Our Approach
How do we handle cybersecurity?
Trane delivers industry-leading products and solutions that can be deployed securely. Each brings out-of-the-box simplicity to complex cybersecurity features while streamlining installation, onboarding and maintenance.
-
Secure Remote Access
Trane Secure Remote Connection seamlessly co-exists with existing infrastructure, so there's no need to create a firewall opening or establish a VPN connection. Trane BAS controllers are accessed via a web page, service tools, or phone app.
-
Secure Installation
Trane's Cellular Module establishes a remote and secure connection between the BAS controller and the Trane Cloud for anytime data collection when an IT network is unavailable.
-
Secure Products
Trane mitigates on-going risk on Tracer® SC+ site installations by providing proactive and routine cybersecurity audits through hardening reports and scans.
Standards and Compliance
At Trane, we take cyber threats very seriously by integrating cybersecurity best practices into our entire line-up of building automation systems.
-
SOC 2 Type 2 Compliance
SOC 2 Type 2 Compliance is a 3rd party compliance audit focused on client data security. Trane products (Tracer® SC+, Symbio® 800, Tracer® TU, Tracer® Ensemble®, Trane Intelligent Services®, Trane® Connect®) are SOC 2 Type 2 Compliant. The report describes the Trane controls environment and external audit of Trane controls that meet the AICPA Trust Services Security Criteria.
-
BTL Certified
All Trane controls devices are BTL certified. This means that all the BACnet™ functionality provided in the device has been tested by an independent laboratory and has passed the set of standardized tests.
-
TX-RAMP Certification
The Texas Risk and Authorization Management Program (TX-RAMP) is a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. Trane’s cloud offerings (Tracer® Ensemble®, Trane® Connect® and Trane Intelligent Services®) are TX-RAMP certified.
Best Practices
Stay ahead of cyber attacks.
Staying up to date on cybersecurity best practices and taking proactive steps to prevent breaches can help your company avoid incidents or at least minimize their impact. At Trane, we align our approach to cybersecurity with National Institute of Standards and Technology’s (NIST®) “Framework for Improving Critical Infrastructure Cybersecurity.”
-
Govern
Govern the product security program to define and oversee the organization’s cybersecurity risk management strategy, expectations, and policies.
-
Identify
Identify all the assets in your building (building automations systems / IoT devices equipped in the network). Assess your risks. Understand your organization's cybersecurity strengths and weaknesses.
-
Protect
Proactively act on your assessment and protect your assets. Implement safeguards to reduce risks such as preventative procedures, equipment/ technology updates, staff training, etc.
-
Detect
Enact activities such as continuous asset and network monitoring to detect the occurrence of cybersecurity events as early as possible.
-
Respond
Develop a set of response planning and mitigation strategies. These might include efforts to contain or minimize impact, analysis, and assessment of the incident and its impact on the organization.
-
Recover
Outline recovery processes, business continuity procedures and best practices to ensure timely restoration of building systems or assets affected by cybersecurity events to return to normal operation quickly.
Documentation
Cybersecurity Summaries
Read the cybersecurity summaries for some of our industry-leading products.