Tekla Trust Center

Trimble通过提供连接物理世界和数字世界的产品和服务,正在改变世界的工作方式。

 

Tekla的产品和服务建立在信任的基础上。在Tekla Trust Center,您可以了解我们实施的技术和组织方法,以确保您可以依赖我们的解决方案。您还可以找到有关我们遵守法律和行业最佳做法的信息。

下载更多信息:
网络安全白皮书 

阅读知悉更多 cookies :
Cookie notice

担心网络安全?
联系我们

Security
We have clear processes to ensure security of our products and services, and we respond immediately to incidents.

Compliance
We use industry standards to ensure consistency and quality in all products and services.

Privacy
We make sure your personal data is safe with us, in our services as well as with our service providers.

Infrastructure
We build solutions using high standards according to best industry practices on top of best-in-class cloud infrastructure.

Availability
We prevent security incidents and downtime by constantly monitoring the security and performance of our services.

Cookie notice
We have a transparent cookie notice. You can control the cookies you encounter on our websites.

 

Access control

The number of people who can access the customer data in Tekla services is limited. Only authorized Trimble personnel have administrative access when there is a need to provide e.g. support to the customer.

Tekla products and services are designed to be administered by our customers. Tekla Online Admin tool allows you to retain control over your data and you can decide what kind of access rights are given within your own organization.

Incident management

Trimble has set up practices for incident management to ensure that all incidents are handled efficiently. Regarding all of our services and products we maintain incident response plans that include instructions on handling security incidents, including defined responsibilities, technical steps to take, and how to mitigate issues.

Disaster recovery

Tekla services have disaster recovery plans that detail how the service can be brought up again in the event of partial or total loss. The plans ensure that acceptable service levels can be maintained even if something unexpected happens.

Secure DevOps

Trimble’s dedicated 24*7*365 DevOps team makes sure you can access Tekla Online services whenever you need, and the services are running like expected. The team also manages the security so that you can focus on using our products safely. Read more on our processes under Compliance.

Compliance and best practices

In Trimble, we include security throughout the whole development lifecycle. We utilize industry standards wherever possible to ensure consistency and best practices across the organization and in all the products and services we deliver.

Trimble Secure Development Life Cycle

Within the Trimble Secure Development Life Cycle (TSDLC) framework, we ensure that security is embedded and operationalized continuously so that our deliverables will meet consistent security levels.

Equally important, we monitor and manage the infrastructure and environments in which our solutions are deployed. This includes identity and access management, vulnerability management and intrusion detection solutions on our networks and systems. This complemented with appropriate incident response, work together to ensure security for our customer solutions.

Within the Trimble Secure Development Life Cycle framework, we review our cloud infrastructure and processes according to industry best practices. We are continuously executing 24x7 security monitoring, vulnerability scanning and intrusion detection, dynamic  and static analysis as well as open source analysis of our solutions. We perform application security assessments both ourselves and by utilizing 3rd party security experts.

Cyber security awareness

A prerequisite for developing secure solutions is understanding the threat landscape in which the solution is operating. In Trimble, threat modeling is one of the core guiding principles when we are designing and developing our solutions.

Within Trimble, we constantly update our knowledge about cyber security topics and share the awareness about cyber security threats among all parties responsible for managing and developing our solutions. As a baseline, all employees are required to attend mandatory cyber security training sessions. Solution architects and developers are required to attend specialized cyber security training sessions addressing threats specific to the solution they are responsible for.

Your privacy is important to us

Trimble is dedicated to comply with relevant global data protection legislation as well as with other good privacy practices.

Tekla products and Online services aim to minimize the personal data collected about the user. You can find Tekla product or service specific information on what personal data is exactly collected in our Security white papers.

Data created by the users is owned by the users even when stored in Tekla products and Online services. Any exceptions to this rule are described in service specific terms.

EU/EEA residents

Our general principles about collecting and using personal data of EU/EEA residents are described in our Privacy Notice. If we need to transfer data outside the EU/EEA, we follow appropriate GDPR based data transfer mechanisms like EU standard contractual clauses.

 

 

California residents

Our Privacy Notice describes how we collect and handle personal information of California residents. Trimble does not share or sell the personal information we collect about you to other parties unless necessary to provide you our services. We are dedicated to comply with other CCPA legislation as well.

 

 

We use reliable partners

We use service providers to support us with e.g. marketing, market research, sales, communications, organizing events, software development, localization, consulting, analytics, license compliance, security, IT maintenance and hosting, and finance.

We require from our partners the same strict privacy and security standards to which we hold ourselves.  We have entered into data protection agreements with all our service providers who process your personal data on behalf of us.

We have chosen Amazon Web Services (AWS) and Microsoft Azure cloud infrastructure for hosting solutions online.

Amazon Web Services

Amazon Web Services (AWS), the world’s leader in cloud infrastructure, is designed to deliver a flexible, reliable, scalable, and secure cloud computing environment with a high quality global network performance.

AWS provides secured data centers all around the world. You can find up-to-date information on the AWS global infrastructure here. AWS data centers are protected from unauthorized physical access and environmental hazards by a range of security controls.

You can find more information about AWS data centers and physical security here.

Microsoft Azure

Microsoft Azure cloud infrastructure is designed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resilience options for customers. You can find up-to-date information on the Microsoft Azure global infrastructure here.

Microsoft data centers are designed and operated in a way that strictly controls all physical access to the areas where customer data is stored. The extensive layers of protection include, for example, access request and approval, security checkpoints at each facility and screening of anyone entering the facilities.

You can find more information about Azure data centers and physical security here.

Cloud security

Cloud and data security is a shared responsibility between the cloud infrastructure provider and the client utilizing the cloud solution. In our case, it means that we trust Amazon Web Services and Microsoft Azure to manage the security of the cloud infrastructure and we are responsible for the security in the cloud environment.

In Trimble, we ensure infrastructure security and high availability of our cloud solutions by implementing and applying industry best practices to the infrastructure. This includes hardened Linux hosts with automatic patching, isolated VPC, data encryption, role-based access control and security groups. Whenever possible we utilize managed services like AWS Shield and AWS WAF protection. We have 24x7 SOC teams for monitoring alerts in our solutions.

You can read more about cloud security in AWS Whitepapers & Guides and Azure Security white papers.

Availability of Tekla Online services

In Trimble, our goal is to continuously deliver highly available, scalable and secure products and services which you can rely on when you are doing your daily work.

Tekla products and services are integrated with other Trimble products and in many cases, our customers are working with several products at the same time.

For us, this means that we ensure the availability of critical services first and take care of possible service-specific issues later. We are constantly monitoring the performance of our services in order to prevent possible incidents.

 

You can at all times check the status of Trimble and Tekla products and services here:

Please subscribe to status updates in order to always stay informed in case an incident would occur.

If you experience an outage when using Tekla products and services, and our status pages are not indicating any incidents, please let your local Tekla reseller know about the issue.

Historical data

We have provided reliable, resilient, secure and scalable cloud solutions to our customers for years and even though historical data is not guaranteeing future success, it provides valuable insight on how we have been performing.

You can at any time check the availability and possible incidents in our solutions for the past 90 days on the public status page.