Cybersecurity

Best practices, built into our solutions.

Overview

Safeguard Your Building Automation Systems.

Every day, new cyber threats emerge around the world. Although most businesses are quick to devote resources to IT cybersecurity, connected building automation systems often go under-protected or even overlooked altogether. Yet, they are increasingly a target of cyber attacks. The fact is, with the convenience of network-connectivity and remote access come inevitable security threats.

At Trane, we help protect you in the following ways:

Trane delivers industry-leading products and solutions that can be deployed securely
Out-of-the-box simplicity for complex cybersecurity features
Standard features simplify sales process, installation and maintenance

Isolation

Designing the BAS as a stand-alone entity that is separated from other business systems, isolated from the internet, and protected from unauthorized physical access.
Secure Access

Formalizing processes that provide secure on-site and remote access for employees and service providers.
Operation and Maintenance

Establishing (and sticking to) set protocols and maintaining a regular schedule of system and software maintenance to maintain security over the long term.

Our Approach

How do we handle cybersecurity?

Trane delivers industry-leading products and solutions that can be deployed securely. Each brings out-of-the-box simplicity to complex cybersecurity features while streamlining installation, onboarding and maintenance.

Secure Remote Access

Trane Secure Remote Connection seamlessly co-exists with existing infrastructure, so there's no need to create a firewall opening or establish a VPN connection. Trane BAS controllers are accessed via a web page, service tools, or phone app.
Secure Installation

Trane's Cellular Module establishes a remote and secure connection between the BAS controller and the Trane Cloud for anytime data collection when an IT network is unavailable.
Secure Products

Trane mitigates on-going risk on Tracer® SC+ site installations by providing proactive and routine cybersecurity audits through hardening reports and scans.
Continuous Development

Current and future Trane controls products in development will incorporate BACnet Secure Connect and other industry standards through a simple software update.

Standards and Compliance

At Trane, we take cyber threats very seriously by integrating cybersecurity best practices into our entire line-up of building automation systems. Our controls are designed to proactively provide protection against incidents using tools such as encryption, multiple layers of access control and authentication to protect your data. Read below to learn more about some of the compliance standards we have met and certifications our products have earned:

SOC 2 Type 2 Compliance

SOC 2 Type 2 Compliance is a 3rd party compliance audit focused on client data security. Trane products (Tracer® SC+, Symbio® 800, Tracer® TU, Tracer® Ensemble®, Trane Intelligent Services®, Trane® Connect®) are SOC 2 Type 2 Compliant. The report describes the Trane controls environment and external audit of Trane controls that meet the AICPA Trust Services Security Criteria.
BTL Certified

All Trane controls devices are BTL certified. This means that all the BACnet™ functionality provided in the device has been tested by an independent laboratory and has passed the set of standardized tests.
TX-RAMP Certification

The Texas Risk and Authorization Management Program (TX-RAMP) is a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. Trane’s cloud offerings (Tracer® Ensemble®, Trane® Connect® and Trane Intelligent Services®) are TX-RAMP certified.
ISA/IEC 62443-4-1 SDLA Certified

The ISASecure SDLA certifies compliance to IEC 62443-4-1 Security for industrial automation and control systems Part 4-1: secure product development lifecycle requirements (published as ANSI/ISA-62443-4-1). The certification attests that Trane’s product development lifecycle process has been evaluated under the ISASecure SDLA certification program and shown to meet the technical criteria. All Trane products comply with this certification.
CMMC Level 2 Certified

The Cybersecurity Maturity Model Certification (CMMC) is a U.S. Department of Defense (DoD) program designed to verify that DoD contractors have implemented sufficient cybersecurity controls to protect sensitive information, particularly Controlled Unclassified Information (CUI).

Best Practices

Stay ahead of cyber attacks.

Staying up to date on cybersecurity best practices and taking proactive steps to prevent breaches can help your company avoid incidents or at least minimize their impact. At Trane, we align our approach to cybersecurity with National Institute of Standards and Technology’s (NIST®) “Framework for Improving Critical Infrastructure Cybersecurity.”

Download Guide

Govern

Govern the product security program to define and oversee the organization’s cybersecurity risk management strategy, expectations, and policies.
Identify

Identify all the assets in your building (building automations systems / IoT devices equipped in the network). Assess your risks. Understand your organization's cybersecurity strengths and weaknesses.
Protect

Proactively act on your assessment and protect your assets. Implement safeguards to reduce risks such as preventative procedures, equipment/technology updates, staff training, etc.
Detect

Enact activities such as continuous asset and network monitoring to detect the occurrence of cybersecurity events as early as possible.
Respond

Develop a set of response planning and mitigation strategies. These might include efforts to contain or minimize impact, analysis, and assessment of the incident and its impact on the organization.
Recover

Outline recovery processes, business continuity procedures and best practices to ensure timely restoration of building systems or assets affected by cybersecurity events to return to normal operation quickly.