ServiceMax Trust Center

Trust is earned


The ServiceMax Trust Center provides the assurance and confidence you need around security, privacy, availability, and compliance.

Our security imperatives

Security-first mindset

ServiceMax adheres to the concept of “Secure by Design.” Every new product and new release, as well as new internal processes, procedures, and technology adoptions, go through secure design considerations and threat analysis to ensure security before deployment.

ServiceMax adheres to the concept of “Secure by Design.” Every new product and new release, as well as new internal processes, procedures, and technology adoptions, go through secure design considerations and threat analysis to ensure security before deployment.

Defense in depth

ServiceMax is designed for “defense in depth” across infrastructure, platform, software, and communication layers to deliver positive digital industrial outcomes.

ServiceMax is designed for “defense in depth” across infrastructure, platform, software, and communication layers to deliver positive digital industrial outcomes.

Resiliency

ServiceMax strives to continuously monitor for anomalies across its security and operations environments. Continuous, proactive testing and the ability to respond and recover quickly ensures minimal disruption.

ServiceMax strives to continuously monitor for anomalies across its security and operations environments. Continuous, proactive testing and the ability to respond and recover quickly ensures minimal disruption.

ServiceMax security and resiliency

Cybersecurity

ServiceMax strives to meet the most stringent security and compliance requirements, so you can easily adopt the right products that deliver positive outcomes for your asset-centric business. From the asset in a customer’s site, the technician executing a work order, and the dispatcher in the enterprise, ServiceMax securely facilitates the serviceability of those assets. As digital industrial companies evolve, optimizing operations requires complete, valid, unimpeded, and, above all else, secure data.

Advanced and persistent threats have been targeting cloud and connected and nonconnected assets. With ServiceMax, you can rest assured that the transmission of data, as well as the data that resides in our cloud, is protected. By building security into the design of our products, we have ensured that you can connect with confidence, knowing that your data, processes, and outcomes are delivered in a resilient environment.

Data security

ServiceMax employs asset and data classification guidelines to ensure your security needs and priorities receive the right level of protection. ServiceMax protects your data by maintaining strict isolation between production and development environments. Depending on the product being consumed, some level of control may be passed along to you given the cloud security shared responsibility model. Security policies at multiple layers are applied to limit access to ServiceMax workforce members who possess a legitimate business need for such access. Additionally, data is de-identified where needed and transmitted in encrypted form using transport layer security (TLS). Encryption keys are then protected.

Product security (Secure by Design)

At ServiceMax, product security is fundamentally about protecting the applications and services that we build, along with the supporting platform and ecosystem that stores and processes your sensitive data. The concept of “Secure by Design” is ingrained in our engineering practices. Our secure development lifecycle (SDL) framework serves during the development process to secure applications and services. 

Following SDL empowers our engineering teams to:

  1. apply the appropriate architecture and design
  2. understand threats and choose the right controls for protection
  3. conduct proper security testing
  4. remediate vulnerabilities before production deployment

Infrastructure and platform security

ServiceMax employs industry-leading technical controls at the infrastructure and platform layers to ensure threat mitigation capabilities meet stringent requirements and are highly effective. ServiceMax understands that isolating environments is key to reducing blast radius and, therefore, risk to customers. We leverage virtualization technologies at specific layers to ensure that application runtimes are separated from the operational and control elements in the network. This separation allows the user and application interactions to be monitored from the specific application instance and user, in and out of the internet, and through all the services. ServiceMax regularly audits its network security posture and specific technologies to verify they are compliant with policies and technical standards and has implemented penetration testing procedures to further validate effectiveness of the applied controls.

Managing identity and access

At ServiceMax, we believe security starts with establishing identities of things for objects of interest—including people, devices, applications, and data—defining relationships for those objects and enforcing appropriate controls for how these identities access resources. ServiceMax applies this mindset to how we build our products, secure data, and manage customers. ServiceMax, therefore, supports sophisticated mechanisms to prove identities, create roles across the ecosystem, and effectively authenticate and authorize access, while privileged accounts are further contained and managed.

Encryption and key management

Reliable encryption ensures that data is secure at rest and in transit. ServiceMax encrypts at different layers based on the product, to ensure that data is exposed on a need-to-know basis. ServiceMax supports key management systems, and public and private key infrastructures to effectively protect and manage keys and certificates. Application and service accounts are vaulted to further protect them from illegitimate access.

Endpoint security

End user devices are protected by several layers of controls to ensure that the work that is conducted via these devices is done so in a safe and secure fashion. Controls, such as endpoint threat detection, mitigation and response, malicious website protection, and proper patching, are maintained so that the end user has a safe experience. Similarly, cloud endpoints that support ServiceMax products are built using secure configurations, undergo effective vulnerability management, and protected via cloud endpoint threat detection, mitigation, and response tools.

Cyber resiliency

ServiceMax’s focus on cyber resilience is part of a broader approach to digital risk management. The goal is not only to detect and respond to cyberattacks, but also to ensure that the enterprise is able to survive and recover quickly following an attack. Furthermore, the approach consists of holistically looking at internal processes, procedures, and technical implementations that, if not managed appropriately, can impact confidentiality, integrity, availability, privacy, and security. To that end, any ServiceMax program that can systematically cause disruption to our customers falls within this umbrella. The program consists of subprograms pertaining to managing deficiencies across the enterprise and products, operational and security incident response, business continuity, and disaster recovery, as continuous assessments. Cyber resilience, therefore, is one of ServiceMax’s core imperatives and one that is continuously measured and improved upon.

Incident response

ServiceMax continuously monitors its environment for anomalies and suspicious events that may require incident response. ServiceMax’s Incident Response Program, includes on-going training, tabletop exercises, pen testing, vulnerability management, and threat intelligence, which come together to ensure the program has all the required touchpoints in order to address a potential incident and recover quickly. ServiceMax incident responders handle end-to-end coordination with stakeholders for swift deterministic notification, investigation, forensics, and closeout.

Vulnerability and configuration management

At ServiceMax, the Vulnerability Management Program exceeds industry standards with a disciplined and pragmatic approach. The program identifies vulnerabilities that may affect the platform and performs rapid remediation and mitigation to reduce other exposure to such vulnerabilities. The program maintains a network of recognized security researchers dedicated to continually evaluating the platform for vulnerabilities and identifying potential threats. The integration between the cyber research team and vulnerability management functions enables the rapid and focused remediation of critical issues to ensure that the platform is secure.

Continuous assessment

The cornerstone of a successful cyber resilience program is stress testing the environment to identify weaknesses and address them quickly. ServiceMax products and services undergo ongoing penetration testing to identify areas where business risk may exist. Considering attack vectors, a highly specialized team of researchers and pen testers carry out test scenarios, and a process is put in place to address any findings quickly. This continuous level of assessment provides the validation required for ServiceMax to instill confidence in our customers that products and services are highly resilient to cyberattacks.

Business continuity and disaster recovery

Beyond security, ServiceMax also considers business continuity (BC) and disaster recovery (DR) as critical elements of its business operations. Much like data breaches and other security incidents, adverse events ranging from technical issues and natural disasters to mechanical failure or human error can disrupt customers and their ability to continue with their digital transformation journey. As a result, ServiceMax has a proactive BC/DR strategy that will ensure its product and services stay up and running in the event that certain elements are unavailable for any length of time. The associated processes and procedures supporting BC/DR are tested regularly in order to ensure their effectiveness. There are three main elements to the ServiceMax BCP/DRP: conducting an asset business impact analysis, a recovery strategy, and plan considerations. Leveraging industry-standard procedures, ServiceMax ensures that its BCP/DRP can successfully support one of its core imperatives—cyber resiliency.

System and service status

ServiceMax provides up-to-date information at your fingertips with transparency around service performance and availability to enable customers to monitor their own operations that rely on our services.

ServiceMax publishes the most up-to-the-minute information on service availability and performance on our status website.

Learn more by visiting support

Cloud security shared responsibility model

With the adoption of SaaS solutions, such as ServiceMax, the responsibility for managing access, securing data, applications, and infrastructure falls less into the hands of the enterprise and more into the hands of the service provider. However, regardless of the platform used, the enterprise will always be responsible for some elements of security such as access control, data security, etc. Understanding this concept is even more important for customers who subscribe to the ServiceMax Field Service Management product suite that sits on the Salesforce platform, given Salesforce’s responsibility for the infrastructure and platform.

The following models will outline where the responsibilities lie for IaaS, PaaS, and SaaS providers (in this case, ServiceMax) relative to that of the customer.

Shared responsibility model—AWS-based products

ServiceMax products running on AWS public cloud typically have three layers of shared responsibility—AWS, ServiceMax, and the ServiceMax customer. Each entity is responsible for different layers, given the nature of public cloud visibility and access levels, as well as contractual obligations.

Shared responsibility model—SFDC-based products

ServiceMax’s Packaged Field Service Management suite of products that run on the customer’s Salesforce org have a different shared responsibility model than infrastructure provided by public cloud. In this scenario, Salesforce provides all the platform services starting with infrastructure and up. The ServiceMax customer then implements FSM within their organization and can configure per their security requirements.

The cybersecurity and resiliency cycle

We believe that cybersecurity and resiliency go hand in hand. One is a more proactive approach, while the other ensures the organization can react and recover quickly. Both are critical to our customers’ success on our platform.

Controls and compliance

  • Prioritize security/compliance controls implementation
  • Facilitate building confidence amongst customers and partners

Secure design

  • Incident data feedback to updated controls selection
  • Ensure security, compliance, and privacy controls are built into products and platform—concept of “Secure by Design”
  • Results in updated secure development lifecycle requirements to improve products

Security assessments and remediation

  • Robust program to identify, prioritize, and remediate product defects and vulnerabilities using a risk-based approach
  • Reduction in security technical debt due to tight configuration management
  • Continuous penetration testing

Incident response

  • 24/7/365 monitoring for anomalies
  • Taking quick action to contain, eradicate, recover, and remediate incidents
  • Continuous testing and improvement of IR procedures

Incident and vulnerability reporting

Report any ServiceMax incidents or vulnerabilities.

Learn More
overlaycontent