Security Enabled
Trust Ensured

 

 

Committed to keeping Security, Compliance, and Data Protection at the forefront of our product offerings

 

 

 

 

 

Privacy

We recognize the importance of data privacy to our business and customer trust. Thats why we are committed to handling customer data responsibly. This page describes our approach to privacy, so you can better understand the policies, practises, and technologies that we've put in place. 

Data Privacy

You trust us with your valuable data, and we take protecting that data seriously. We include Data Processing Terms in our customer contracts that apply where we process personal data on your behalf. .

DATA PROCESSING TERMS »

Transparency

Trust is built on transparency. We strive to provide clear, straightforward information to you about our privacy practices. Check out our Privacy Statement to learn about our approach to privacy when we are the data controller and how to exercise your rights.

PRIVACY STATEMENT »

Our Products

We strive to build privacy into our products from the outset, taking privacy into account during our product development process. We endeavor to include features and functionalities in our products that give you control over your data.

FORGE OFFERINGS »

Security

We build security into everything that we do. Learn more about our approach to security to better understand how our products are secured and feel more confident in how your data is protected..

Principles

Our approach to security architecture is built around confidentiality, integrity and availability by design. Through continual evaluation of our security program to identify opportunities for improvement, we work to better meet our customers’ needs.

Policies and Standards

Honeywell implements global policies, standards and procedures covering security, while aligning to industry-standard compliance frameworks. We regularly review and update our security policies to evaluate risks and the effectiveness of controls.

Vulnerability Management

Honeywell systems are monitored for different security aspects, such as cyber attacks and vulnerabilities. We use various automated and manual tools to help identify vulnerabilities which are scored via the CVSS, then remedied by the relevant internal party.


 

Change Management

Honeywell’s change management process strives to ensure all changes are approved with minimal business impact. All changes, such as patches and applications, are run in a controlled manner, logged and assessed before implementation, then reviewed for impact.

Incident Response

Honeywell’s Security Operations Center (SOC) follows industry security practices and adheres to a defined cybersecurity incident-response policy for monitoring incidents. Our SOC maintains onsite, controlled chain-of-custody during evidence collection.

Product Security Incident Response Team (PSIRT)

PSIRT manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Honeywell products, including software, applications, hardware, devices, services and solutions.

Compliance

Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.

Certifications

 

OFFERINGS

PRODUCT LINE

CERTIFICATION

Honeywell Forge

Workforce Intelligence

SOC2 Type II

Asset Performance

Honeywell Forge Performance+ (Platform)

NA

CSA STAR Level I

Visitor Management (SINE)

Core

SOC2 Type I

Workflows

Companies

SinePoint Pro (for iPad)

Sine Pro (for iOS & Android)

Connected Logistics (Movilizer)

Movilizer Standard Apps / SAP

ISO 27001:2013, ISO 9001:2015

Cloud Direct Store Delivery

Standard Apps / Cloud T&T

Advanced Compliance Tracking (ACT)

Repository Solutions

Connected Life Sciences (Sparta)

Honeywell Lifesciences Applications Suite (HLSAS) Offering Project

ISO 9001:2015, SOC2 Type II

TrackWise

TrackWise Digital

Cyber MSS (Houston, Texas, US)

Managed Security Services

ISO 20000-1:2018, ISO 27001:2013

Cyber MSS (Bucharest, Romania, EU)

Managed Security Services

ISO 20000-1:2018, ISO 27001:2013

Cyber MSS (Part of Bucharest, Romania, EU (AMIR)

Advanced Monitoring & Incident Response (AMIR)

ISO 20000-1:2018

Some of Honeywell Forge cloud products are built on Microsoft Azure, Amazon Web Services or Salesforce Cloud. The cloud services maintain industry-leading compliance and security certifications such as Cloud Security Alliance (CSA) STAR, ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and FedRAMP.

Offerings

Honeywell Forge maintains a comprehensive security program designed to protect customer data confidentiality, integrity and availability in accordance with the highest industry standards. We undergo independent third-party audits and use best-in-class cloud providers, so your organization can feel confident that your data is secure and protected.

Distribution Centers

 

Asset Performance

Enables proactive performance management and maintenance. Smart recommendations allow teams to get ahead of common maintenance challenges and help increase utilization of assets in critical paths.

LEARN MORE | DATASHEET

Site Performance

Helps managers focus on performance, elevate insights, and manage their teams more effectively. Area-by-area level visibility allows operations managers to quickly identify events and align with teams to prioritize and address issues.

LEARN MORE | DATASHEET


 

Buildings

 

Predictive Maintenance

Bring crucial enhancements to building performance with real-time predictive analytics, equipment models and easy-to-use dashboards work together to show current building performance, identify improvements and help service teams track corrective actions.

LEARN MORE | DATASHEET


 

Industrials

 

Asset Performance

Outcome-based SaaS software and services use predictive analytics to address asset health, integrity, cybersecurity, efficiency and energy performance in one solution. This approach allows for standardized, faster and scalable deployment.

LEARN MORE | DATASHEET

Production Intelligence

Maximize your plant’s throughput capacity by aligning decision-makers and coordinating production around a common, data-driven vision. Help reduce risk and avoid downtime to produce consistent, quality products through sustainable and reliable operations.

LEARN MORE | DATASHEET

Buildings

 

Carbon and Energy Management

Our solution deciphers how your building uses energy while providing a clear analysis of energy and carbon emissions at various levels. It uses smart meters, sensors and utility data to sort and analyze data to provide insight into building performance.

LEARN MORE | DATASHEET


 

Industrials

 

Enterprise Emissions Management

Transform how you measure, monitor, reduce and report your decarbonization and sustainability goals with enterprise-wide greenhouse gas emissions accounting, visualization and reporting that provides a holistic, near real-time view of Scope 1 and 2 emissions. .

LEARN MORE | DATASHEET

Frequently Asked Questions

Does Honeywell have a privacy program?

Honeywell is committed to protecting the personal data that we process and complying with applicable data privacy laws in the countries in which we operate. Honeywell’s global privacy program includes a dedicated in-house data privacy team (the “Data Privacy Function”), led by our Chief Privacy Officer, which monitors developments in data privacy regulation globally, including the General Data Protection Regulation (“GDPR”). The Data Privacy Function is responsible for overseeing our data protection strategy and its implementation to ensure compliance with applicable data protection regulations worldwide (which includes formal policies procedures and processes to facilitate data subject rights, privacy impact assessments, data transfers, data retention, appropriate technical and organizational measures, incident response plan, and privacy training and awareness).

Do your employees receive data privacy training?

Honeywell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. Additional privacy training is provided for specific job functions. We work hard to promote a positive culture of data protection compliance across our business.

Does Honeywell conduct privacy impact assessments?

Honeywell generally conducts privacy impact assessments to identify and manage privacy risks associated with new products and services.

What happens when Honeywell receives a data subject access request?

Where the customer is the controller, Honeywell will re-direct the data subject access request to the customer in accordance with our customer agreement. Honeywell will not respond directly to the data subject unless authorized by the customer to do so and mutually agreed between the parties. Where Honeywell is the controller, Honeywell will deal with the data subject access request in accordance with its policies and procedures.

How does Honeywell respond to government requests for access to my data?

Honeywell will not disclose your data to government entities unless required by law, a binding order of a government body, or with your permission. Unless we are legally prevented from doing so, we will seek to give you reasonable notice of any government demands for access to your data to allow you to seek a protective order or other appropriate remedy.

Where is my data stored?

Honeywell uses leading cloud service providers to host our applications. The data centers for Honeywell Forge are primarily located in the United States, but regional deployment models may be available for some products. models. Please contact your sales representatives or the applicable product privacy data sheet for more information regarding in-region cloud hosting availability. 

Does Honeywell make international transfers of personal data?

Honeywell is a large, international organization headquartered in the US, and as such uses multiple affiliates, subsidiaries and third parties to provide different services to maintain its global operations, many of which are located worldwide. Any international data transfers and processing are governed by appropriate agreements between the relevant parties and applicable local laws. For transfers out of the EEA, we rely on the standard contractual clauses approved by the EU Commission for international data transfers.

Who at Honeywell may access my data hosted on Honeywell Forge?

Access to personal data will be granted to authorized employees on a need-to-know basis who are under an obligation of confidentiality. Access will depend on the nature of the data and the context in which services are provided. For example, remote service support may see limited personal data while providing customer service support. Our employees are bound by Honeywell’s policies, including Honeywell’s Code of Conduct.

Who can I contact with additional questions about privacy?

We encourage you to review the pages on the Honeywell Forge Trust site first, as you may find your topic of interest has already been addressed. If you have additional questions, see the Contact Us section of the Honeywell Privacy Statement.

Does Honeywell have policies and procedures designed to ensure the security, confidentiality, integrity and availability of its systems?

Honeywell maintains a suite of security policies that address numerous areas, including physical and logical access, environmental, change management, backup and retention, remote access, firewall management, logging and monitoring, batch processing, segregation of duties, host hardening/vulnerability management and security operations/incident management. We regularly review and update our policies, conduct vulnerability scanning and perform penetration testing to test and monitor compliance with our security policies.

How is security integrated into your development process?

We use a range of tools and practices throughout our secure software development lifecycle where security is embedded into each phase to secure our products. Depending on the product risk profile, these may include threat modeling, security testing and vulnerability scanning. Our developers are trained to follow secure coding guidelines.

Does Honeywell conduct security coding reviews?

Source code reviews and security testing are conducted to identify potential system flaws, with the goal of mitigating risk, protecting data and maintaining intended systems functionality. Requirements of security testing may include confidentiality, integrity, authentication, availability, authorization and nonrepudiation. Actual requirements tested depend on the context of the security implemented by the system.

How does Honeywell define security requirements for products?

We use security design patterns based on Honeywell standards and industry best practices. Components included in our infrastructure, platform and applications are reviewed against these design patterns to identify problematic coding activities that could lead to vulnerabilities in our code.

Does Honeywell follow secure coding guidelines for software development?

Our policies require developers to use secure coding practices and conduct security testing, which are aligned with OWASP guidelines.

How is physical access to data centers holding customer data restricted and monitored?

We use industry-leading cloud service providers who follow comprehensive physical security controls to limit access to authorized personnel. Our data center providers are audited by independent third-party auditors who report their findings via SOC 2 Type 2 reports.

How does Honeywell manage access to systems and services?

Honeywell has a defined procedure for provisioning user access. All users have individual logins. We use role-based access to ensure staff only have access appropriate to their roles. We control access to our corporate applications through a single sign-on platform.

How does Honeywell use data encryption?

Honeywell uses commercially standard cryptography and security protocols to protect the confidentiality and integrity of customer data. 

How does Honeywell manage cryptographic keys?

Cryptographic keys are managed according to defined policies and procedures. Duties are segregated to ensure an appropriate level of security controls.

What are Honeywell’s patch management procedures for securing endpoint devices and production environments?

We use commercially reasonable efforts to promptly apply security patches (including open source software) after potential vulnerabilities become known to us.

Are security events logged?

Logs associated with security events are aggregated and stored centrally and are monitored through Honeywell’s security operations center (SOC).

Does Honeywell have documented incident response plans and procedures for handling security incidents?

Incident response procedures exist for security and data protection incidents, which includes incident analysis, containment, response, remediation, reporting and the return to normal operations. We have an incident response capability which includes a Computer Incident Response Team (CIRT) with a formal process to respond to cyber attacks. Intrusions are logged, monitored and investigated. Incident response plans are maintained, updated and tested on an annual basis.

Does Honeywell provide notice to customers if their data is involved in a security incident?

Yes, we adhere to our incident response procedures to ensure timely reporting of security breaches in compliance with applicable regulatory and contractual requirements.

Does Honeywell prevent and monitor its systems for data breaches?

Yes, we follow industry-leading security practices to enable logging and monitoring of security events through our security operations center (SOC) that helps detect data privacy-related incidents.

Does Honeywell have change-of-control procedures?

Yes, our development and operations teams follow a defined change management process while making configuration changes on applications and their underlying infrastructure platform to ensure all changes are approved and that there is minimal business impact. Changes are logged, assessed and authorized prior to implementation and reviewed against planned outcomes following implementation.

How often does Honeywell scan its networks and applications for vulnerabilities?

Vulnerability scans are conducted periodically with static code scans on every checked-in code change. Open source and container scans are performed on every build. Infrastructure resources are continuously scanned for vulnerabilities.

Does Honeywell have a documented business continuity and disaster recovery plan?

Honeywell follows a global resilience framework that includes conducting business impact analysis and maintaining business continuity plans. Honeywell periodically tests its business continuity and disaster recovery plans as per Honeywell’s Global Resilience framework.

Has an external security certification review (i.e., PIC, SOC 2) been conducted on the company information technology environment and security controls?

Please refer to our Honeywell Forge Compliance Section.

How does Honeywell ensure application security while using open source components in its services?

Honeywell validates and approves usage of open source as part of the security requirements' definition and scans the source code using security tools to help identify and remediate known vulnerabilities.

Does Honeywell perform background checks on all employee candidates, contractors and third parties with access to customer data?

Honeywell performs background checks as part of the recruitment process for employees and contractors, where allowed by local law and as reasonable for job roles.

Do agreements with third parties (for example, subservice providers) include information security, confidentiality and data protection requirements?

Prior to engaging a third-party supplier, Honeywell reviews any proposed engagements and requires suppliers to provide evidence of their security practices. We require suppliers to comply with minimum security requirements, and these standards are incorporated into the supplier’s contract.

Can't find what you're looking for?

If you haven't found what you're looking for, please submit a request for documentation.