Building the future starts with trust. Transparency and accountability help make that happen. Protecting your data and responsibly innovating with AI are core values at Honeywell. Learn more about our approach to privacy, security, AI governance and compliance below.
Building the future starts with trust. Transparency and accountability help make that happen. Protecting your data and responsibly innovating with AI are core values at Honeywell. Learn more about our approach to privacy, security, AI governance and compliance below.
Privacy Statement
Trust is built on transparency. We strive to provide clear, straightforward information to you about our privacy practices. Our Privacy Statement explains our approach to privacy when we are the data controller and how to exercise your rights.
Data Processing Agreement
You trust us with your data, and we take protecting that data seriously. We include privacy commitments in our customer contracts and make securing your data our priority. Our DPA applies where we process personal data on behalf of customers.
Global Privacy Program
As a global organization, we have built a global privacy program to oversee our data protection strategy and its implementation to ensure compliance with applicable data protection regulations worldwide.
Privacy FAQs
Have additional questions? Review our Data Privacy FAQs for more information about commonly asked questions.
Accountable
We strive to hold ourselves accountable through robust AI governance, clear lines of responsibility and monitoring to help ensure continuous improvement. We expect our partners to do the same.
Safe and Secure
We seek to protect against unintended applications, access or harm associated with our use or provision of AI.
Valid and Reliable
We aim to employ technology that produces appropriately consistent and accurate results and incorporates controls designed to help minimize disruptions.
Fair and Equitable
We strive to treat people fairly and equitably from the design to implementation of AI, including seeking to identify and mitigate algorithmic bias.
Privacy and Intellectual Property
We strive to safeguard individual confidentiality, autonomy, and control over the use and disclosure of Personal Data as feasible, appropriate and legally required and to protect Honeywell and third-party intellectual property and data rights.
Transparent and Explainable
We promote transparency in our design, function, description, and use of AI and endeavor to maximize explainability of AI decision-making when feasible and appropriate.
Sustainable
We are committed to reducing our environmental footprint, including supporting the environmentally and socially conscious use of AI.
| ORGANIZATION | SCOPE | CERTIFICATION |
|---|---|---|
| Honeywell International Inc. | Managed Security Services (Houston, TX) | ISO/IEC 20000-1:2018 ISOIEC 27001:2013 |
| Honeywell International Inc.’s | Honeywell Forge Performance+ (platform) Asset Performance Management Production Intelligence Honeywell Process Digital Twin Honeywell Process Technology Digital Services Predictive Maintenance Remote Building Manager Carbon and Energy Management Niagara Cloud Suite Honeywell Forge for Utilities | SOC2 Type II |
| Honeywell Connected Enterprise | Honeywell Forge Performance+ (Platform) | CSA Star Level I |
| Sine Group Pty Ltd | Honeywell Forge Visitor and Contractor Management (formerly Sine) | SOC2 Type I |
| Movilizer GmbH | Honeywell Connected Logistics | ISO/IEC 27001:2022 ISO 9001:2015 |
| Sparta Systems Inc. | Honeywell Life Sciences Applications Suite | ISO 9001:2015 SOC2 Type II |
| TrackWise | ||
| TrackWise Digital | ||
| Honeywell Romania s.r.l. | Managed Security Services (Bucharest, Romania) | ISO/IEC 20000-1:2018 ISO/IEC 27001:2013 |
| Honeywell International Inc. | Multiple Systems | ISO/IEC 27001:2022 |
| Honeywell UK Limited | Multiple Sites | Cyber Essentials Scheme Cyber Essentials Plus Scheme |
| Tridium, Inc. | Secure Software Development Lifecycle Niagara Cloud Suite | IEC 62443-4-1 ISO/IEC 27001:2022 |
| Honeywell Cyber Security | Secure Software Development Lifecycle | IEC 62443-4-1 |
| Honeywell Connected Enterprise | Secure Software Development Lifecycle | IEC 62443-4-1 |
| Honeywell Process Solutions | Secure Software Development Lifecycle | IEC 62443-4-1 |
| Building Automation | Secure Software Development Lifecycle | IEC 62443-4-1 |
| Honeywell Specialty Chemicals Seelze GmbH | Seelze, Germany | Trusted Information Security Assessment Exchange (TISAX) |
| Honeywell Security Americas, LLC (LenelS2) | Elements SaaS | SOC2 Type I |
Some of Honeywell Forge cloud products are built on Microsoft Azure, Amazon Web Services or Salesforce Cloud. The cloud services maintain industry-leading compliance and security certifications such as Cloud Security Alliance (CSA) STAR, ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and FedRAMP.
Request a copy of our compliance reports using the forms below.
| Products | Certificate |
|---|---|
| Action Management, Advanced Communication & Entertainment System (ACES), Aero Services and Connectivity - SaaS Airtime, AMI Operations Hub, BlueDiamond, Carbon & Energy Management (CEM), CCYB CyberSecurity+, Connected Life Safety Systems (CLSS), Counter UAS (C-UAS) Command & Control (C2), Cumulus, Cyber Insights & Cyber Watch, Cyber Services, Digital Insight Services, Digital Logbook, Digital Prime, Digital Prime Ecosystem, Digital Prime Twin, Digital System Insights, Digital Video Manager (DVM), EBI Cloud, Elements, Enabled Services, Voice Guided Work Solutions (GWS), VoiceConsole Cloud/SaaS, VRx | Honeywell ISO 27001 Certification for Information Security |
Honeywell’s annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. Additional privacy training is provided for specific job functions.
We work hard to promote a positive culture of data protection compliance across our business.
Honeywell generally conducts privacy impact assessments to identify and manage privacy risks associated with new products and services.
Where the customer is the controller, Honeywell will redirect the data subject access request to the customer in accordance with our customer agreement. Honeywell will not respond directly to the data subject unless authorized by the customer to do so and mutually agreed between the parties. Where Honeywell is the controller, Honeywell will deal with the data subject access request in accordance with its policies and procedures.
Honeywell uses leading cloud service providers to host our applications. The data centers for Honeywell Forge are primarily located in the United States, but regional deployment models may be available for some products. Please contact your sales representatives for more information regarding in-region cloud hosting availability.
We use a range of tools and practices throughout our secure software development lifecycle where security is embedded into each phase to secure our products. Depending on the product risk profile, these may include threat modeling, security testing and vulnerability scanning. Our developers are trained to follow secure coding guidelines.
Source code reviews and security testing are conducted to identify potential system flaws, with the goal of mitigating risk, protecting data and maintaining intended systems functionality. Requirements of security testing may include confidentiality, integrity, authentication, availability, authorization and nonrepudiation. Actual requirements tested depend on the context of the security implemented by the system.
We use security design patterns based on Honeywell standards and industry best practices. Components included in our infrastructure, platform and applications are reviewed against these design patterns to identify problematic coding activities that could lead to vulnerabilities in our code.
Our policies require developers to use secure coding practices and conduct security testing, which are aligned with OWASP guidelines.
We use established cloud service providers who follow physical security controls to limit access to authorized personnel. Our data center providers are audited by independent third-party auditors who report their findings via SOC 2 Type 2 reports.
Honeywell has a defined procedure for provisioning user access. All users have individual logins. We use role-based access to ensure staff only have access appropriate to their roles. We control access to our corporate applications through a single sign-on platform.
Honeywell uses commercially standard cryptography and security protocols to protect the confidentiality and integrity of customer data.
Cryptographic keys are managed according to defined policies and procedures. Duties are segregated to ensure an appropriate level of security controls.
We use commercially reasonable efforts to promptly apply security patches (including open-source software) after potential vulnerabilities become known to us.
Logs associated with security events are aggregated and stored centrally and are monitored through Honeywell’s security operations center (SOC).
Incident response procedures exist for security and data protection incidents, which includes incident analysis, containment, response, remediation, reporting and the return to normal operations. We have an incident response capability which includes a Computer Incident Response Team (CIRT) with a formal process to respond to cyberattacks. Intrusions are logged, monitored and investigated. Incident response plans are maintained, updated and tested on an annual basis.
Yes, we adhere to our incident response procedures to support timely reporting of security breaches consistent with applicable regulatory and contractual requirements.
Yes, we follow security practices aligned with industry standards to enable logging and monitoring of security events through our security operations center (SOC) that helps detect data privacy-related incidents.
Yes, our development and operations teams follow a defined change management process while making configuration changes on applications and their underlying infrastructure platform to ensure all changes are approved and that there is minimal business impact. Changes are logged, assessed and authorized prior to implementation and reviewed against planned outcomes following implementation.
Vulnerability scans are conducted periodically with static code scans on every checked-in code change. Open source and container scans are performed on every build. Infrastructure resources are continuously scanned for vulnerabilities.
Honeywell follows a global resilience framework that includes conducting business impact analysis and maintaining business continuity plans. Honeywell periodically tests its business continuity and disaster recovery plans as per Honeywell’s Global Resilience framework.
Honeywell validates and approves usage of open source as part of the security requirements' definition and scans the source code using security tools to help identify and remediate known vulnerabilities.
Honeywell performs background checks as part of the recruitment process for employees and contractors, where allowed by local law and as reasonable for job roles.
Prior to engaging a third-party supplier, Honeywell reviews any proposed engagements and requires suppliers to provide evidence of their security practices. We require suppliers to comply with minimum security requirements, and these standards are incorporated into the supplier’s contract.
