// Trust & Security Report

    International Business Machines Corporation (IBM) logo

    International Business Machines Corporation (IBM)

    IBM Cognos Analytics - enterprise business intelligence and data analytics platform with agentic AI, available in cloud-hosted (SaaS), on-premises, and containerized (Cloud Pak for Data) deployment models

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    IBM Cognos Analytics on Cloud expands compliance posture with availability of SOC 1 Type 2, SOC 2 Type 2 Reports. These services were assessed throughout the period May 1, 2020 to October 31, 2020 with auditor PricewaterhouseCoopers LLP.

    Verify on community.ibm.com
    SOC 1 Type 2
    HELD

    IBM Cognos Analytics on Cloud holds SOC 1 Type 2 certification, assessed May 1, 2020 to October 31, 2020 by PricewaterhouseCoopers LLP.

    Verify on community.ibm.com
    ISO 27001
    HELD

    IBM has obtained business unit certifications for ISO 27001 (information security management system). IBM maintains ISO 27001 certifications by country and business unit.

    Verify on ibm.com
    ISO 27017 (Cloud Services)
    HELD

    IBM has obtained business unit certifications for ISO 27017 (information security for cloud services).

    Verify on ibm.com
    ISO 27018 (PII in Public Cloud)
    HELD

    IBM has obtained business unit certifications for ISO 27018 (information security for PII in public clouds).

    Verify on ibm.com
    ISO 27701 (Privacy Management)
    HELD

    IBM Cloud's PaaS and SaaS offerings have implemented a Privacy Information Management System (PIMS) under ISO/IEC 27701:2019.

    Verify on ibm.com
    GDPR
    HELD

    IBM provides GDPR process automation for Cognos Analytics. The IBM Cognos GDPR tool facilitates discovery and analysis of Cognos content for personal information and has capabilities to optionally delete or modify Cognos objects or outputs that contain personal and sensitive information.

    Verify on ibm.com
    > Show 4 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    IBM Cloud supports HIPAA and provides BAA agreements. HIPAA-eligible services include Watson Studio, Watson Machine Learning, and Watson Knowledge Catalog in specific regions. IBM Cloud Pak for Data has HIPAA considerations documented, but Cognos Analytics is not explicitly listed as HIPAA-ready in publicly available documentation.

    source: ibm.com
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification for IBM Cognos Analytics or IBM Cloud services found.

    source: ibm.com
    FedRAMP
    NOT CONFIRMED

    No evidence of FedRAMP certification for IBM Cognos Analytics in public documentation.

    source: ibm.com
    PCI DSS
    NOT CONFIRMED

    No evidence of PCI DSS certification for IBM Cognos Analytics in public documentation.

    source: ibm.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EU and US data residency options available; customers can select EU or US hosting in cloud deployment

    Customer data is used for necessary processing within the tool. Data is not used to train IBM's AI models without explicit customer consent. IBM Cognos Analytics includes agentic AI capabilities (AI assistant, reporting agents) but does not train on customer data by default.

    // Security controls

    Encryption in transit

    TLS/SSL (Transport Layer Security) configurable; can configure specific TLS versions and cipher suites

    ibm.com

    Encryption at rest

    Supported via AES-256 encryption on cloud platforms (Azure, IBM Cloud); database passwords encrypted when saved

    ibm.com

    FIPS mode

    Can be enabled to use only FIPS 140-2 certified security modules; uses IBM Crypto for C and OpenSSL. Not enabled by default due to performance considerations.

    ibm.com

    Access control

    Role-based access control (RBAC), fine-grained permissions, integration with external authentication (LDAP, Active Directory), granular administrative controls

    ibm.com

    Audit and governance

    Centralized governance, audit trails, certified data models, compliance-ready reporting

    ibm.com

    Data handling

    Data retention policies allow secure deletion upon customer request or at contract termination. Complies with GDPR and regional privacy laws.

    ibm.com

    // Products & data scope

    Cognos Analytics Cloud HostedSaaS / Cloud BI

    data: Single-tenant cloud deployment on IBM Cloud data centers; SOC 2 Type 2 and SOC 1 Type 2 certified

    Managed by IBM; guaranteed uptime, automatic backups, dedicated IBM Cloud Ops; can access on-premises data via VPN

    Cognos Analytics On-PremisesOn-Premises BI

    data: Customer-hosted and managed; full control over data and infrastructure

    Ideal for organizations prioritizing data security and governance; customer responsible for security implementation

    Cognos Analytics Cloud Pak for DataContainerized / Kubernetes BI

    data: Fully containerized; deployable in any cloud (IBM Cloud, Azure, AWS, GCP) or on-premises

    Full Kubernetes support; flexible, scalable, cost-efficient; customer manages deployment security

    Cognos Analytics AWS MarketplaceCloud BI (AWS)

    data: Deployment via AWS Marketplace in AWS infrastructure

    Leverages AWS security and compliance controls

    // What to watch

    • SOC 2 Type 2 certification is from 2020 (assessment period May-Oct 2020) - now 5+ years old and should be refreshed with current audit
    • Product-specific ISO 27001 certification not explicitly documented; corporate and business unit certifications exist but product applicability unclear
    • HIPAA eligibility unclear: IBM Cloud supports HIPAA with BAA, but Cognos Analytics not explicitly listed as HIPAA-ready; Cloud Pak for Data has HIPAA considerations but Cognos not specifically mentioned
    • Marketing claims 'compliance-ready reporting' and 'certified data models' but specific certifications not exhaustively documented across all deployment types (on-premises, containers)
    • Trust center and compliance pages mostly unavailable (403 Forbidden) for direct verification; information gathered from community posts and support pages
    • FIPS mode can be enabled but product is not FIPS-certified by default; some configuration files not encrypted with FIPS-certified providers
    • Over-claim risk: Vendor marketing emphasizes compliance and governance but specific product certifications less clearly delineated than corporate certifications

    // At a glance

    Pricing model

    Per-authorized-user SaaS subscription (cloud-hosted); Standard ($11.25/user/month) and Premium ($44.90/user/month); on-premises requires licensing; container deployment available

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on International Business Machines Corporation (IBM)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    ibm.com

    > Browse all vendor trust reports