and Technology (NIST) for federal government computer systems. The standards are developed when there are compelling federal government requirements for standards, such as for security and interoperability, but acceptable industry standards or solutions do not exist. Government agencies and financial institutions use these standards to ensure that products conform to specified security requirements.

To run Cloud Pak for Data on a Federal Information Processing Standards (FIPS) compliant system, see:

GDPR

You are responsible for ensuring your readiness for the laws and regulations, including the European Union General Data Protection Regulation. For more information, see IBM Cloud Pak for Data considerations for GDPR readiness.

HIPAA

The US Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Cloud Pak for Data is not specifically aware of the presence of protected health information (PHI) or electronic protected health information (ePHI). You are responsible for ensuring your HIPAA readiness if your Cloud Pak for Data environment is used to handle PHI or ePHI data.

For more information, see IBM Cloud Pak for Data considerations for HIPAA readiness.