The threat of cyberattack is constant for small businesses and major corporations alike. It’s almost always a question of when — not if — for your smart building.

That’s why we’re ready with a rapid response — whether you alert us to potential cybersecurity issues, or we spot them in our continuous diagnostics of the software and components we deploy. Whatever the situation, we’ll remediate vulnerabilities and address concerns with speed, professionalism, and transparency.

We respond to cybersecurity incidents with a disciplined process that limits your smart building’s exposure by assessing impact, protecting security interests, and coordinating disclosure.

Here’s how the process works when there’s a problem:

The cybersecurity community includes independent researchers who work with us to identify vulnerabilities we can promptly correct. Johnson Controls want to acknowledge the importance of their contributions as they help us keep your systems and data as secure as possible.

We welcome reports from independent security researchers who believe they’ve found high or critical vulnerabilities in a Johnson Controls product — and with whom we work in partnership to address vulnerabilities using a Coordinated Vulnerability Disclosure process.

Following this process, we can protect customers by addressing potential vulnerabilities and planning a disclosure date after a fix is made available.

If a reported vulnerability involves a vendor’s product, we will notify that vendor directly, coordinate with the reporting entity, or engage a third-party coordination center.