Tridium Professional Services Profile | Niagara MarketPlace

ssa_badge_1.png Learn more about the SSA Certificate.
Contact
Rating
Products
Newest Products
About Us
Your team for Niagara knowledge and support! Tridium Professional Services has deep experience leveraging the unique strengths of Niagara to unlock disparate edge data. This opens infinite opportunities to architect IoT solutions that deliver operational efficiencies and tangible ROI’s for buildings and beyond. A sample of Tridium Professional Services: *Architect Niagara solutions for new adjacent markets *Niagara UI development using state of the art tools and design principles *Niagara application development *Niagara driver development *Develop specifications for standardized/secure/scalable Niagara solutions at large distributed enterprises *Partner with OEM’s to embed Niagara in their offerings *Niagara consulting and support for in-house development teams
Security Self-Assessment Q & A
Self assessment is to provide potential customers some peace of mind about the safety of software they purchase. Tridium does not perform any verification of answers to this questionnaire and the issuance of a self assessment security badge is based solely on the answers to these questions. Customers who would like additional assurances about the safety of a listing are encouraged to take additional steps to ensure safety.

Q. Do you document and perform quality and cybersecurity reviews and testing, including vulnerability scanning covering static, dynamic, and secure code testing using best practices prior to release?

A. Yes, we document the security review process, document the testing process and perform code analysis process.

Q. Do you warrant that products have been developed in accordance with principles of secure software development best practices such as OWASP, CSA & IEC62443 including security design review, secure coding practices, risk-based testing?

A. Not applicable. Our software is developed on the Niagara Framework provided APIs. We perform internal security review of the software and perform static code analysis.

Q. Do you perform audits or other reviews of your software to warrant that security controls are being implemented and operating effectively? If not, please explain.

A. Not applicable. Our software is developed on the Niagara Framework provided APIs. We perform internal security review of the software and perform static code analysis.

Q. Do you have a publicly documented process for managing security vulnerabilities in your application(s)? What is your process for managing and communicating security vulnerabilities in your application?

A. We follow internal process for security review & identifying vulnerabilities and mitigation strategy.

Q. If compliant on previous question, do you warrant that all vulnerabilities rated critical and high have been remediated before making your product available on the Niagara Marketplace?

A. Yes.

Q. Do you warrant you have removed unnecessary features, components, back doors, files, protocols, and ports from your software or product your are offering through the Niagara Marketplace? That is, does it weaken the Niagara Framework?

A. Tridium Professional Services product does not weaken the Niagara Framework.

Q. Do you have a formal change control and release management processes to manage code changes?

A. Yes.

Q. Do you perform Input Data Validation checks on your product to verify that the inputs (e.g., character set, length, numerical range, and acceptable values) match specified definitions for format and content to prevent injection attacks?

A. Yes.

Q. Do you monitor for known vulnerabilities from common sources such as OWASP, CVE, NVD, etc. and apply recommended patching to your product? Also, do you maintain an up-to-date security vulnerability management plan for all your software products?

A. Our product uses the standard Niagara Framework APIs and we conduct internal security review process.

Q. Are your products digitally signed?

A. Yes.

Q. Is the Open Source Software (OSS) appropriately licensed for use in your product to be offered on the Marketplace? If so, please provide a list of open source software (OSS) and versions utilized in your project.

A. Not Applicable. We do not use Open Source Software in our Tridium Professional Services product.

Q. Are all personnel required to sign Non-Disclosure Agreements (NDA) or Confidentiality Agreements (CA) as a condition of employment to protect customer information?

A. Not applicable. We’re part of Honeywell.

Q. Are all of your developers trained on secure SDLC practices?

A. Yes.

0
Average Rating (0)
0% positive feedback
0
Average Price Rating (0)
5 Star ()
4 Star ()
3 Star ()
2 Star ()
1 Star ()
0
Average Value Rating (0)
5 Star ()
4 Star ()
3 Star ()
2 Star ()
1 Star ()
0
Average Quality Rating (0)
5 Star ()
4 Star ()
3 Star ()
2 Star ()
1 Star ()