ISO 27000 Information Security Management
The certificate encompasses ISO 27001, 27017, 27018, and 27701 certification for GE Digital’s cloud platform and software applications.
GE Digital Compliance
GE Digital's industrial applications are developed with a secure-by-design mindset, and supported by software development and cloud operations that adhere to industrial standards and best practices.
Technology for digital industrial applications
GE Digital's industrial applications help you operate industrial apps in your environment or in the cloud. GE Digital delivers applications that securely connect people, machines, data, and analytics to improve operational efficiency.
Certifications
International Organization for Standardization is a test for security management best practices and comprehensive security controls
ISO 9001 Quality Management System
The certificate encompasses GE Digital’s quality management for the cloud platform and software applications.
Global
ISO 27001:2013
International Organization for Standardization (ISO 27001:2013) is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Our ISO 27001:2013 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices.
Below you would be able to download the certification for Predix Platform, Asset Performance Management (APM), Proficy Manufacturing Data Cloud (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.
The certifying agency is Schellman and Company.
ISO 27017:2015
International Organization for Standardization (ISO 27017:2015) provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. GE Digital Predix' attestation to the ISO 27017:2015 guidance not only demonstrates our ongoing commitment to align with globally-recognized best practices, but also verifies that the GE Digital Predix platform solution has a system of highly precise controls in place that are specific to cloud services.
This certification pertains to the GE Predix, Asset Performance Management (APM), Proficy Manufacturing Data Cloud (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.
The certifying agency is Schellman and Company.
- To view the standard, click here.
ISO 27018:2019
International Organization for Standardization (ISO 27018:2019) is a code of practice that focuses on protection of personal data in the cloud. It is based on the ISO 27001 and 27002 standards. The alignment demonstrates to customers that the GE Digital Predix platform solution has a system of controls in place that specifically address the privacy protection of its content.
This certification pertains to the GE Digital Predix, Asset Performance Management (APM), Proficy Manufacturing Data Cloud (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.
The certifying agency is Schellman and Company.
- To view the standard, click here
ISO 27701:2019
International Organization for Standardization (ISO 27701:2019) is a code of practice that focuses on establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS). It is based on the ISO 27001 and 27002 standards. The alignment demonstrates to customers that the GE Digital Predix platform solution has a system of controls in place that specifically address privacy information management.
This certification pertains to the GE Digital Predix, Asset Performance Management (APM), Proficy Manufacturing Data Cloud (MDC), Operations Performance Management (OPM), Manufacturing, and Automation applications, related infrastructure and technology operations.
The certifying agency is Schellman and Company.
- To view the standard, click here
ISO 9001:2015
GE Digital legacy apps have undergone a systematic, independent examination of our quality system to determine whether the activities and activity outputs comply with International Organization for Standardization (ISO 9001:2015) requirements. A certifying agent found our QMS to comply with the requirements of ISO 9001 for the activities described in the scope of registration. This certification only pertains to the Embeded and On-premise software.
The certifying agency is Schellman and Company.
- To view the standard, click here.
United States
FIPS
The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS 140-2 requirements, GE Digital Predix Virtual Private Cloud VPN endpoints and SSL terminations in Predix Cloud (AWS) operate using FIPS 140-2 validated cryptographic modules.
- To view the standard, click here.
HIPAA and HITECH
HIPAA
Predix and GE Digital's industrial application solutions enable covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure Predix environment to process, maintain, and store protected health information. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
- To view the standard, click here.
- To request a copy of the GE Digital Predix HIPAA report, click here, and the report will be sent to you electronically.
HITECH
GE Digital Predix platform solution enables covered entities and their business associates subject to HIPAA to leverage the secure Predix environment to process, maintain, and store protected health information. HIPAA was expanded by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is Title XIII of the American Recovery and Reinvestment Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. These standards affect the use and disclosure of PHI by covered entities and their business associates. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
- To view the standard, click here.
EC/ITAR
As a part of managing a comprehensive Export Compliance/International Traffic in Arms Regulations (EC/ITAR) compliance program, US companies are subject to export regulations. Those companies must control unintended exports by restricting access to US persons and restricting the physical location of that data to within the US. The GE Digital Predix platform solution provides customers with the option to store their data in an export controlled cloud environment managed solely by US persons on US soil.
- To view the standard, click here.
- To request a copy of the GE Digital Predix EC-ITAR report, click here, and the report will be sent to you electronically.
Europe
General Data Protection Regulation (GDPR)
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). GE Digital is compliant with GDPR.
- To view the standard, click here.
Contact us
Want to understand how GE Digital Industrial Applications and Predix can help your operations?