Product security processes - Johnson Controls - LIT-12013045 - Software Application - OpenBlue Central Utility Plant - v2024.Q1

OpenBlue Plant Optimizer Security and IT Guide

Johnson Controls
Product name
OpenBlue Central Utility Plant
Document type
Security and IT Guide
Document number

Johnson Controls performs internal vulnerability scanning of Plant Optimizer for each quarterly software release. We ensure all critical and high vulnerabilities are mitigated before we deploy software to a customer site. We also use a continuous improvement process to address medium and low vulnerabilities identified. Each product at Johnson Controls is required to identify a security champion responsible for compliance with cybersecurity, who has completed the required training and been approved by the Global Product Security team. The vulnerability scanning is performed by a security champion for each product and the Design for Security report is reviewed and approved by the Global Product Security governance team.

Johnson Controls also performs penetration testing on cloud-based software as a service (SaaS) products such as Plant Simulator. The penetration testing is performed by the Global Product Security Engineering and Innovation Services center of excellence, a team of highly experienced product security engineers.

Johnson Controls has a detailed action plan and governance process in place for Product Security Incident Response, including customer notification. The customer IT point of contact and contracting officer is notified immediately if Johnson Controls discovered a security breach while servicing or monitoring the customer’s on-premises software.

Software Terms

Use of the software in this product or access to the hosted services (including SaaS and PaaS) applicable to this product, if any, is subject to applicable terms set forth at . Your use of this product constitutes an agreement to such terms. If you do not agree to be bound by such terms, you may return the unused product to your place of purchase.