The threat of cyberattack is constant for small businesses and major corporations alike. It’s almost always a question of when — not if — for your smart building.
That’s why we’re ready with a rapid response — whether you alert us to potential cybersecurity issues, or we spot them in our continuous diagnostics of the software and components we deploy. Whatever the situation, we’ll remediate vulnerabilities and address concerns with speed, professionalism, and transparency.
We respond to cybersecurity incidents with a disciplined process that limits your smart building’s exposure by assessing impact, protecting security interests, and coordinating disclosure.
Here’s how the process works when there’s a problem:
The cybersecurity community includes independent researchers who work with us to identify vulnerabilities we can promptly correct. Johnson Controls want to acknowledge the importance of their contributions as they help us keep your systems and data as secure as possible.
We welcome reports from independent security researchers who believe they’ve found high or critical vulnerabilities in a Johnson Controls product — and with whom we work in partnership to address vulnerabilities using a Coordinated Vulnerability Disclosure process.
Following this process, we can protect customers by addressing potential vulnerabilities and planning a disclosure date after a fix is made available.
If a reported vulnerability involves a vendor’s product, we will notify that vendor directly, coordinate with the reporting entity, or engage a third-party coordination center.
If you are aware of a potential security vulnerability in a Johnson Controls product, service or solution, or have a product security question, please contact us at productsecurity@jci.com.
Please use a downloadable PGP key to secure communications.
When submitting a concern, please include the following information:
Thanks to all who partner with us to create a smarter, safer, more sustainable world.
Johnson Controls tracks, identifies and proactively addresses ever-evolving cybersecurity threats every day – it’s a top priority. This commitment is reflected in our technology innovations and continual product development to keep building management systems, IT infrastructures, and connected equipment secure.
Our dedicated cybersecurity team works with local professionals to address your concerns and immediate threats to system security. We encourage a partnership that follows best practices for IT security.