Ability™ Developer Portal
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Introduction to ABB Data Privacy

To ensure a standardized and high level of protection of personal data processed by ABB group companies worldwide, ABB has adopted Corporate Regulation Data Privacy (CRLI-​17), Binding Corporate Rules, and ABB Ability™ Data Privacy Policy. Both apply to the processing of all personal data by all Group companies, regardless of where the personal data is collected and the competent jurisdiction applicable to the processing.

In case of any Data Subject Request regarding personal data, please contact the ABB Global Privacy team privacy@abb.com, which provides guidance, support and ensures Data Subject Rights.

In case of any Data Subject Request regarding business data, please contact the ABB Division providing service to the company in question.

# Ability Data Manifesto

The Ability Platform enables the data collection from customer installations to provide value-added services such as predictive maintenance, condition monitoring, analytics, etc. While the bulk of this data belongs to devices and process information, personal information may be collected. While GDPR does not prohibit from collecting personal information of users, it makes it mandatory to define why and what personal information is collected, how it is used, and to provide freedom for the users on managing/removing such data.

The Ability Platform is a tool; as such, it cannot be considered as compliant or not compliant. Only a customer facing a complete solution or service may be audited for GDPR compliance: how it collects, uses, and stores the personal data.

ABB Ability Platform keeps information related to user id and emails, which maps between the principal manager and the Azure Active directory. Other data is kept in log files to provide information related to an audit trail and troubleshooting requirements.

Application-specific information can be found in the Information Model or alarms and events when needed by customer-specific applications and is outside the scope of GDPR information which can be documented in the base ABB Ability Platform scope.

# Data relevant to personal data

ABB Ability Platform has identified the following specific use cases relevant to personal data:

User: The Platform itself does not store any user's name, surname, or other personal information. A particular business solution indicates the most common administrator of data is the ABB Azure Active Directory (AAD). ABB Ability™ Platform Admin Portal enables overall user management and introduces userId as the user identifier. There are four roles in the context of the Ability Platform:

  • Ability Administrator - usually belongs to the Ability Operation team, responsible for resources and management, such as solutions, tenants, connectivity providers, etc.

  • Solution Administrator - usually belongs to ABB Division, responsible for the customer facing solution and their applications, also for devices that are connected to the Platform instance.

  • Tenant Administrator - usually belongs to the customer organization, responsible for access control of customer users and groups. Depending on the customization of Sign-In for Ability Tenant, it allows users to use social media accounts like Gmail or Facebook.

  • End-User - usually belongs to the customer organization, uses Platform APIs via solution (are subject to access control policies). Depending on the customization of Sign-In for Ability Tenant, it allows users to use social media accounts like Gmail or Facebook.

  • Tenant: Organization or entity that signs up for an Ability solution. A tenant could be a customer, specific location, or subset of either entity. The user has access to a minimum of one tenant. ABB Ability™ Platform Admin Portal enables overall tenant management and introduces tenantId as the tenant identifier.

Both userId or tenantId can be found in the following Ability Platform components:

  • Principal Manager - performs management operations such as creating Roles, Grants, onboarding tenants, devices, users, etc. It implicates userId with roles, grants and indicates access to the tenantId
  • Audit Logs - vital for either debugging a problem or analyzing a security incident. Often, it is required to identify devices or individuals for certain actions when analyzing a security incident. It is possible to track a user's activity and queries using their unique userId or tenantId. The system keeps a history of the last 180 days of the Audit log by default (custom configuration is possible).
  • Information Model - indicates devices, object models, and type for unique tenantId

Additionally, Microsoft, as a service provider to Ability Platform, owns a specific set of documentation and procedures regarding personal data logs handling and application data logs data security

Last updated: 8/24/2022, 7:23:08 AM

Zones

Feedback