Security and privacy are important. We want to be transparent. Security and privacy are embedded into our operational culture and within our product and service offerings. Below are some key segments of our security and privacy focus at Rockwell Automation and additional information in relation to those segments.
Security Governance and Compliance
We believe confidentiality, integrity, availability, and safety are all important aspects of security. Security is embedded throughout our organization by aligning all business operations to an industry standard security governance framework. Regular framework alignment review allows us to monitor, measure, and adjust in order to keep up to date with environmental or regulatory change as necessary.
Privacy
We understand the complexity and the importance of privacy. Protection of your privacy and the privacy of personal information is an important element of our business operations. Our organization has established global policies and procedures that align with global regulations in order to successfully handle and protect privacy related information as necessary.
Product and Services Security
Security of industrial control systems is important especially as Operational Technology meets and communicates with traditional Information Technology environments. We have an industry certified secured software development lifecycle process in place in order to provide solutions designed with security in mind from the beginning to the end of the development stages. Design for security mentality, product updates and support, along with industrial security solutions all combine to help maintain a secure industrial environment.
Product Safety
Product safety at Rockwell Automation is a formal function in our Office of Product Safety & Security and reports to through the Chief Technology Officer. The Office of Product Safety and Security reviews all product safety-related incidents, tracks their management, and shares best practices within our company.
Our Product Safety management system consists of:
- Product safety managers at the corporate level, within the Office of Product Safety & Security
- A set of product safety company policies that govern the management system
- Product safety coordinators at product line and business unit levels
- Yearly employee training on product/service safety
Product safety is considered for the entire life cycle of the products including installation, operations, maintenance and end of life. Our approach integrates:
- A proactive process: Product safety risk is evaluated and documented for each product, whether new or as an update, during development. Unacceptable risks have to be mitigated by design.
- A reactive process: All product safety related incidents are analyzed by a product safety manager and a cross functional team to determine a mitigation plan. We monitor performance with targets defined for disclosure commensurate with the results of the incident analysis.
Our Chief Product Safety & Security Officer, who oversees the Office of Product Safety & Security, is ultimately responsible for the program. In the last fiscal year, we released seven public product safety advisories; corrective actions have been put into action for all inquiries.