Get the Maximo Application Suite E-Book Here

What IBM Maximo Users Need From Information Security

Tyler Caldwell, CISSP, Director of Security Operations, Projetech
December 22, 2020

Maximo handles critical information, such as customer, asset location, maintenance scheduling, and contractual data. If this information is stolen, lost, or compromised, a company would be unable to track and maintain its assets properly, possibly resulting in a major malfunction or shutdown. Stolen financial information can be used to commit fraud.

When choosing a partner for Maximo, companies want to know why they should trust the Maximo provider with their data. What is the technology provider doing to protect their information? 

IBM Maximo users need to partner with a technology provider that has the right certifications, can provide a layered security strategy, and protects data in the cloud. The Maximo partner should have a framework of security controls in place that include administrative, technical, and physical controls.

Key Certifications

ISO 27001 certification is critical for an IBM Maximo provider. This certification must be renewed regularly and demonstrates that a technology provider maintains strict industry security standards that are internationally recognized for information security management systems. 

To attain certification, the provider must undergo and pass a rigorous audit. This third-party accreditation from the International Standards Organization shows that the company has done its due diligence in maintaining a security program. 

ISO 27017 certification shows that a Maximo provider enforces cloud security. When working with an ISO 27017 certified partner, your business can feel confident about putting asset management data in the cloud.

A Layered Security Strategy

A Maximo provider should take a layered approach to security. No single approach to security is adequate. A security strategy should eliminate any single point of failure. 

Maximo users need to leverage more than one security solution to protect asset and customer data. Administrative, physical, and technical controls must be in place to create an effective security framework. 

A layered security approach uses policies and procedures to cover everything from change management and server provisioning to behind-the-scenes administrative controls, such as network monitoring and alerts. 

Other layers may include security information and event management (SIEM) with log management, firewalls, endpoint security controls for malware, and a security operations center (SOC). A SIEM can send alerts and can be linked to threat intelligence systems so that threats can be prioritized and evaluated for authenticity.

Backup and disaster recovery are also part of the strategy. Maximo users want to know what RTOs and RPOs they can expect from a technology provider. They demand that any partner they work with have a robust disaster recovery methodology in place.

Security Program Maturity

Maximo users expect their information security partner to show all the signs of trustworthiness. Security program maturity demonstrates that a partner can be relied upon to protect Maximo data. 

Projetech displays all the hallmarks of security program maturity. At Projetech, we have an entire team dedicated to security, including an IBM Champion. We work to earn and maintain industry-recognized certifications, such as ISO 27001 and ISO 27017.  

Our layered approach to security leverages leading solutions that handle administrative, technical, and physical security. This suite of security solutions includes next-generation firewalls, SIEM systems and an industry accepted backup and recovery solution.  

Finding a Trusted Maximo Security Partner

When looking for a Maximo provider, your company should have information security front-of-mind. Be sure to ask prospective partners questions about the comprehensiveness of their security strategies.  

At Projetech, our company mission is to keep our customers secure. We make security a priority by offering a portfolio of solutions that protect Maximo data. 

Continuously working to raise our information security game, we have plans to add automation and orchestration to our SIEM solution so we can quickly analyze the millions of data points that go through the system.

Because everything we do is cloud-related, Projetech has earned an ISO 27017 certification for cloud security. We understand that availability is a key driver for moving Maximo to the cloud. With our cloud-based disaster recovery, we can lose a data center and still restore in a short amount of time.

We are more agile than most cloud providers because we are not tied down to legacy equipment. Our hardware is constantly refreshed, and our network connections are redundant and much faster than those of our competitors. 

Get more details on Projetech Information Security for Maximo. Access our Security Bundle

Share this post
Tyler Caldwell, CISSP, Director of Security Operations, Projetech
December 22, 2020
Maximo as a Service

More Blogs

Simplify Specification Screens by Utilizing {CLASSSPECVALUE} in Maximo

Simplify Specification Screens by Utilizing {CLASSSPECVALUE} in Maximo

A couple of years ago I found some IBM documentation in the Maximo Developing Applications 7.5 documentation. This documentation showed how you can use {CLASSSPECVALUE} in the application designer to consolidate the 3 columns into 1 column for the user to both read and enter values. I have added a copy of the IBM documentation below for easy reference. In my experience, this has been very reliable and I use it anytime I am given the opportunity. I hope you find it helpful too.
Read post
The Challenges of Retaining Top Talent

The Challenges of Retaining Top Talent

Employees are the backbone of any business, and their success can make or break your company's potential for achievement. I wanted to share a few things we do, in the hopes of opening a dialogue with others on how they face this challenge.
Read post
The Importance of Training for Maximo

The Importance of Training for Maximo

When was the last training session at your facility? Any changes in personnel that are users? How do they get on-boarded into their responsibilities with Maximo? Implementation done and you are in full production for Maximo?
Read post

Join the Community of 3,000+ Maximo Users

MORE provides a space for users to find resources and discuss the complexities of Maximo software with peers and experts.