Security controls

Konecranes employs a range of strict security controls to ensure the confidentiality, integrity and availability of the data and services we provide for your Smart Connected Lift Trucks.

Asset management

Ensuring that information assets are identified, and appropriate protection responsibilities are defined.

Konecranes has an Acceptable Use of Assets Standard and Information Classification Standard that set mandatory requirements for the protection of the assets and the information within, both during use and disposal.

Access control

Ensuring authorized user access and preventing unauthorized access to systems and services.

The Customer Service Agreement defines who can access data based on location, equipment or legal company. Login requires a username and password, and time-limited access to the yourKONECRANES customer portal to check user activity.

Cryptography

Ensuring proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.

Konecranes uses only trusted cryptographic algorithms with no known vulnerabilities. These algorithms, the length of security keys and usage are selected according to best practice. We protect data-in-transit with encryption or isolation on the network.

Communication security

Maintaining the security of information transferred within an organization and with any external entity.
A TRUCONNECT-enabled asset has no direct public Internet access. The Konecranes global mobile IoT connectivity platform and service provider complies with GSM Association (GSMA  ) global roaming compliances and standards to ensure security.
 

Operations security

Ensuring correct and secure operations.
Konecranes follows IT Infrastructure Library (ITIL) practices to ensure the confidentiality, integrity and availability of digital services. We use security information and event management (SIEM) and system audits to identify abnormalities and handle vulnerabilities.
 

System development

Ensuring that information security is designed and implemented within the development lifecycle of information systems.

Automated and manual security testing is an integral part of our software development process. Following the IEC 62443-4-1:2018 standard, we conduct security requirements, threat mitigation, vulnerability and penetration testing

Incident management

Ensuring a consistent and effective approach to incident management.
Through our security operations center, we respond quickly to information security incidents to contain, eradicate and assist in recovery. We follow data protection and related legal requirements according to relevant local legislation.
 

Disaster recovery

Ensuring service continuity and capability to recover from disasters. Konecranes digital services have processes in place to ensure service continuity, including identification of criticality, disaster recovery time and point objectives. We regularly test our backups and recovery to make sure they are always ready for implementation.

Compliance

Ensuring compliance with legal, statutory, regulatory or contractual obligations related to information security.

We follow agreed contracts and local legislation, run an annual ISMS audit program, keep a register of information systems, and issue personal data privacy statements for those systems. Personnel handling data are trained in data protection and security.