IBM Support

IBM Connections Docs GDPR documentation

Technote (FAQ)


Question

How does IBM Connections Docs support removing personal information when requested by users?

Cause

The following Q&A provides information on commonly asked questions about how IBM Connections Docs supports compliance with the European Union's GDPR ruling.

Answer

Access Controls
What access controls capabilities does the product provide to limit access to Personal Data to support the Client in meeting its compliance obligations?


IBM Docs delegates all access control to the repository (IBM Connections Files or 3rd party repository), so if a user can access(edit or view) the document stored in repository then the user can edit or view it in IBM Docs.

For details about IBM Connections access control, refer to IBM Connections GDPR documentation technote.

Data Retention minimization
Where does the product store data, and how the client can delete data about an individual to support client in meeting its compliance obligations?

All data will be stored in the repository (IBM Connections Files or 3rd party repository). It’s repository product’s responsibility to enable client to search and delete related document in repository. For the content that is under editing, the data will be cached as draft in IBM Docs. The content will be finally published into the repository after editing is completed. Refer to IBM Docs Knowledge Center for details.

Data Subject Access
What capabilities does the product provide to correct an individual's data in all its instances to support client in meeting its compliance obligations?

All data will finally be stored in the repository (IBM Connections Files or 3rd party repository).  It’s repository product’s responsibility to provide correcting capabilities.


How does the product support the ability to extract individual data in a machine readable format for an individual data subject?

Same situation as above. It’s repository product’s responsibility to support the ability.

How does the product support the capability to provide individuals with a report on their personal data that is being processed?

Same situation as above. It’s repository product’s responsibility to support the ability.

Encryption
How does the product provide encryption for data in transit capabilities to support Client in meeting its compliance obligations?

IBM Docs supports https for both client/server and server/server communications. Instructions are available at IBM Docs Knowledge Center.

How does provide encryption capabilities for data "at rest” to support Client in meeting its compliance obligations?

Client can use disk level encryption on IBM Docs draft folder. Instructions are available at IBM Docs Knowledge Center.

Information Security
Where can the client find information about the security and privacy capabilities of the product to support them in meeting their compliance obligations?

Find information at IBM Docs Knowledge Center.

Where can the client find information about the security of the product (e.g. ISO certifications, technical security capabilities) available to support the Client in meeting their compliance obligations?

Find information at IBM Docs Knowledge Center.

Logging & Monitoring

What logging / monitoring capabilities does the product provide in order to support the client in meeting its compliance obligations?

Same situation as Access control. It’s repository product’s responsibility to support the ability.

Pseudonymisation
Does the product provide pseudonymisation capabilities to support the client in meeting its compliance obligations?

Same situation as above. It’s repository product’s responsibility to support the ability.

Right to Restrict / Object Service
How does the product allow the client to stop processing data of a particular individual to support the client in meeting its compliance obligations?

Refer to IBM Connections Knowledge Center and IBM Docs Knowledge Center for details.

Secure Deletion
What information is available regarding the capability of the product to delete Personal Data to support the Client in meeting its compliance obligations?

Refer to IBM Connections Knowledge Center and IBM Docs Knowledge Center for details.

Separation of duties
Explain how the product provides specific suggested roles and accesses that customers can use to compartmentalize and restrict access in order to meet their compliance obligations regarding "Separation of Duties"?

Same situation as Access Control. It’s repository product’s responsibility to support the ability.

Standards
Please provide statements regarding the standards that the product meets (e.g. ISO certifications, etc.) and assurances that the product development process follows the "Privacy by Design" principles in order to support the Client in meeting their compliance obligations?

IBM maintains a set of internal security policies, standards, and processes consistent with the International Standards Organization (ISO) 27001 framework and control areas. We also maintain many industry-related certifications such as ISO 9001, ISO 20000, and Capability Maturity Model Integration (CMMI).

Our comprehensive Service Organization Controls (SOC) reporting program is undergoing several Statement on Standards for Attestation Engagements (SSAE) 16 or equivalent audits covering many IT services and associated controls, from managed services delivery through to managed security services. We continue to develop this external auditing approach to cover our cloud services as they evolve and to ensure compliance with requirements.

Privacy reviews align IBM Connections Docs with comprehensive, regularly updated IBM policies on privacy and client data protection, which can be found in the IBM Online Privacy Statement.

Technical & Configuration Guidance
Please provide references to technical and configuration guides that allow the Client to understand how to change settings within the offering to minimize access to Personal Data?

Refer to IBM Connections Knowledge Center and IBM Docs Knowledge Center for details.

Document information

More support for: IBM Connections Docs

Software version: 2.0

Operating system(s): Linux, Windows

Reference #: 2016118

Modified date: 07 May 2018


Translate this page: