Disaster recovery for the production environment including local HA and a
secondary DR site with lower RTO & RPO is available at an added cost
Mobile Applications Security
The IBM
TRIRIGA SaaS offering provides no native mobile
applications. Instead we provide the TRIRIGA Perceptive
Applications. These are screen size aware HTML5 based applications, with offline data support,
accessible over HTTPS via the device browser.
CSP Certification
The IBM
TRIRIGA SaaS offering is ISO27001 and SOC2 certified.
Details and certificates available from our wiki: Security
Audit Assurance & Compliance
SOC2 report is available on request. IBM’s Product
Transformation Center (PTC) conducts “black box” penetration testing on Maximo® and TRIRIGA SaaS annually. An
executive summary report can be provided to customers on a per-request basis.
Secrets Management
All encryption keys are managed by the IBM SRE team
internally, except those for SFTP and OpenVPN accounts, which are provided to end customer(s). IBM SRE follows an established Key Lifecycle Management Security
Policy that is compliant with ITSS (IBM Corporate)
requirements and ISO standards 27001, 27017 and 27018. Key access is specified via a dedicated
access control group only accessible to SRE system admin and database admin teams. Segregation of
duties procedure is in place and monitored internally; specifics of the policy and procedures key
management are IBM Confidential.