Thanks to decades of domain experience, GE understands that security and compliance go hand in hand. So much so, in fact, that it developed Predix Platform. A distributed application and services platform, Predix not only provides a standard way for customers to build applications that power Internet-connected industrial machinery, but it does so while prioritizing security, regulatory compliance, and data governance.
Also thanks to long experience, GE is familiar with the unique security control frameworks of a wide variety of industries, inclusive of the Federal Aviation Administration (FAA) to regulate aviation, the North American Electric Reliability Corporation (NERC) to oversee power systems, HIPAA to safeguard medical information, and many more. Though each framework bears a different name and uses a slightly modified language, together they all share a common foundation for securing operational infrastructure—a foundation based on the ISO 27001/27002, NIST, SOC, IEC 62443, and CSA-CCM family of standards.
In addition to providing several layers of security around data protection, access control, and privacy, Predix Platform has adopted ISO 27001/27002 and CSA-CCM to help build a security governance and controls framework that consists of four key pillars:
Policies: Policies are considered the constitution of security governance and provide high-level statements of management intent, expectation, and direction.
Standards: In this context, standards are the metrics and allowable boundaries used to determine whether procedures, processes, or systems meet policy requirements.
Processes: Processes define and ensure adherence to security and compliance requirements, define ownership and stewardship, and align roles and responsibilities.
Technology: Technology supports provisions within standards and facilitates processes by leveraging capabilities like multi-tenancy, boundary defense, encryption of data at rest and during transfer, and simplified provisioning and policy enforcement.