Compliance

It is ServiceMax’s goal to help Customers maintain their state of Compliance with regulations and industry standards that govern their business and organizations. Adopting ServiceMax for Field Service needs should not place these certifications and attestation at risk. Therefore, ServiceMax works hard to adopt and maintain certifications and attestations that support Customer Compliance needs so that they can achieve the insights and efficiencies they need to create value for their organizations.

Regulations, Standards, Certifications and Assessments

ISO 27001

ISO 27001

Certification in meeting requirements for an information security management system (ISMS)

SOC 2 Type I

SOC 2 Type I

Report detailing information and providing assurance regarding the controls relevant to one or more Trust Service Principles

NIST Special Publication 800-53 Rev 4

NIST Special Publication 800-53 Rev 4

Recommended Security Controls for Federal Information Systems and Organizations

Self Assessment

Self Assessment

Self assessment leveraging industry standard controls based questionnaire, CSA-CAIQ, provided by the Cloud Security Alliance

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery

Continuation of business processes due to disruption and recovering from adverse events

GDPR

EU General Data Protection Regulation

Readiness and compliance with GDPR principles

External Security Assessments

External Security Assessments

Attestation of continuous external penetration tests and security assessments performed by third parties

ISO 27001

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that provides Customers assurances that the service organization has implemented an ISMS that is functioning effectively. An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and technology systems by applying a risk management process. These certification covers 3 years starting with a full audit and subsequent touch point audits called surveillance audits.

Artifact
ISO 27001 Certificate
Where to Get It

Please complete Compliance Inquiry Form to request a copy of the ServiceMax ISO Certificate for your records.

SOC 2

SOC 2

Service Organization Control (SOC) for Service Organizations is designed to help companies such as ServiceMax provide services to its Customers, build trust and confidence in the service performed and controls related to the services through a report by an independent Auditor. A SOC 2 report is designed to meet a broad set of reporting needs about the controls at a service organization in the form of Audit firm’s independent attestation report. Specifically, a Type 1 report conveys the fairness of presentation of the service organization’s system and the suitability of the design of controls as of a specified date.

Artifact
SOC 2 Type 1 Report
Where to Get It

Please complete Compliance Inquiry Form to request a copy of the ServiceMax SOC 2 Type 1 Report for your records.

NIST 800-53

NIST 800-53

The NIST 800-53 publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk. ServiceMax has adopted Moderate Impact Baseline for its Field Service cloud that spans 18 Control Families and 159 controls. Customers who have stringent compliance requirements can rest assured that ServiceMax products are designed to provide Security and Privacy as required by the US Government.

Artifact
NIST 800-53 Rev 4
Where to Get It

Location where the entire NIST 800-53 Control families can be found

BCP/DRP

Business Continuity Program and Disaster Recovery

The ServiceMax Business Continuity program aims to provide the means necessary to sustain mission critical business processes when an unforeseen interruption occurs. Similarly, the ServiceMax Disaster Recovery Program provides a comprehensive set of actions to be taken before, during and after a disruptive event which may cause significant loss. There are three main elements to the ServiceMax BCP/DRP and they include conducting an Asset Business Impact Analysis, a Recovery Strategy, and Plan Considerations. Leveraging industry standard procedures, ServiceMax ensures that its BCP/DRP can successfully support one of its core imperatives – Cyber Resiliency.

Artifact
ServiceMax BC/DR Approach Aligns with ISO 22301:2019
Where to Get It

ISO 22301:2019: Security and resilience — Business continuity management systems