Application security

Schneider Electric is committed to securely develop and test against security threats to ensure customer data safety. Furthermore, Schneider Electric continuously employs a rotating number of 3rd party certified hackers to perform detailed penetration tests of the entire EcoStruxure IT platform.

Secure development

Security training

All new EcoStruxure IT software developers attend a mandatory security training which is given upon hire and every year after that. Additionally, they can choose to enroll in a White Hat Hacker training to receive the Ethical Hacker certification.

Peer review

Any change to the EcoStruxure IT platform is subjected to a mandatory peer review where code and infrastructure changes are reviewed by at least one other engineer in order to validate code quality, security and performance.

All changes are tracked using a version control system (GIT) to ensure history, traceability and audit tracking.

Separate Environment

EcoStruxure IT testing environments are physically isolated from the Production environment.

Application vulnerabilities

Dynamic Vulnerability Scanning

Schneider Electric uses several third-party security tools to continuously dynamically scan the EcoStruxure IT platform for vulnerabilities. Schneider Electric maintains a committed security team to handle results and work with engineering teams to remediate issues.

Static Code Analysis

All changes to source code are continuously scanned for bugs, security and license issues via static analysis tooling. Any source code change which doesn’t meet the EcoStruxure IT standards will be returned to the development team for improvement.

Third Party Security Penetration Testing

Schneider Electric continuously employs a rotating number of third party certified hackers to perform detailed penetration tests on all components of EcoStruxure IT (gateway, mobile and web app).

When new features are released, mission statements are handed to security experts to verify feature security. 

Learn more about our security test report sharing policy

Incident Response

The Schneider Electric Corporate Product Cyber Emergency Response Team (CPCERT) has defined vulnerability management processes to ensure efficient incident response.

To report an incident, please contact your local Customer Care Center.

If you’re a researcher, please report a cybersecurity vulnerability here.

All vulnerability disclosures are reported on the Schneider Electric Cybersecurity Support Portal.

XSS Protection (Incident Validation)

In accordance with industry best practices, we use strict procedures for output sanitization of all user input. This is enforced in part by static code analysis and also by using well known, tried and tested third party frameworks.

See also

EcoStruxure IT security

Product security features 

Data privacy 

Data center and network security 

Subprocessors and subcontractors for EcoStruxure IT