Read more about sustainability at KONE
Cybersecurity is one of the pillars of sustainability at KONE and is key to ensuring a safe and livable urban future.
Connectivity presents great opportunities for smooth people flow through increasingly smart cities and buildings.
With cybersecurity embedded into our design process we are committed to keeping our solutions safe and resilient across their lifecycle.
Collaboration with our ecosystem partners helps us find smarter and more innovative ways to create more value for our customers. We build secure smart solutions for a smooth and safe people flow.
Ethical hacking is going mainstream as another way to help protect against cyberattacks which aim to steal user credentials, knock networks offline and even encrypt customer data for ransom. Alongside strengthening its own cybersecurity expertise, KONE enlists the skills of friendly hackers, including challenging them at high-profile meetups.
The first ever ISO cybersecurity standard for elevators, escalators and moving walkways is an important step towards ensuring uninterrupted people flow, keeping ‘bad actors’ at bay, and creating ever-more-secure digital ecosystems. For KONE, which had a key role in creating the standard from the very beginning, nothing could be more important.
It might not be a catchy name, but IEC 62443-4-1 is an international standard for secure product development life-cycle requirements in industrial automation and control systems. Now that KONE has achieved certification in it, customers know they can sleep a little easier.
KONE maintains technological and organizational measures to protect solutions, networks, devices, and information from unauthorized access or criminal use and to ensure the confidentiality, integrity, and availability of information.
Governance: KONE has business driven security governance, defined security management system, incl. security policies, processes, guidelines, and monitoring and metrics to follow security performance throughout KONE's business operations.
Asset Management: KONE maintains an asset inventory of technology assets, such as applications, platforms, servers, workstations, and mobile devices. The asset inventory includes the asset lifecycle, owner, and criticality. The assets are disposed of in a secure and sustainable manner.
Information Protection: KONE uses information classification to ensure information is protected in accordance with its importance. The protection measures include access controls, cryptography, data masking etc.
Identity and Access Management: KONE’s IAM controls enable the right individuals to access the right resources at the right times for the right reasons. All KONE employees, externals and customers have a unique identifier to separate them from other users. The User IDs must be coming from identified master data systems and have a lifecycle.
Application Security: KONE’s secure development lifecycle ensures that application security requirements are identified early in the lifecycle.
System and Network Security: The outgoing internet traffic in KONE network is secured by cloud-based proxy solution, on-premise firewalls on larger locations and/or by central firewalls in regional hub locations.
Secure Configuration: KONE requires hardware, software, services, and network configurations to be hardened according to the best security practices, for example using the Center of Internet Security’s (CIS) benchmarks.
Threat and Vulnerability Management: KONE’s vulnerability management process defines how the vulnerabilities are identified, remediated and reported. KONE uses Centralized Vulnerability Management System (CVMS) to process vulnerability information from various sources. Regular vulnerability scans cover internet-facing services and infrastructure. Penetration tests are conducted on a case-by-case basis for prioritized solutions, including IoT devices.
Information Security Event Management: KONE’s Security Operations Center (SOC) monitors Security Information and Event Management System’s (SIEM) logs, analyzes events and detects and responds to security incidents. The SOC operates 24/7.
Human Resource Security: Reference and other background checks are performed to ensure the candidate is eligible and suitable for the role for which the candidate is considered. All employees are enrolled to regular, role-based cybersecurity training program.
Physical Security: KONE premises are classified based on a risk assessment. The classification sets the minimum amount of physical security requirements that must be implemented at the site. All KONE premises have physical security perimeters and physical entry controls.
Supplier Relationships Security: KONE has global and unified supplier segmentation model which includes identifying supplier cyber risk profile. Based on the supplier cybersecurity profile, KONE defines mandatory security requirements.
Legal & Compliance: KONE monitors the legal, statutory, regulatory, and contractual requirements impacting KONE and our products and services offered to customers. KONE is actively participating in industry standardization work, such as ISO 8102-20:2022 Electrical requirements for lifts, escalators and moving walks — Part 20: Cybersecurity.
Continuity: KONE Business Impact Assessments set the requirements for recovery time objectives (RTO) and recovery point objectives (RPO). The solutions with high criticality require a documented Disaster Recovery Plan (DRP) which is regularly rehearsed. KONE has requirements towards backup management and capacity management which support KONE’s continuity objectives.
Information Security Assurance: KONE has an annual internal audit program for security and a KONE-wide process and supporting system to manage corrective actions. KONE has IEC 62443 4-1 certification for secure development lifecycle. External security audits and assurance are conducted regularly.
Smart solutions with end-to-end security
KONE products and solutions are developed with cybersecurity in mind from the start. We follow secure software development processes to embed cybersecurity and privacy into our digital solutions throughout their lifespan. Our secure development lifecycle (SDL) process is certified to IEC 62443-4-1 issued by TÜV Rheinland.
Cybersecurity is one of the pillars of sustainability at KONE and is key to ensuring a safe and livable urban future.
If you discover a potential security vulnerability regarding our solution, please let us know here. You can use PGP public key to encrypt your email. We investigate all valid reports and contact you for further information if needed.
Read about our cybersecurity objectives and commitment here.