...
IBM Maximo and TRIRIGA SaaS environments are ISO-27001 certified. This certificate is publicly available and can be viewed / downloaded via the link below.
ISO-27001:
https://www.ibm.com/downloads/cas/EEO0NVLKIndustry and Regulatory Compliance
Details regarding specific Industry and Regulatory compliance can be found in the IBM Enterprise & Technology Security Community (this is accessible to IBMers only)All IBM Maximo and TRIRIGA SaaS servers are hardened using Center for Internet Security (CIS) Benchmarks. For further details, please visit:
https://www.cisecurity.org/cis-benchmarks/An IBM SaaS-wide central health checking service is used to automatically maintain baseline (hardened) configurations of systems against standard IBM policy.
IBM Maximo and TRIRIGA SaaS development follow IBM Secure Engineering practices for application development. IBM Secure Engineering is outlined publicly at the following link:
https://www.ibm.com/security/secure-engineering/index.htmlIBM Maximo and TRIRIGA developers are required to follow secure coding practices, and complete education in the SANS top 25 and OWASP top 10. In addition, static (source) and web application scanning using IBM (HCL) AppScan product suite must be performed. These products check for SANS Top 25 and OWASP top 10 issues. Any vulnerabilities found by these scans must be resolved before product release or submitted through IBM's Product Security Incident Response Team (PSIRT) process for resolution via defect (IBM Authorized Program Analysis Report or APAR)
IBM Maximo and TRIRIGA development uses Rational Team Concert for development (management of tasks, stories, epics, version control, test management, etc) Selenium and TestNG for test automation, Jenkins for deployment automation, and Rational Performance Tester (RPT) for performance load testing.
IBM Maximo Software Development Life Cycle (SDLC):
https://www.ibm.com/support/pages/ibm-maximo-software-development-life-cycle
IRAP assessment for IBM Cloud
TRIRIGA SaaS is provisioned in IBM Cloud , which was validated by an IRAP assessment completed in 2023.
Data Security & Privacy (DS&P)
...