Certifying Cyber Security for Critical Infrastructure

Cyber security is the cornerstone of our work at GE Digital. Not only must we protect confidential GE data, but we must also secure our customers’ information. Companies across the globe entrust us to deliver software products and services that support the world’s critical electric utilities and telecommunications infrastructure. We cannot betray that trust. As part of our ongoing effort to be the leader in grid software with the latest cyber security best practices, GE Digital’s Grid Software recently achieved ISO/IEC 27001:2013 accreditation.

We’re proud to announce this globally recognized International Standards Organization (ISO) security standard certification for GE Digital’s Grid Software for locations in the United Kingdom, France, and United States. The accreditation demonstrates that GE Digital implements internationally recognized information security processes and best practices in our role as a trusted partner to help manage regulated, critical national infrastructure.

The ISO brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.  ISO-27001 is a framework of controls comprising key elements of established industry security standards (e.g. NIST). Lloyd’s Register, our accredited auditor, independently reviewed our information security program and awarded accreditation in February 2020.

What Accreditation Represents at GE Digital

According to the ISO, meeting the requirements for ISO/IEC 27001 “enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.”

The standards consolidate best practices to:

• Protect client and employee information
• Manage risks to information security effectively
• Achieve compliance with regulations such as the European Union General Data Protection Regulation (EU GDPR)

Specifying requirements for establishing, implementing, maintaining and continually improving an information security management system, and requiring assessment and a framework for treatment of information security risks, ISO-27001 affirms GE Digital’s ability to: Keep confidential information secure, Manage risk effectively, Exchange information securely, Comply with regulations, Provide competitive advantage, Deliver products and services consistently, and Protect assets and minimize risk exposure.

Culture of Security at GE

We recognize that organizations are required to adapt to rapidly evolving security requirements, including NATF CIP-013-1 implementation guidelines. These include transitioning employees to remote workers and remaining vigilant against adversaries who may seek to take advantage of the crisis.

Our ISO/IEC 27001:2013 accreditation helps to highlight GE Digital’s continued attention to managing both GE intellectual property and our customer’s data in strict accordance with our Information Security Management System. While many of our teams have transitioned to remote work, we have also optimized cybersecurity controls to reflect this new way of working.

GE Digital’s  Grid Software for utilities and telecom help utilities and the industry at large effectively manage electricity from the point of generation to the point of consumption, ensuring the reliability, efficiency and security of the grid. Our software solutions are focused on bringing together technologies and decades of expertise to help solve the toughest power system challenges, accelerating the global transition to a greener, more resilient and reliable grid.

Drawing on decades of experience, our more than 4,000 GE Digital employees in approximately 70 countries are building a culture of security. Our own efforts support our customers, owners and operators of mission-critical infrastructure, as they identify, assess, and manage cyber risk.

GE Digital is always identifying areas of improvement to align policy, business, and technological approaches to address cyber risks. This certification is just one more reminder of our ongoing efforts. Find out more about Cyber Security Solutions for Utilities and Telecom.