Building Automation Systems and Network Security Sample Clauses
Building Automation Systems and Network Security. Customer and Trane acknowledge that Building Automation System (BAS) and connected networks security requires Customer and Trane to maintain certain cybersecurity obligations. Customer acknowledges that upon completion of installation and configuration of the BAS, the Customer maintains ownership of the BAS and the connected network equipment. Except for any applicable warranty obligations, Customer is solely responsible for the maintenance and security of the BAS and related networks and systems. In the event there is a service agreement between Trane and Customer, Trane will provide the services as set forth in the service agreement.
1. Ensure that the BAS, networks, and network equipment are physically secure and not accessible to unauthorized personnel.
2. Ensure the BAS remains behind a secure firewall and properly segmented from all other customer networks and systems, especially those with sensitive information.
3. Keep all Inbound ports closed to any IP Addresses in the BAS.
4. Remove all forwarded inbound ports and IP Addresses to the BAS.
5. Maintain user login credentials and unique passwords, including the use of strong passwords and the removal of access for users who no longer require access.
6. Where remote access is desired, utilize a secure method such as Trane Connect Secure Remote Access or your own VPN.
7. For any Trane services requiring remote data transfer and/or remote user access, configure the BAS and related firewall(s) per instructions provided by Trane. This typically includes configuring Port 443 and associated firewall(s) for Outbound only.
8. Perform regular system maintenance to ensure that your BAS is properly secured, including regular software updates to your BAS and related network equipment (i.e., firewalls). Any and all claims, actions, losses, expenses, costs, damages, or liabilities of any nature due to Customer’s failure to maintain BAS security responsibilities and/or industry standards for cybersecurity are the sole responsibility of the Customer.