Information Security for IBM Maximo

Security Program

Please send security questions, concerns, or suspected malicious activity related to Projetech’s service offering to infosecsupport@projetech.com
Projetech has implemented an ISMS (Information Security Management System) that meets ISO 27001 framework requirements
All Projetech employees undergo standard verifications checks which include criminal background checks and other identification validation requirements prior to employment.
All Projetech employees are required to complete security awareness training on an annual basis.
Projetech employs a formal risk review and mitigation program as part of ISO 27001/27017 requirements.
All critical security related decisions must be formally approved by Projetech’s Executive or Steering Committees.

Change & Patch Management

Projetech’s service includes the maintenance of customer applications and supporting infrastructure to ensure all layers of the solution stack are on the latest supported and secure version.
Patches, upgrades, and other fixes are analyzed in a timely manner and applied using a formal change and patch management system, which is integrated into Projetech’s ticketing and customer communication systems.
Projetech employs a formal reoccurring maintenance schedule that is shared with customers.
All changes to customer applications and supporting infrastructure require formal customer communications sent to pre-designated maintenance contacts.

Customer Communication & Knowledge Base

Projetech’s customer communication solution is integrated into organizational incident response and change management processes. Customers will receive formal communications from Projetech’s ticketing system to pre-designated contacts during incident or change/patch management operations.
Projetech has created an online community that serves as an educational resource for Maximo related topics. Maximo Online Resources & Education (MORE). https://moremaximo.com/home

Join Free

Security Testing & Monitoring

Penetration Testing

Projetech undergoes annual formal penetration testing by a reputable 3^rd party.
Penetration test results are reviewed by the organizational Steering Committee and remediated based on criticality and overall organizational impact.

Vulnerability Management

Projetech performs monthly vulnerability scanning on multiple layers of the solution stack.
Vulnerabilities are categorized based on NISTNVD metrics.
Vulnerability results are considered confidential and are not shared with customers or other 3^rd parties.

Customer Monitoring & Access

Quarterly access control reviews are performed on cloud service infrastructure and associated user accounts.
DNS configuration and SSL certificate management are included as part of Projetech’s cloud service offering.
Projetech’s cloud service includes a customer dashboard to monitor items such as application and supporting infrastructure resources, scheduled maintenance, and other system health related information.

Security Operations & Technology

Projetech’s cloud service includes next-gen firewalls with security features that include but are not limited to intrusion prevention systems (IPS) and DDoS protection.
Projetech’s cloud infrastructure log sources are integrated into a 3^rd party security information and event management (SIEM) solution for threat analysis and retention requirements.
All cloud assets contain endpoint security applications to prevent malware and other malicious activities. All endpoint security applications are updated in real-time.
Projetech’s cloud service includes server auditing using a 3^rd party application to track all cloud user activity and other behavior analysis capabilities.

Identity Management

Projetech’s offering includes the configuration of SSO and other authentication methods.
Projetech recommends implementing SAML authentication. Native and LDAP authentication are also included in Projetech’s service.

Business Continuity

All customer production environments are replicated to a geographically separate data center. In the event of a disaster, customer applications will be restored in an alternate data center with a maximum RPO of 2 hours.
Formal business continuity testing occurs at least once annually.

Quality

Projetech employs a Quality Management System (QMS) and is ISO 9001 certified. See Compliance section below for link to certificate.

Data Security and Backup

Least access principles are leveraged for Projetech support staff with access to customer applications. All Projetech employee access must go through a formal change and review process prior to customer data access.
Projetech employs a full-time Database Administrator to monitor database performance.
All customer data access is logged and monitored.
All customer data is encrypted in-transit and at-rest.
Projetech employs a 3-2-1 backup methodology
Projetech’s backup offering includes a multi-layer strategy covering the entire solution stack.
Customer data is backed up hourly for a maximum RPO of 2 hours and replicated to an alternate data center for disaster recovery requirements.
Customer supporting infrastructure (example: application, database, file server) is backed up daily and replicated to an alternate data center for disaster recovery requirements
All backup and restoration processes are monitored and tested on a continual basis.

Compliance

Strict industry security standards that are internationally recognized for Information Security Management Systems. SOC reports available upon request

Our Infrustructure/Information Security Manager, Tyler Caldwell, published an article in Reliability Web's Uptime Magazine on the importance of ISO 27001.

Learn More

Discover What Maximo as a Service Can Do

Find out how Projetech's Maximo as a Service can help your company get the most return on your Maximo investment.

Learn More