Security Enabled
Trust Ensured
Committed to keeping Security, Compliance, and Data Protection at the forefront of our product offerings
Privacy
We recognize the importance of data privacy to our business and customer trust. Thats why we are committed to handling customer data responsibly. This page describes our approach to privacy, so you can better understand the policies, practises, and technologies that we've put in place.
Data Privacy
You trust us with your valuable data, and we take protecting that data seriously. We include Data Processing Terms in our customer contracts that apply where we process personal data on your behalf. .
Transparency
Trust is built on transparency. We strive to provide clear, straightforward information to you about our privacy practices. Check out our Privacy Statement to learn about our approach to privacy when we are the data controller and how to exercise your rights.
Our Products
We strive to build privacy into our products from the outset, taking privacy into account during our product development process. We endeavor to include features and functionalities in our products that give you control over your data.
Security
We build security into everything that we do. Learn more about our approach to security to better understand how our products are secured and feel more confident in how your data is protected..
Principles
Our approach to security architecture is built around confidentiality, integrity and availability by design. Through continual evaluation of our security program to identify opportunities for improvement, we work to better meet our customers’ needs.
Policies and Standards
Honeywell implements global policies, standards and procedures covering security, while aligning to industry-standard compliance frameworks. We regularly review and update our security policies to evaluate risks and the effectiveness of controls.
Vulnerability Management
Honeywell systems are monitored for different security aspects, such as cyber attacks and vulnerabilities. We use various automated and manual tools to help identify vulnerabilities which are scored via the CVSS, then remedied by the relevant internal party.
Change Management
Honeywell’s change management process strives to ensure all changes are approved with minimal business impact. All changes, such as patches and applications, are run in a controlled manner, logged and assessed before implementation, then reviewed for impact.
Incident Response
Honeywell’s Security Operations Center (SOC) follows industry security practices and adheres to a defined cybersecurity incident-response policy for monitoring incidents. Our SOC maintains onsite, controlled chain-of-custody during evidence collection.
Product Security Incident Response Team (PSIRT)
PSIRT manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Honeywell products, including software, applications, hardware, devices, services and solutions.
Compliance
Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.
Application Certifications
Honeywell regularly undergoes a rigorous third-party SOC 2 audit to certify the core cloud platform that our products leverage. These audits evaluate the suitability of the design and operating effectiveness of our compliance controls over a specified period.
Offerings | Products | Certification | Status |
Honeywell Forge Performance⁺ For Distribution Centers | Workforce Intelligence | SOC2 Type 2 | It is certified for the year 2022 and the 2023 certification is in progress |
Asset Performance | |||
Site Performance | |||
Honeywell Forge Sustainability⁺ For Buildings | Carbon & Energy Management | Carbon & Energy Management | SOC2 Type 1 Readiness assesment | SOC2 Type 1 Readiness assesment in progress, Certification in pipeline for 2024 |
Honeywell Forge Performance⁺ For Buildings | Predictive Maintenance | SOC2 Type 1 Readiness assesment | SOC2 Type 1 Readiness assement in progress, Certification in pipeline for 2024 |
Honeywell Forge Performance⁺ For Industrials | Asset Performance | SOC2 Type 2 | It is certified for the year 2022 and the 2023 certification is in progress |
Production Intelligence | NA | SOC2 Type 2 in pipeline for 2024 | |
Honeywell Forge Sustainability⁺ For Industrials | Emissions Management | SOC2 Type 1 Readiness assesment | SOC2 Type 1 Readiness assement in progress, Certification in pipeline for 2024 |
Honeywell Forge cloud products are built on Microsoft Azure. Microsoft maintains industry-leading compliance and security certifications covering Azure cloud services, including Cloud Security Alliance (CSA) STAR, ISO 27001 and 27701, and SOC 2 Type 1 and 2.
Offerings
Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.
Distribution Centers
Asset Performance
Enables proactive performance management and maintenance. Smart recommendations allow teams to get ahead of common maintenance challenges and help increase utilization of assets in critical paths.
Site Performance
Helps managers focus on performance, elevate insights, and manage their teams more effectively. Area-by-area level visibility allows operations managers to quickly identify events and align with teams to prioritize and address issues.
Buildings
Predictive Maintenance
Bring crucial enhancements to building performance with real-time predictive analytics, equipment models and easy-to-use dashboards work together to show current building performance, identify improvements and help service teams track corrective actions.
Industrials
Asset Performance
Outcome-based SaaS software and services use predictive analytics to address asset health, integrity, cybersecurity, efficiency and energy performance in one solution. This approach allows for standardized, faster and scalable deployment.
Production Intelligence
Maximize your plant’s throughput capacity by aligning decision-makers and coordinating production around a common, data-driven vision. Help reduce risk and avoid downtime to produce consistent, quality products through sustainable and reliable operations.
Buildings
Carbon and Energy Management
Our solution deciphers how your building uses energy while providing a clear analysis of energy and carbon emissions at various levels. It uses smart meters, sensors and utility data to sort and analyze data to provide insight into building performance.
Industrials
Enterprise Emissions Management
Transform how you measure, monitor, reduce and report your decarbonization and sustainability goals with enterprise-wide greenhouse gas emissions accounting, visualization and reporting that provides a holistic, near real-time view of Scope 1 and 2 emissions. .
Frequently Asked Questions
Honeywell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. Additional privacy training is provided for specific job functions. We work hard to promote a positive culture of data protection compliance across our business.
Honeywell generally conducts privacy impact assessments to identify and manage privacy risks associated with new products and services.
Where the customer is the controller, Honeywell will re-direct the data subject access request to the customer in accordance with our customer agreement. Honeywell will not respond directly to the data subject unless authorized by the customer to do so and mutually agreed between the parties. Where Honeywell is the controller, Honeywell will deal with the data subject access request in accordance with its policies and procedures.
Honeywell will not disclose your data to government entities unless required by law, a binding order of a government body, or with your permission. Unless we are legally prevented from doing so, we will seek to give you reasonable notice of any government demands for access to your data to allow you to seek a protective order or other appropriate remedy.
Honeywell uses leading cloud service providers to host our applications. The data centers for Honeywell Forge are primarily located in the United States, but regional deployment models may be available for some products. models. Please contact your sales representatives or the applicable product privacy data sheet for more information regarding in-region cloud hosting availability.
Honeywell is a large, international organization headquartered in the US, and as such uses multiple affiliates, subsidiaries and third parties to provide different services to maintain its global operations, many of which are located worldwide. Any international data transfers and processing are governed by appropriate agreements between the relevant parties and applicable local laws. For transfers out of the EEA, we rely on the standard contractual clauses approved by the EU Commission for international data transfers.
Access to personal data will be granted to authorized employees on a need-to-know basis who are under an obligation of confidentiality. Access will depend on the nature of the data and the context in which services are provided. For example, remote service support may see limited personal data while providing customer service support. Our employees are bound by Honeywell’s policies, including Honeywell’s Code of Conduct.
We encourage you to review the pages on the Honeywell Forge Trust site first, as you may find your topic of interest has already been addressed. If you have additional questions, see the Contact Us section of the Honeywell Privacy Statement.
We use a range of tools and practices throughout our secure software development lifecycle where security is embedded into each phase to secure our products. Depending on the product risk profile, these may include threat modeling, security testing and vulnerability scanning. Our developers are trained to follow secure coding guidelines.
Source code reviews and security testing are conducted to identify potential system flaws, with the goal of mitigating risk, protecting data and maintaining intended systems functionality. Requirements of security testing may include confidentiality, integrity, authentication, availability, authorization and nonrepudiation. Actual requirements tested depend on the context of the security implemented by the system.
We use security design patterns based on Honeywell standards and industry best practices. Components included in our infrastructure, platform and applications are reviewed against these design patterns to identify problematic coding activities that could lead to vulnerabilities in our code.
Our policies require developers to use secure coding practices and conduct security testing, which are aligned with OWASP guidelines.
We use industry-leading cloud service providers who follow comprehensive physical security controls to limit access to authorized personnel. Our data center providers are audited by independent third-party auditors who report their findings via SOC 2 Type 2 reports.
Honeywell has a defined procedure for provisioning user access. All users have individual logins. We use role-based access to ensure staff only have access appropriate to their roles. We control access to our corporate applications through a single sign-on platform.
Honeywell uses commercially standard cryptography and security protocols to protect the confidentiality and integrity of customer data.
Cryptographic keys are managed according to defined policies and procedures. Duties are segregated to ensure an appropriate level of security controls.
We use commercially reasonable efforts to promptly apply security patches (including open source software) after potential vulnerabilities become known to us.
Logs associated with security events are aggregated and stored centrally and are monitored through Honeywell’s security operations center (SOC).
Incident response procedures exist for security and data protection incidents, which includes incident analysis, containment, response, remediation, reporting and the return to normal operations. We have an incident response capability which includes a Computer Incident Response Team (CIRT) with a formal process to respond to cyber attacks. Intrusions are logged, monitored and investigated. Incident response plans are maintained, updated and tested on an annual basis.
Yes, we adhere to our incident response procedures to ensure timely reporting of security breaches in compliance with applicable regulatory and contractual requirements.
Yes, we follow industry-leading security practices to enable logging and monitoring of security events through our security operations center (SOC) that helps detect data privacy-related incidents.
Yes, our development and operations teams follow a defined change management process while making configuration changes on applications and their underlying infrastructure platform to ensure all changes are approved and that there is minimal business impact. Changes are logged, assessed and authorized prior to implementation and reviewed against planned outcomes following implementation.
Vulnerability scans are conducted periodically with static code scans on every checked-in code change. Open source and container scans are performed on every build. Infrastructure resources are continuously scanned for vulnerabilities.
Honeywell follows a global resilience framework that includes conducting business impact analysis and maintaining business continuity plans. Honeywell periodically tests its business continuity and disaster recovery plans as per Honeywell’s Global Resilience framework.
Please refer to our Honeywell Forge Compliance Section.
Honeywell validates and approves usage of open source as part of the security requirements' definition and scans the source code using security tools to help identify and remediate known vulnerabilities.
Honeywell performs background checks as part of the recruitment process for employees and contractors, where allowed by local law and as reasonable for job roles.
Prior to engaging a third-party supplier, Honeywell reviews any proposed engagements and requires suppliers to provide evidence of their security practices. We require suppliers to comply with minimum security requirements, and these standards are incorporated into the supplier’s contract.
Can't find what you're looking for?
If you haven't found what you're looking for, please submit a request for documentation.