Ability™ Developer Portal
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Security and Governance Standards

Security and governance standards define baselines for Azure resources.

# Owners

# Owner identification

Based on:
Server Security Policy section 2.1.1

According to ABB policy, all servers need to have an assigned owner. Because ABB Ability is using its own Azure Cloud service to deliver servers and other network elements, this policy has been extended to all of the resources created in Azure Cloud.

Refer to the Azure Cloud and Azure DevOps subsections for more details about owner identification for target resources.

# Owner responsibility

Owners are responsible for maintaining their own resources. Continue reading for more details.

# Periodic review of access

Based on:
Identity and Access Control Policy section 2.15
Identity and Access Control Standard sections 2.1.3.4.4, 2.2

Owners are responsible for managing access to their resources and should conduct periodic reviews of that access. In addition, external accounts need to be tracked and removed when they are no longer in use.

# Resource maintenance

Based on:
Server Security Policy section 2.1
Network Security Policy section 2.1

Owners are responsible for maintaining and monitoring their resources, performing system updates on their Virtual Machines, and following the Security Instructions provided by the Group Information Security policy. We recommend enabling automatic system updates for all non-production Virtual Machines. In the case of Virtual Machines used in production, please consider performing manual updates and patches prior to stage environments, and then do production. Another good strategy for production is to do Virtual Machine backups before applying an update or patch.

# Resource lifecycle

Owners are responsible for the whole lifecycle of a given resource, from its creation (or when resource owners change) to the moment the resource gets deleted (or it changes owners again). Throughout the resource lifecycle, the owner is responsible for:

  • properly defining the metadata required for a given resource.
  • deleting resources if they are no longer needed.

# External accounts

Granting access to external accounts should be done only as an exception, as all contractors are expected to use ABB accounts on a daily basis. It is the owner's responsibility to remove granted privileges for external accounts when they are no longer needed.

# GDPR

Due to GDPR requirements, former employees' accounts and personal user information should be removed from resources. Depending on the situation, this responsibility falls on the resource owner, resource group owner, subscription owner, or group manager.

Last updated: 9/6/2021, 1:25:50 PM

Azure Security Controls and Lifecycle

Feedback