Cloud Security for IBM Maximo

Learn more about our Information Security

Get the Security Bundle

Security Program

  • Projetech has implemented an ISMS (Information Security Management System) that meets ISO 27001 framework requirements
  • All Projetech employees undergo standard verifications checks which include criminal background checks and other identification validation requirements prior to employment.
  • All Projetech employees are required to complete security awareness training on an annual basis.
  • Projetech employs a formal risk review and mitigation program as part of ISO 27001/27017 requirements.
  • All critical security related decisions must be formally approved by Projetech’s Executive or Steering Committees.

Change & Patch Management

  • Projetech’s service includes the maintenance of customer applications and supporting infrastructure to ensure all layers of the solution stack are on the latest supported and secure version.
  • Patches, upgrades, and other fixes are analyzed in a timely manner and applied using a formal change and patch management system, which is integrated into Projetech’s ticketing and customer communication systems.
  • Projetech employs a formal reoccurring maintenance schedule that is shared with customers.
  • All changes to customer applications and supporting infrastructure require formal customer communications sent to pre-designated maintenance contacts.

Customer Communication & Knowledge Base

  • Projetech’s customer communication solution is integrated into organizational incident response and change management processes. Customers will receive formal communications from Projetech’s ticketing system to pre-designated contacts during incident or change/patch management operations.
  • Projetech has created an online community that serves as an educational resource for Maximo related topics. Maximo Online Resources & Education (MORE). https://moremaximo.com/home

Security Testing & Monitoring

Penetration Testing

  • Projetech undergoes annual formal penetration testing by a reputable 3rd party.
  • Penetration test results are reviewed by the organizational Steering Committee and remediated based on criticality and overall organizational impact.

Vulnerability Management

  • Projetech performs monthly vulnerability scanning on multiple layers of the solution stack.  
  • Vulnerabilities are categorized based on NISTNVD metrics.
  • Vulnerability results are considered confidential and are not shared with customers or other 3rd parties.

Customer Monitoring & Access

  • Quarterly access control reviews are performed on cloud service infrastructure and associated user accounts.
  • DNS configuration and SSL certificate management are included as part of Projetech’s cloud service offering.
  • Projetech’s cloud service includes a customer dashboard to monitor items such as application and supporting infrastructure resources, scheduled maintenance, and other system health related information.

Security Operations & Technology

  • Projetech’s cloud service includes next-gen firewalls with security features that include but are not limited to intrusion prevention systems (IPS) and DDoS protection.
  • Projetech’s cloud infrastructure log sources are integrated into a 3rd party security information and event management (SIEM) solution for threat analysis and retention requirements.
  • All cloud assets contain endpoint security applications to prevent malware and other malicious activities. All endpoint security applications are updated in real-time.
  • Projetech’s cloud service includes server auditing using a 3rd party application to track all cloud user activity and other behavior analysis capabilities.  

Identity Management

  • Projetech’s offering includes the configuration of SSO and other authentication methods.
  • Projetech recommends implementing SAML authentication. Native and LDAP authentication are also included in Projetech’s service.

Business Continuity

  • All customer production environments are replicated to a geographically separate data center. In the event of a disaster, customer applications will be restored in an alternate data center with a maximum RPO of 2 hours.
  • Formal business continuity testing occurs at least once annually.

Projetech’s Disaster Recovery Methodology

Quality

  • Projetech employs a Quality Management System (QMS) and is ISO 9001 certified. See Compliance section below for link to certificate.

Data Security

  • Least access principles are leveraged for Projetech support staff with access to customer applications. All Projetech employee access must go through formal change and review process prior to customer data access.
  • Projetech employs a full-time Database Administrator.
  • All customer data is encrypted in-transit and at-rest.
  • Projetech employs a multi-layer strategy that uses the 3-2-1 backup methodology.

Compliance

Strict industry security standards that are internationally recognized for Information Security Management Systems.

Our Infrustructure/Information Security Manager, Tyler Caldwell, published an article in Reliability Web's Uptime Magazine on the importance of ISO 27001.

Learn More

Discover What Maximo as a Service Can Do

Find out how Projetech's Maximo as a Service can help your company get the most return on your Maximo investment.