Cloud Security for IBM Maximo

Learn more about our Information Security

Security Program

  • Please send security questions, concerns, or suspected malicious activity related to Projetech’s service offering to infosecsupport@projetech.com
  • Projetech has implemented an ISMS (Information Security Management System) that meets ISO 27001 framework requirements
  • All Projetech employees undergo standard verifications checks which include criminal background checks and other identification validation requirements prior to employment.
  • All Projetech employees are required to complete security awareness training on an annual basis.
  • Projetech employs a formal risk review and mitigation program as part of ISO 27001/27017 requirements.
  • All critical security related decisions must be formally approved by Projetech’s Executive or Steering Committees.

Change & Patch Management

  • Projetech’s service includes the maintenance of customer applications and supporting infrastructure to ensure all layers of the solution stack are on the latest supported and secure version.
  • Patches, upgrades, and other fixes are analyzed in a timely manner and applied using a formal change and patch management system, which is integrated into Projetech’s ticketing and customer communication systems.
  • Projetech employs a formal reoccurring maintenance schedule that is shared with customers.
  • All changes to customer applications and supporting infrastructure require formal customer communications sent to pre-designated maintenance contacts.

Customer Communication & Knowledge Base

  • Projetech’s customer communication solution is integrated into organizational incident response and change management processes. Customers will receive formal communications from Projetech’s ticketing system to pre-designated contacts during incident or change/patch management operations.
  • Projetech has created an online community that serves as an educational resource for Maximo related topics. Maximo Online Resources & Education (MORE). https://moremaximo.com/home

Security Testing & Monitoring

Penetration Testing

  • Projetech undergoes annual formal penetration testing by a reputable 3rd party.
  • Penetration test results are reviewed by the organizational Steering Committee and remediated based on criticality and overall organizational impact.

Vulnerability Management

  • Projetech performs monthly vulnerability scanning on multiple layers of the solution stack.  
  • Vulnerabilities are categorized based on NISTNVD metrics.
  • Vulnerability results are considered confidential and are not shared with customers or other 3rd parties.

Customer Monitoring & Access

  • Quarterly access control reviews are performed on cloud service infrastructure and associated user accounts.
  • DNS configuration and SSL certificate management are included as part of Projetech’s cloud service offering.
  • Projetech’s cloud service includes a customer dashboard to monitor items such as application and supporting infrastructure resources, scheduled maintenance, and other system health related information.

Security Operations & Technology

  • Projetech’s cloud service includes next-gen firewalls with security features that include but are not limited to intrusion prevention systems (IPS) and DDoS protection.
  • Projetech’s cloud infrastructure log sources are integrated into a 3rd party security information and event management (SIEM) solution for threat analysis and retention requirements.
  • All cloud assets contain endpoint security applications to prevent malware and other malicious activities. All endpoint security applications are updated in real-time.
  • Projetech’s cloud service includes server auditing using a 3rd party application to track all cloud user activity and other behavior analysis capabilities.  

Identity Management

  • Projetech’s offering includes the configuration of SSO and other authentication methods.
  • Projetech recommends implementing SAML authentication. Native and LDAP authentication are also included in Projetech’s service.

Business Continuity

  • All customer production environments are replicated to a geographically separate data center. In the event of a disaster, customer applications will be restored in an alternate data center with a maximum RPO of 2 hours.
  • Formal business continuity testing occurs at least once annually.

Projetech’s Disaster Recovery Methodology

Quality

  • Projetech employs a Quality Management System (QMS) and is ISO 9001 certified. See Compliance section below for link to certificate.

Data Security and Backup

  • Least access principles are leveraged for Projetech support staff with access to customer applications. All Projetech employee access must go through a formal change and review process prior to customer data access.
  • Projetech employs a full-time Database Administrator to monitor database performance.
  • All customer data access is logged and monitored.
  • All customer data is encrypted in-transit and at-rest.
  • Projetech employs a 3-2-1 backup methodology
  • Projetech’s backup offering includes a multi-layer strategy covering the entire solution stack.
  • Customer data is backed up hourly for a maximum RPO of 2 hours and replicated to an alternate data center for disaster recovery requirements.
  • Customer supporting infrastructure (example: application, database, file server) is backed up daily and replicated to an alternate data center for disaster recovery requirements
  • All backup and restoration processes are monitored and tested on a continual basis.

Compliance

Strict industry security standards that are internationally recognized for Information Security Management Systems. SOC reports available upon request

Our Infrustructure/Information Security Manager, Tyler Caldwell, published an article in Reliability Web's Uptime Magazine on the importance of ISO 27001.

Learn More

Discover What Maximo as a Service Can Do

Find out how Projetech's Maximo as a Service can help your company get the most return on your Maximo investment.