Skip to main content
GE Digital

GE Digital Compliance

Predix and GE Digital's industrial applications are developed with a secure-by-design mindset, and supported by cloud operations that adhere to the strictest industrial standards and latest best practices.

GE Digital industrial software engineers at work
Industrial app programmer using Predix Platform by GE Digital

Cloud and IOT Solutions for digital industrial applications

Predix and GE Digital's industrial applications help you operate industrial apps at the edge and in the cloud. GE Digital delivers some applications the Predix industrial platform which securely connect machines, data, and analytics to improve operational efficiency. 

Certifications

Industrial app programmers using Predix Platform by GE Digital

ISO 27001 Certification

The ISO 27017, 27018 and 27701 certifications for GE Digital's Predix and Proficy products are included under the master ISO 27001 certification. 

Engineer using GE Digital software

ISO 27001 Certification: Grid Solutions

This certificate covers our Power and Grid software.

Industrial app programmer using Predix Platform by GE Digital

Quality Management System

ISO 9001:2015

Global

ISO 27001:2013

Engineers using Predix Platform, Paas for the industrial monitoring and event management from GE Digital

International Organization for Standardization (ISO 27001:2013) is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Our ISO 27001:2013 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices.

 

Below you would be able to download the certification for Predix Platform, Asset Performance Management (APM), Manufacturing Data Cloud  (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.

 

The certifying agency is Schellman and Company.

 

Additionally, you would be able to download the certification for Power and GRID software as well.

The Certifying agency is Llyod's Registry.

 

    ISO 27017:2015

    Industrial maintenance operator using GE Digital software on mobile device for APM

    International Organization for Standardization (ISO 27017:2015) provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. GE Digital Predix' attestation to the ISO 27017:2015 guidance not only demonstrates our ongoing commitment to align with globally-recognized best practices, but also verifies that the GE Digital Predix platform solution has a system of highly precise controls in place that are specific to cloud services.

     

    This certification pertains to the GE Predix, Asset Performance Management (APM), Manufacturing Data Cloud  (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.

     

    The certifying agency is Schellman and Company.

     

    • To view the standard, click here.
    • To download the Predix ISO 27017 certification, click the link in the tile above.

     

      ISO 27018:2019

      feature-services-cyber-engineers-1792x1280.png

      International Organization for Standardization (ISO 27018:2019) is a code of practice that focuses on protection of personal data in the cloud. It is based on the ISO 27001 and 27002 standards. The alignment demonstrates to customers that the GE Digital Predix platform solution has a system of controls in place that specifically address the privacy protection of its content.

       

      This certification pertains to the GE Digital Predix, Asset Performance Management (APM), Manufacturing Data Cloud  (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.

       

      The certifying agency is Schellman and Company.

       

      • To view the standard, click here
      • To download the Predix ISO 27018 certification, click the link in the tile above.

       

        ISO 27701:2019

        Industrial maintenance engineers using GE Digital software

        International Organization for Standardization (ISO 27701:2019) is a code of practice that focuses on establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS).  It is based on the ISO 27001 and 27002 standards. The alignment demonstrates to customers that the GE Digital Predix platform solution has a system of controls in place that specifically address privacy information management.

         

        This certification pertains to the GE Digital Predix, Asset Performance Management (APM), Manufacturing Data Cloud  (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.

         

        The certifying agency is Schellman and Company.

         

        • To view the standard, click here
        • To download the Predix ISO 27701 certification, click the link in the tile above.

        ISO 9001:2015

        Industrial maintenance engineers using GE Digital software

        GE Digital legacy apps have undergone a systematic, independent examination of our quality system to determine whether the activities and activity outputs comply with International Organization for Standardization (ISO 9001:2015) requirements. A certifying agent found our QMS to comply with the requirements of ISO 9001 for the activities described in the scope of registration. This certification only pertains to the Embeded and On-premise software.

        The certifying agency is Schellman and Company.

         

        • To view the standard, click here.

         

          SOC 2

          Engineer in control room using IioT software | GE Digital

          Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Predix and GE Digital's industrial application solutions achieve key compliance controls and objectives.

           

          This certification pertains to the GE Digital Predix, Asset Performance Management (APM), Manufacturing Data Cloud  (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.

           

          • To view the SOC 2 Trust criteria, click here.
          • To request a copy of the GE Digital Predix SOC 2 report, click here, and the report will be sent to you electronically

           

           

            CSA

            food manufacturing engineer using GE Digital MES software

            Cloud Security Alliance Security, Trust, & Assurance Registry (CSA STAR) definitions, GE Digital Predix platform solution aligns with the CSA STAR Attestation and Certification via the determinations in our third party audits for SOC and ISO. The CSA STAR Level 2 Certification is based on ISO 27001:2013.

             

            • To view the Matrix, click here.
            • To View the GE Digital Predix CSA STAR Certificate, click here.

            United States

            FIPS

            Aviation illustration showing big data capture using GE Digital's industrial apps

            The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS 140-2 requirements, GE Digital Predix Virtual Private Cloud VPN endpoints and SSL terminations in Predix Cloud (AWS) operate using FIPS 140-2 validated cryptographic modules.

             

            • To view the standard, click here.

             

              HIPAA and HITECH

              Software engineer working on industrial IoT software | GE Digital

              HIPAA

               

              Predix and GE Digital's industrial application solutions enable covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure Predix environment to process, maintain, and store protected health information. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.

               

              • To view the standard, click here.
              • To request a copy of the GE Digital Predix HIPAA report, click here, and the report will be sent to you electronically.

               

              HITECH

               

              GE Digital Predix platform solution enables covered entities and their business associates subject to HIPAA to leverage the secure Predix environment to process, maintain, and store protected health information. HIPAA was expanded by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is Title XIII of the American Recovery and Reinvestment Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. These standards affect the use and disclosure of PHI by covered entities and their business associates. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.

               

              • To view the standard, click here.

               

                EC/ITAR

                Industrial software engineer | GE Digital

                As a part of managing a comprehensive Export Compliance/International Traffic in Arms Regulations (EC/ITAR) compliance program, US companies are subject to export regulations. Those companies must control unintended exports by restricting access to US persons and restricting the physical location of that data to within the US. The GE Digital Predix platform solution provides customers with the option to store their data in an export controlled cloud environment managed solely by US persons on US soil.​

                 

                • To view the standard, click here.
                • To request a copy of the GE Digital Predix EC-ITAR report, click here, and the report will be sent to you electronically.

                 

                  NIST

                  utility maintenance engineer using GE Digital software

                  Predix and GE Digital’s industrial application solutions are compliant with the   National Institute of Standards and Technology (NIST) compliant cloud infrastructure that meet the NIST 800-53 Rev. 4 controls.

                   

                  • To view the standard, click here.

                  Europe

                  General Data Protection Regulation (GDPR)

                  Engineer utilizing Predix Platform for cyber security asset safety

                  The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).  GE Digital is compliant with GDPR.

                   

                  • To view the standard, click here.