ServiceMax from GE Digital

Security Certification for Technology Partners

Technology Alliance Agreement for Certified Partners

Security Certification

Certified Partner agrees to maintain compliance with GE Digital security and integration requirements related to their 3rd party applications and the ServiceMax applications. These specifications and requirements cover general and specific security requirements included in the Certified Partner Certification Tests and are published in the Technology Alliance Certified Partner Security Certification Requirements document provided in the ServiceMax Certification Resource Center.

Certified Partner Security Certification Requirements - General Requirements

  • Please attach a high level diagram of the physical architecture of your firm's Application Servers(s), Network, and proposed integration points to ServiceMax applications.
  • How is the applications and related data center and application secured? 
  • What audits are conducted against the site? how often? Please list certifications received.
  • Can the application authenticate against a local Active Directory, LDAP, SSO model? How?
  • Which kind of features do you provide for securing the access to your solution? (SSL etc). Does this approach apply to redundant application data centers?
  • How do you ensure that client's data is secured and can not be used by others? Indicate any related encryption approaches for partner's data and if separate from encryption of ServiceMax data.
  • Do you have any security related certificates (e.g. PCI DSS, etc,)
  • How do you comply with the European Union Data Privacy regulation?
  • What kind of techniques are in place to address external security attacks/threats? 

Certified Partner Security Certification Requirements - Security Certification Tests

Mobile Application Requirements

  • OS - OS version up to latest version and patches for malware, viruses
  • Use of Secure https:// login schema
  • Partner 3rd party app must be whitelisted in ServiceMax app whitelist to meet SFDC 3rd party app callout security processes
  • Partner 3rd party app encryption of ServiceMax data inside 3rd party app and Partner servers
    • Recommend separate encryption for ServiceMax data separate from existing Partner server and 3rd party app encryption
  • Mobile direct app to app integration to follow ServiceMax defined processes enabled in Sum'17 and beyond

Server Application Requirements

  • OS - OS version up to latest version and patches for malware, viruses
  • Use of Secure https:// login schema
  • Partner to maintain whitelist of valid web domains that include all SFDC Servers, exclude known websites containing malware and viruses beyond firewall features blocking these sites
  • Partner server browser based app must be whitelisted in ServiceMax app whitelist to meet SFDC 3rd party app callout security processes
  • Partner server app encryption of ServiceMax data inside 3rd party Partner servers
    • Recommend separate encryption for ServiceMax data separate from existing Partner server and 3rd party app encryption
  • Smax integration from Partner server app to use SFDC defined API process for Force.com based apps to match to out of the box and custom Smax data fields

Hardware Requirements

  • Hardware supports Apple OSX (latest version) or Windows 10 operating systems
  • OS supports browsers in compliance with Salesforce.com supported browser guidelines

User Access to Partner Application/Data Transfers

  • Test User credentials to be used in both ServiceMax mobile app and Partner 3rd party app
    • Indicate if SSO or separate sign on procedures required
  • Use of Smax Custom Action URL access to 3rd party mobile app to provide test User credentials in the pass parameters URL fields
  • Use of Smax Custom Action URL to also provide key data fields, i.e., Work Order, in the pass parameters URL fields