Security Enabled
Trust Ensured



Committed to keeping Security, Compliance, and Data Protection at the forefront of our product offerings







We recognize the importance of data privacy to our business and customer trust. Thats why we are committed to handling customer data responsibly. This page describes our approach to privacy, so you can better understand the policies, practises, and technologies that we've put in place. 

Data Privacy

You trust us with your valuable data, and we take protecting that data seriously. We include Data Processing Terms in our customer contracts that apply where we process personal data on your behalf. .



Trust is built on transparency. We strive to provide clear, straightforward information to you about our privacy practices. Check out our Privacy Statement to learn about our approach to privacy when we are the data controller and how to exercise your rights.


Our Products

We strive to build privacy into our products from the outset, taking privacy into account during our product development process. We endeavor to include features and functionalities in our products that give you control over your data.



We build security into everything that we do. Learn more about our approach to security to better understand how our products are secured and feel more confident in how your data is protected..


Our approach to security architecture is built around confidentiality, integrity and availability by design. Through continual evaluation of our security program to identify opportunities for improvement, we work to better meet our customers’ needs.

Policies and Standards

Honeywell implements global policies, standards and procedures covering security, while aligning to industry-standard compliance frameworks. We regularly review and update our security policies to evaluate risks and the effectiveness of controls.

Vulnerability Management

Honeywell systems are monitored for different security aspects, such as cyber attacks and vulnerabilities. We use various automated and manual tools to help identify vulnerabilities which are scored via the CVSS, then remedied by the relevant internal party.


Change Management

Honeywell’s change management process strives to ensure all changes are approved with minimal business impact. All changes, such as patches and applications, are run in a controlled manner, logged and assessed before implementation, then reviewed for impact.

Incident Response

Honeywell’s Security Operations Center (SOC) follows industry security practices and adheres to a defined cybersecurity incident-response policy for monitoring incidents. Our SOC maintains onsite, controlled chain-of-custody during evidence collection.

Product Security Incident Response Team (PSIRT)

PSIRT manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Honeywell products, including software, applications, hardware, devices, services and solutions.


Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.

Application Certifications


Honeywell regularly undergoes a rigorous third-party SOC 2 audit to certify the core cloud platform that our products leverage. These audits evaluate the suitability of the design and operating effectiveness of our compliance controls over a specified period.

Offerings Products Certification Status
Honeywell Forge Performance⁺ For Distribution Centers Workforce Intelligence SOC2 Type 2 It is certified for the year 2022 and the 2023 certification is in progress
Asset Performance
Site Performance
Honeywell Forge Sustainability⁺ For Buildings | Carbon & Energy Management Carbon & Energy Management SOC2 Type 1 Readiness assesment SOC2 Type 1 Readiness assesment in progress, Certification in pipeline for 2024
Honeywell Forge Performance⁺ For Buildings Predictive Maintenance SOC2 Type 1 Readiness assesment SOC2 Type 1 Readiness assement in progress, Certification in pipeline for 2024
Honeywell Forge Performance⁺ For Industrials Asset Performance SOC2 Type 2 It is certified for the year 2022 and the 2023 certification is in progress
Production Intelligence NA SOC2 Type 2 in pipeline for 2024
Honeywell Forge Sustainability⁺ For Industrials Emissions Management SOC2 Type 1 Readiness assesment SOC2 Type 1 Readiness assement in progress, Certification in pipeline for 2024

Honeywell Forge cloud products are built on Microsoft Azure. Microsoft maintains industry-leading compliance and security certifications covering Azure cloud services, including Cloud Security Alliance (CSA) STAR, ISO 27001 and 27701, and SOC 2 Type 1 and 2.


Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.

Distribution Centers


Asset Performance

Enables proactive performance management and maintenance. Smart recommendations allow teams to get ahead of common maintenance challenges and help increase utilization of assets in critical paths.


Site Performance

Helps managers focus on performance, elevate insights, and manage their teams more effectively. Area-by-area level visibility allows operations managers to quickly identify events and align with teams to prioritize and address issues.





Predictive Maintenance

Bring crucial enhancements to building performance with real-time predictive analytics, equipment models and easy-to-use dashboards work together to show current building performance, identify improvements and help service teams track corrective actions.





Asset Performance

Outcome-based SaaS software and services use predictive analytics to address asset health, integrity, cybersecurity, efficiency and energy performance in one solution. This approach allows for standardized, faster and scalable deployment.


Production Intelligence

Maximize your plant’s throughput capacity by aligning decision-makers and coordinating production around a common, data-driven vision. Help reduce risk and avoid downtime to produce consistent, quality products through sustainable and reliable operations.




Carbon and Energy Management

Our solution deciphers how your building uses energy while providing a clear analysis of energy and carbon emissions at various levels. It uses smart meters, sensors and utility data to sort and analyze data to provide insight into building performance.





Enterprise Emissions Management

Transform how you measure, monitor, reduce and report your decarbonization and sustainability goals with enterprise-wide greenhouse gas emissions accounting, visualization and reporting that provides a holistic, near real-time view of Scope 1 and 2 emissions. .


Frequently Asked Questions

Does Honeywell have a privacy program?

Honeywell is committed to protecting the personal data that we process and complying with applicable data privacy laws in the countries in which we operate. Honeywell’s global privacy program includes a dedicated in-house data privacy team (the “Data Privacy Function”), led by our Chief Privacy Officer, which monitors developments in data privacy regulation globally, including the General Data Protection Regulation (“GDPR”). The Data Privacy Function is responsible for overseeing our data protection strategy and its implementation to ensure compliance with applicable data protection regulations worldwide (which includes formal policies procedures and processes to facilitate data subject rights, privacy impact assessments, data transfers, data retention, appropriate technical and organizational measures, incident response plan, and privacy training and awareness).

Do your employees receive data privacy training?

Honeywell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. Additional privacy training is provided for specific job functions. We work hard to promote a positive culture of data protection compliance across our business.

Does Honeywell conduct privacy impact assessments?

Honeywell generally conducts privacy impact assessments to identify and manage privacy risks associated with new products and services.

What happens when Honeywell receives a data subject access request?

Where the customer is the controller, Honeywell will re-direct the data subject access request to the customer in accordance with our customer agreement. Honeywell will not respond directly to the data subject unless authorized by the customer to do so and mutually agreed between the parties. Where Honeywell is the controller, Honeywell will deal with the data subject access request in accordance with its policies and procedures.

How does Honeywell respond to government requests for access to my data?

Honeywell will not disclose your data to government entities unless required by law, a binding order of a government body, or with your permission. Unless we are legally prevented from doing so, we will seek to give you reasonable notice of any government demands for access to your data to allow you to seek a protective order or other appropriate remedy.

Where is my data stored?

Honeywell uses leading cloud service providers to host our applications. The data centers for Honeywell Forge are primarily located in the United States, but regional deployment models may be available for some products. models. Please contact your sales representatives or the applicable product privacy data sheet for more information regarding in-region cloud hosting availability. 

Does Honeywell make international transfers of personal data?

Honeywell is a large, international organization headquartered in the US, and as such uses multiple affiliates, subsidiaries and third parties to provide different services to maintain its global operations, many of which are located worldwide. Any international data transfers and processing are governed by appropriate agreements between the relevant parties and applicable local laws. For transfers out of the EEA, we rely on the standard contractual clauses approved by the EU Commission for international data transfers.

Who at Honeywell may access my data hosted on Honeywell Forge?

Access to personal data will be granted to authorized employees on a need-to-know basis who are under an obligation of confidentiality. Access will depend on the nature of the data and the context in which services are provided. For example, remote service support may see limited personal data while providing customer service support. Our employees are bound by Honeywell’s policies, including Honeywell’s Code of Conduct.

Who can I contact with additional questions about privacy?

We encourage you to review the pages on the Honeywell Forge Trust site first, as you may find your topic of interest has already been addressed. If you have additional questions, see the Contact Us section of the Honeywell Privacy Statement.

Does Honeywell have policies and procedures designed to ensure the security, confidentiality, integrity and availability of its systems?

Honeywell maintains a suite of security policies that address numerous areas, including physical and logical access, environmental, change management, backup and retention, remote access, firewall management, logging and monitoring, batch processing, segregation of duties, host hardening/vulnerability management and security operations/incident management. We regularly review and update our policies, conduct vulnerability scanning and perform penetration testing to test and monitor compliance with our security policies.

How is security integrated into your development process?

We use a range of tools and practices throughout our secure software development lifecycle where security is embedded into each phase to secure our products. Depending on the product risk profile, these may include threat modeling, security testing and vulnerability scanning. Our developers are trained to follow secure coding guidelines.

Does Honeywell conduct security coding reviews?

Source code reviews and security testing are conducted to identify potential system flaws, with the goal of mitigating risk, protecting data and maintaining intended systems functionality. Requirements of security testing may include confidentiality, integrity, authentication, availability, authorization and nonrepudiation. Actual requirements tested depend on the context of the security implemented by the system.

How does Honeywell define security requirements for products?

We use security design patterns based on Honeywell standards and industry best practices. Components included in our infrastructure, platform and applications are reviewed against these design patterns to identify problematic coding activities that could lead to vulnerabilities in our code.

Does Honeywell follow secure coding guidelines for software development?

Our policies require developers to use secure coding practices and conduct security testing, which are aligned with OWASP guidelines.

How is physical access to data centers holding customer data restricted and monitored?

We use industry-leading cloud service providers who follow comprehensive physical security controls to limit access to authorized personnel. Our data center providers are audited by independent third-party auditors who report their findings via SOC 2 Type 2 reports.

How does Honeywell manage access to systems and services?

Honeywell has a defined procedure for provisioning user access. All users have individual logins. We use role-based access to ensure staff only have access appropriate to their roles. We control access to our corporate applications through a single sign-on platform.

How does Honeywell use data encryption?

Honeywell uses commercially standard cryptography and security protocols to protect the confidentiality and integrity of customer data. 

How does Honeywell manage cryptographic keys?

Cryptographic keys are managed according to defined policies and procedures. Duties are segregated to ensure an appropriate level of security controls.

What are Honeywell’s patch management procedures for securing endpoint devices and production environments?

We use commercially reasonable efforts to promptly apply security patches (including open source software) after potential vulnerabilities become known to us.

Are security events logged?

Logs associated with security events are aggregated and stored centrally and are monitored through Honeywell’s security operations center (SOC).

Does Honeywell have documented incident response plans and procedures for handling security incidents?

Incident response procedures exist for security and data protection incidents, which includes incident analysis, containment, response, remediation, reporting and the return to normal operations. We have an incident response capability which includes a Computer Incident Response Team (CIRT) with a formal process to respond to cyber attacks. Intrusions are logged, monitored and investigated. Incident response plans are maintained, updated and tested on an annual basis.

Does Honeywell provide notice to customers if their data is involved in a security incident?

Yes, we adhere to our incident response procedures to ensure timely reporting of security breaches in compliance with applicable regulatory and contractual requirements.

Does Honeywell prevent and monitor its systems for data breaches?

Yes, we follow industry-leading security practices to enable logging and monitoring of security events through our security operations center (SOC) that helps detect data privacy-related incidents.

Does Honeywell have change-of-control procedures?

Yes, our development and operations teams follow a defined change management process while making configuration changes on applications and their underlying infrastructure platform to ensure all changes are approved and that there is minimal business impact. Changes are logged, assessed and authorized prior to implementation and reviewed against planned outcomes following implementation.

How often does Honeywell scan its networks and applications for vulnerabilities?

Vulnerability scans are conducted periodically with static code scans on every checked-in code change. Open source and container scans are performed on every build. Infrastructure resources are continuously scanned for vulnerabilities.

Does Honeywell have a documented business continuity and disaster recovery plan?

Honeywell follows a global resilience framework that includes conducting business impact analysis and maintaining business continuity plans. Honeywell periodically tests its business continuity and disaster recovery plans as per Honeywell’s Global Resilience framework.

Has an external security certification review (i.e., PIC, SOC 2) been conducted on the company information technology environment and security controls?

Please refer to our Honeywell Forge Compliance Section.

How does Honeywell ensure application security while using open source components in its services?

Honeywell validates and approves usage of open source as part of the security requirements' definition and scans the source code using security tools to help identify and remediate known vulnerabilities.

Does Honeywell perform background checks on all employee candidates, contractors and third parties with access to customer data?

Honeywell performs background checks as part of the recruitment process for employees and contractors, where allowed by local law and as reasonable for job roles.

Do agreements with third parties (for example, subservice providers) include information security, confidentiality and data protection requirements?

Prior to engaging a third-party supplier, Honeywell reviews any proposed engagements and requires suppliers to provide evidence of their security practices. We require suppliers to comply with minimum security requirements, and these standards are incorporated into the supplier’s contract.

Can't find what you're looking for?

If you haven't found what you're looking for, please submit a request for documentation.