Compliance Programs and Standards

Title Overview Applies to Description Certificate Badge
ISO 9001 International Quality Standard Hexagon ALI Product Development The Quality Management System of Hexagon Asset Lifecycle Intelligence has been approved by Lloyd's Register Quality Assurance to the following Quality Management System Standards: ISO 9001:2015.

The ISO 9001:2015 standard provides tools and guidance to help companies achieve effective quality management over products and services, meet customer requirements and consistently improve quality. 
View Certificate
ISO 27001 International Security Standard AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix

Swindon UK, Huntsville, AL, USA
ISO/IEC 27001:2013 is the international standard that provides the specification for an information security management system (ISMS). The standard is designed to help organizations manage their information security processes in line with international best practices. 

Hexagon ALI’s Information Security Management System provides:
Regular evaluation of information security risks, taking into account the impact of threats and vulnerabilities.

Design and implementation of a comprehensive suite of information security controls and other forms of risk management to address information security risks.

An overarching management process to ensure that the information security controls continue to meet Hexagon ALI’s Cloud customers’ needs.
View Certificate  
ISO 27017 International Security Standard AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix

Swindon UK, Huntsville, AL, USA
ISO/IEC 27017:2015 is the international standard that provides guidance on the information security aspects of cloud computing, recommending and assisting with implementing cloud-specific information security controls supplementing the guidance in ISO/IEC 27001.

The scope of the Hexagon ALI Information Security Management System also includes the ISO/IEC 27017:2015 (ISO 27017) extended control set and implementation guidance.
View Certificate  
CSA Star: Level 1 & 2 Security, Trust, Assurance, and Risk Registry AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Control Matrix (CCM).
View Listings  CSA Star Level One Badge CSA Star Level Two Badge
SOC 2 Security, Availability, and Confidentiality Report HxGN EAM, HxGN Smart Cloud, Jovix A SOC 2 audit report provides detailed information and assurance about a service organization's security, availability, processing integrity, confidentiality, and/or privacy controls, based on their compliance with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria.

Hexagon's Asset Lifecycle Intelligence division Cloud products’ System and Organization Controls (SOC) 2 Reports are independent third-party examination reports that demonstrate how our Cloud products achieve key compliance controls and objectives. The purpose of such reports is to help our Cloud products’ stakeholders understand the controls established to support operations and compliance.

The scope of our Cloud products’ AICPA Trust Services Criteria includes security, availability, and confidentiality.
Request Report

*Specify HxGN EAM, HxGN Smart Cloud, or Jovix
 SOC logo
VPAT Voluntary Product Accessibility Template (VPAT) EcoSys, HxGN EAM A Voluntary Product Accessibility Template (VPAT) is a document that explains how information and communication technology (ICT) conforms to the accessibility standards outlined by Section 508 of the Rehabilitation Act which demonstrates Hexagon’s digital inclusivity and commitment to web accessibility. Request Report  
CFIHOS Capital Facilities Information HandOver Specification Standard for Process Industries    CFIHOS is a standard that originated in 2012 under the auspices of USPI, and in 2020, governance was transferred to the International Association of Oil & Gas Producers (IOGP) – becoming the Joint Industry Project (JIP) 36. The specification applies across the value chain and includes information required to meet regulatory authority requirements. As such, we believe that CFIHOS provides a good platform for standardization of information requirements across the industry to reduce the uncertainty and costs of handovers, simplify the license to operate process and provide a basis for supporting interoperability and increased efficiency of work processes during the operations and maintenance phase of the facility life-cycle. View Specification  
ASME NQA-1 Nuclear Industry Standard CAESAR II, GT STRUDL ASME Nuclear Quality Assurance (NQA-1) is a national consensus standard for quality assurance in the nuclear industry. The American Society of Mechanical Engineers (ASME) established the standard as the means to ensure compliance with the requirements of the nuclear industry. Learn more NQA 1 compliant
ISO 15926 Industrial Automation Systems and Integration   Hexagon's Asset Lifecycle Intelligence division has been an active member of POSC/Caesar and delivered the first ever POSC/Caesar data warehouse in 1997. POSC/Caesar initiated the development of the ISO 15926 standard "Integration of life-cycle data for process plants oil and gas production facilities," and its SmartPlant® Enterprise integrated solutions support ISO 15926. The underlying SmartPlant Foundation data model has shared a common basis with ISO 15926 Part 2 since their joint origins and has evolved reflecting the ongoing development of this standard.

In addition to our support for ISO 15926 in our IM tools, SmartPlant Interop Publisher reads ISO15926 files for conversion to our 3D format for use in our 3D tools, and SmartPlant P&ID saves P&ID data into ISO15926 compliant .xml file.
Learn more ISO 15926 Badge
NERC CIP North American Electric Reliability Corporation HxGN EAM The NERC CIP standard, developed by the North American Electric Reliability Corporation, plays a crucial role in protecting the utility sector's critical infrastructure through cybersecurity regulations. Hexagon, a leading cloud service provider, is dedicated to upholding these standards by offering its customers the HxGN EAM asset management software. Independently evaluated and found suitable for securely storing assets, this solution optimizes asset lifecycles while prioritizing data security through encryption, role-based access control, and audit trails. Hexagon's commitment to transparency ensures that they work closely with customers to meet their unique security and reliability needs within the framework of NERC CIP standards, ultimately enhancing productivity and compliance. Request Report  
BSI Kitemark British Standards Institution Kitemark Certification for CAD BIM Software HxGN EAM BSI Kitemark for CAD BIM is a global certification with requirements that validate processes in security, support, and project life cycle standards. Based on ISO 19650, the British Standards Institution (BSI) established this standard for software vendors to measure compliance with requirements in the engineering, construction, and building industries. View Certificate BSA Kitemark Badge
GEFMA 444 German Facility Management Association Directive HxGN EAM GEFMA 444 is a guideline focused on facility management, particularly related to the implementation and certification of energy management systems in buildings and facilities. It was created by the German Facility Management Association (GEFMA) to promote sustainable and energy-efficient practices. English Certificate
Deutsch Certificate 
 
  • ISO 9001 

    Overview:
    International Quality Standard

    Applies to:
    Hexagon ALI Product Development

    Description:
    The Quality Management System of Hexagon Asset Lifecycle Intelligence has been approved by Lloyd's Register Quality Assurance to the following Quality Management System Standards: ISO 9001:2015.

    The ISO 9001:2015 standard provides tools and guidance to help companies achieve effective quality management over products and services, meet customer requirements and consistently improve quality. 

    View Certificate


  • ISO 27001  

    Overview:
    International Security Standard

    Applies to:
    AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix
    Swindon UK, Huntsville, AL, USA

    Description:
    ISO/IEC 27001:2013 is the international standard that provides the specification for an information security management system (ISMS). The standard is designed to help organizations manage their information security processes in line with international best practices.

    Hexagon ALI’s Information Security Management System provides:
    Regular evaluation of information security risks, taking into account the impact of threats and vulnerabilities.

    Design and implementation of a comprehensive suite of information security controls and other forms of risk management to address information security risks.

    An overarching management process to ensure that the information security controls continue to meet Hexagon ALI’s Cloud customers’ needs.

    View Certificate


  • ISO 27017

    Overview:
    International Security Standard

    Applies to:
    AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix
    Swindon UK, Huntsville, AL, USA

    Description:
    ISO/IEC 27017:2015 is the international standard that provides guidance on the information security aspects of cloud computing, recommending and assisting with implementing cloud-specific information security controls supplementing the guidance in ISO/IEC 27001.

    The scope of the Hexagon ALI Information Security Management System also includes the ISO/IEC 27017:2015 (ISO 27017) extended control set and implementation guidance.

    View Certificate


  • CSA Star: Level 1 & 2

    Overview:
    Security, Trust, Assurance, and Risk Registry

    Applies to:
    AcceleratorKMS, HxGN EAM, HxGN SDx2, HxGN Smart Cloud, Jovix

    Description:
    The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

    STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Control Matrix (CCM).

    View Listings

    CSA Star Level One Badge CSA Star Level Two Badge


  • SOC 2

    Overview:
    Security, Availability, and Confidentiality Report

    Applies to:
    HxGN EAM, HxGN Smart Cloud, Jovix

    Description:
    A SOC 2 audit report provides detailed information and assurance about a service organization's security, availability, processing integrity, confidentiality, and/or privacy controls, based on their compliance with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria.

    Hexagon's Asset Lifecycle Intelligence division Cloud products’ System and Organization Controls (SOC) 2 Reports are independent third-party examination reports that demonstrate how our Cloud products achieve key compliance controls and objectives. The purpose of such reports is to help our Cloud products’ stakeholders understand the controls established to support operations and compliance.

    The scope of our Cloud products’ AICPA Trust Services Criteria includes security, availability, and confidentiality.

    Request Report
    *Specify HxGN EAM, HxGN Smart Cloud, or Jovix

    SOC logo


  • VPAT

    Overview:
    Voluntary Product Accessibility Template (VPAT)

    Applies to:
    EcoSys, HxGN EAM

    Description:
    A Voluntary Product Accessibility Template (VPAT) is a document that explains how information and communication technology (ICT) conforms to the accessibility standards outlined by Section 508 of the Rehabilitation Act which demonstrates Hexagon’s digital inclusivity and commitment to web accessibility.

    Request Report


  • CFIHOS

    Overview:
    Capital Facilities Information HandOver Specification Standard for Process Industries

    Description:
    CFIHOS is a standard that originated in 2012 under the auspices of USPI, and in 2020, governance was transferred to the International Association of Oil & Gas Producers (IOGP) – becoming the Joint Industry Project (JIP) 36. The specification applies across the value chain and includes information required to meet regulatory authority requirements. As such, we believe that CFIHOS provides a good platform for standardization of information requirements across the industry to reduce the uncertainty and costs of handovers, simplify the license to operate process and provide a basis for supporting interoperability and increased efficiency of work processes during the operations and maintenance phase of the facility life-cycle.

    View Specification


  • ASME NQA-1

    Overview:
    Nuclear Industry Standard

    Applies to:
    CAESAR II, GT STRUDL

    Description:
    ASME Nuclear Quality Assurance (NQA-1) is a national consensus standard for quality assurance in the nuclear industry. The American Society of Mechanical Engineers (ASME) established the standard as the means to ensure compliance with the requirements of the nuclear industry.

    Learn more

    NQA 1 compliant


  • ISO 15926

    Overview:
    Industrial Automation Systems and Integration

    Description:
    Hexagon's Asset Lifecycle Intelligence division has been an active member of POSC/Caesar and delivered the first ever POSC/Caesar data warehouse in 1997. POSC/Caesar initiated the development of the ISO 15926 standard "Integration of life-cycle data for process plants oil and gas production facilities," and its SmartPlant® Enterprise integrated solutions support ISO 15926. The underlying SmartPlant Foundation data model has shared a common basis with ISO 15926 Part 2 since their joint origins and has evolved reflecting the ongoing development of this standard.

    In addition to our support for ISO 15926 in our IM tools, SmartPlant Interop Publisher reads ISO15926 files for conversion to our 3D format for use in our 3D tools, and SmartPlant P&ID saves P&ID data into ISO15926 compliant .xml file.

    Learn more

    ISO 15926 Badge


  • NERC CIP

    Overview:
    North American Electric Reliability Corporation

    Applies to:
    HxGN EAM

    Description:
    The NERC CIP standard, developed by the North American Electric Reliability Corporation, plays a crucial role in protecting the utility sector's critical infrastructure through cybersecurity regulations. Hexagon, a leading cloud service provider, is dedicated to upholding these standards by offering its customers the HxGN EAM asset management software. Independently evaluated and found suitable for securely storing assets, this solution optimizes asset lifecycles while prioritizing data security through encryption, role-based access control, and audit trails. Hexagon's commitment to transparency ensures that they work closely with customers to meet their unique security and reliability needs within the framework of NERC CIP standards, ultimately enhancing productivity and compliance.

    Request Report


  • BSI Kitemark

    Overview:
    British Standards Institution Kitemark Certification for CAD BIM Software

    Applies to:
    HxGN EAM

    Description:
    BSI Kitemark for CAD BIM is a global certification with requirements that validate processes in security, support, and project life cycle standards. Based on ISO 19650, the British Standards Institution (BSI) established this standard for software vendors to measure compliance with requirements in the engineering, construction, and building industries.

    View Certificate

    BSA Kitemark Badge


  • GEFMA 444

    Overview:
    German Facility Management Association Directive

    Applies to:
    HxGN EAM

    Description:
    GEFMA 444 is a guideline focused on facility management, particularly related to the implementation and certification of energy management systems in buildings and facilities. It was created by the German Facility Management Association (GEFMA) to promote sustainable and energy-efficient practices.

    English Certificate
    Deutsch Certificate