-
Global-
Africa
-
Asia Pacific
-
Europe
-
Latin America
-
Middle East
-
North America
- |
- BUSINESSES
- |
- Contact
- |
-
Global
-
Africa
-
Asia Pacific
-
Europe
-
Latin America
-
Middle East
-
North America
- |
- BUSINESSES
- |
- Contact
- |
Privacy Statement
Trust is built on transparency. We strive to provide clear, straightforward information to you about our privacy practices. Our Privacy Statement explains our approach to privacy when we are the data controller and how to exercise your rights.
Data Processing Agreement
You trust us with your data, and we take protecting that data seriously. We include privacy commitments in our customer contracts and make securing your data our priority. Our DPA applies where we process personal data on behalf of customers.
Global Privacy Program
As a global organization, we have built a global privacy program to oversee our data protection strategy and its implementation to ensure compliance with applicable data protection regulations worldwide.
Privacy FAQs
Have additional questions? Review our Data Privacy FAQs for more information about commonly asked questions.
Product Security
Security reviews are automatically built into our software development lifecycle. Product Security Leaders are integrated into the product release process and work closely with our developers to enhance the security of our products
Policies and Standards
Honeywell implements global policies, standards and procedures covering security, while aligning to industry-standard compliance frameworks. We regularly review and update our security policies to evaluate risks and the effectiveness of controls.
Vulnerability Management
Honeywell systems are monitored for different security aspects, such as cyber attacks and vulnerabilities. We use various automated and manual tools to help identify vulnerabilities which are scored via the CVSS, then remedied by the relevant internal party.
Change Management
Honeywell’s change management process strives to ensure all changes are approved with minimal business impact. All changes, such as patches and applications, are run in a controlled manner, logged and assessed before implementation, then reviewed for impact.
Incident Response
Honeywell’s Security Operations Center (SOC) follows industry security practices and adheres to a defined cybersecurity incident-response policy for monitoring incidents. Our SOC maintains onsite, controlled chain-of-custody during evidence collection.
Product Security Incident Response Team (PSIRT)
PSIRT manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Honeywell products, including software, applications, hardware, devices, services and solutions.
Responsible AI Principles
We strive to hold ourselves accountable through robust AI governance, clear lines of responsibility and monitoring to help ensure continuous improvement. We expect our partners to do the same.
We seek to protect against unintended applications, access or harm associated with our use or provision of AI.
We aim to employ technology that produces appropriately consistent and accurate results and incorporates controls designed to help minimize disruptions.
We strive to treat people fairly and equitably from the design to implementation of AI, including seeking to identify and mitigate algorithmic bias.
We strive to safeguard individual confidentiality, autonomy, and control over the use and disclosure of Personal Data as feasible, appropriate and legally required and to protect Honeywell and third-party intellectual property and data rights.
We promote transparency in our design, function, description, and use of AI and endeavor to maximize explainability of AI decision-making when feasible and appropriate.
We are committed to reducing our environmental footprint, including supporting the environmentally and socially conscious use of AI.
| ORGANIZATION |
SCOPE |
CERTIFICATION |
Honeywell Connected Enterprise |
Honeywell Forge Performance+ (Platform) | SOC2 Type II |
Honeywell Connected Enterprise |
Honeywell Forge Performance+ (Platform) | CSA Star Level I |
Sine Group Pty Ltd |
Honeywell Forge Visitor and Contractor Management (formerly Sine) | SOC2 Type I |
Movilizer GmbH |
Honeywell Connected Logistics | ISO/IEC 27001:2013 ISO 9001:2015 |
Sparta Systems Inc. |
Honeywell Life Sciences Applications Suite | ISO 9001:2015 SOC2 Type II |
| TrackWise | ||
| TrackWise Digital | ||
Honeywell International Inc. |
Managed Security Services (Houston, TX) | ISO/IEC 20000-1:2018 ISO IEC 27001:2013 |
Honeywell Romania s.r.l. |
Managed Security Services (Bucharest, Romania) | ISO/IEC 20000-1:2018 ISO/IEC 27001:2013 |
Honeywell International Inc. |
Multiple Systems | ISO/IEC 27001:2022 |
Honeywell UK Limited |
Multiple Sites | Cyber Essentials Scheme Cyber Essentials Plus Scheme |
Tridium, Inc. |
Secure Software Development Lifecycle | IEC 62443-4-1 |
Honeywell Cyber Security |
Secure Software Development Lifecycle | IEC 62443-4-1 |
Honeywell Connected Enterprise |
Secure Software Development Lifecycle | IEC 62443-4-1 |
Honeywell Process Solutions |
Secure Software Development Lifecycle | IEC 62443-4-1 |
Honeywell Buildings Technology |
Secure Software Development Lifecycle | IEC 62443-4-1 |
Honeywell Specialty Chemicals Seelze GmbH |
Seelze, Germany | Trusted Information Security Assessment Exchange (TISAX) |
Some of Honeywell Forge cloud products are built on Microsoft Azure, Amazon Web Services or Salesforce Cloud. The cloud services maintain industry-leading compliance and security certifications such as Cloud Security Alliance (CSA) STAR, ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and FedRAMP.
Request a copy of our compliance reports using the form below.
Honeywell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. Additional privacy training is provided for specific job functions. We work hard to promote a positive culture of data protection compliance across our business.
Honeywell generally conducts privacy impact assessments to identify and manage privacy risks associated with new products and services.
Where the customer is the controller, Honeywell will redirect the data subject access request to the customer in accordance with our customer agreement. Honeywell will not respond directly to the data subject unless authorized by the customer to do so and mutually agreed between the parties. Where Honeywell is the controller, Honeywell will deal with the data subject access request in accordance with its policies and procedures.
Honeywell uses leading cloud service providers to host our applications. The data centers for Honeywell Forge are primarily located in the United States, but regional deployment models may be available for some products. Please contact your sales representatives for more information regarding in-region cloud hosting availability.
We use a range of tools and practices throughout our secure software development lifecycle where security is embedded into each phase to secure our products. Depending on the product risk profile, these may include threat modeling, security testing and vulnerability scanning. Our developers are trained to follow secure coding guidelines.
Source code reviews and security testing are conducted to identify potential system flaws, with the goal of mitigating risk, protecting data and maintaining intended systems functionality. Requirements of security testing may include confidentiality, integrity, authentication, availability, authorization and nonrepudiation. Actual requirements tested depend on the context of the security implemented by the system.
We use security design patterns based on Honeywell standards and industry best practices. Components included in our infrastructure, platform and applications are reviewed against these design patterns to identify problematic coding activities that could lead to vulnerabilities in our code.
Our policies require developers to use secure coding practices and conduct security testing, which are aligned with OWASP guidelines.
We use industry-leading cloud service providers who follow comprehensive physical security controls to limit access to authorized personnel. Our data center providers are audited by independent third-party auditors who report their findings via SOC 2 Type 2 reports.
Honeywell has a defined procedure for provisioning user access. All users have individual logins. We use role-based access to ensure staff only have access appropriate to their roles. We control access to our corporate applications through a single sign-on platform.
Honeywell uses commercially standard cryptography and security protocols to protect the confidentiality and integrity of customer data.
Cryptographic keys are managed according to defined policies and procedures. Duties are segregated to ensure an appropriate level of security controls.
We use commercially reasonable efforts to promptly apply security patches (including open source software) after potential vulnerabilities become known to us.
Logs associated with security events are aggregated and stored centrally and are monitored through Honeywell’s security operations center (SOC).
Incident response procedures exist for security and data protection incidents, which includes incident analysis, containment, response, remediation, reporting and the return to normal operations. We have an incident response capability which includes a Computer Incident Response Team (CIRT) with a formal process to respond to cyber attacks. Intrusions are logged, monitored and investigated. Incident response plans are maintained, updated and tested on an annual basis.
Yes, we adhere to our incident response procedures to ensure timely reporting of security breaches in compliance with applicable regulatory and contractual requirements.
Yes, we follow industry-leading security practices to enable logging and monitoring of security events through our security operations center (SOC) that helps detect data privacy-related incidents.
Yes, our development and operations teams follow a defined change management process while making configuration changes on applications and their underlying infrastructure platform to ensure all changes are approved and that there is minimal business impact. Changes are logged, assessed and authorized prior to implementation and reviewed against planned outcomes following implementation.
Vulnerability scans are conducted periodically with static code scans on every checked-in code change. Open source and container scans are performed on every build. Infrastructure resources are continuously scanned for vulnerabilities.
Honeywell follows a global resilience framework that includes conducting business impact analysis and maintaining business continuity plans. Honeywell periodically tests its business continuity and disaster recovery plans as per Honeywell’s Global Resilience framework.
Honeywell validates and approves usage of open source as part of the security requirements' definition and scans the source code using security tools to help identify and remediate known vulnerabilities.
Honeywell performs background checks as part of the recruitment process for employees and contractors, where allowed by local law and as reasonable for job roles.
Prior to engaging a third-party supplier, Honeywell reviews any proposed engagements and requires suppliers to provide evidence of their security practices. We require suppliers to comply with minimum security requirements, and these standards are incorporated into the supplier’s contract.
