Versions Compared

Old Version 89

changes.mady.by.user CDS Administrator

Saved on

compared with

New Version Current

changes.mady.by.user Pedro Ivo Echeverria

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • IBM Maximo and TRIRIGA SaaS environments are ISO-27001 certified. This certificate is publicly available and can be viewed / downloaded via the link below.
    ISO-27001:
    https://www.ibm.com/downloads/cas/EEO0NVLK

  • Industry and Regulatory Compliance
    Details regarding specific Industry and Regulatory compliance can be found in the IBM Enterprise & Technology Security Community (this is accessible to IBMers only)

  • All IBM Maximo and TRIRIGA SaaS servers are hardened using Center for Internet Security (CIS) Benchmarks. For further details, please visit:
    https://www.cisecurity.org/cis-benchmarks/

  • An IBM SaaS-wide central health checking service is used to automatically maintain baseline (hardened) configurations of systems against standard IBM policy.

  • IBM Maximo and TRIRIGA SaaS development follow IBM Secure Engineering practices for application development. IBM Secure Engineering is outlined publicly at the following link:
    https://www.ibm.com/security/secure-engineering/index.html

  • IBM Maximo and TRIRIGA developers are required to follow secure coding practices, and complete education in the SANS top 25 and OWASP top 10. In addition, static (source) and web application scanning using IBM (HCL) AppScan product suite must be performed. These products check for SANS Top 25 and OWASP top 10 issues. Any vulnerabilities found by these scans must be resolved before product release or submitted through IBM's Product Security Incident Response Team (PSIRT) process for resolution via defect (IBM Authorized Program Analysis Report or APAR)

  • IBM Maximo and TRIRIGA development uses Rational Team Concert for development (management of tasks, stories, epics, version control, test management, etc) Selenium and TestNG for test automation, Jenkins for deployment automation, and Rational Performance Tester (RPT) for performance load testing.

  • IBM Maximo Software Development Life Cycle (SDLC):
    https://www.ibm.com/support/pages/ibm-maximo-software-development-life-cycle

IRAP assessment for IBM Cloud

  • TRIRIGA SaaS is provisioned in IBM Cloud , which was validated by an IRAP assessment completed in 2023.

Data Security & Privacy (DS&P)

...