Summary
This document is a security whitepaper that summarizes relevant topics related to customer data and application security in Trimble Connect. It outlines the scope of the document, which focuses on security, privacy, and software development topics pertinent to Trimble Connect core services and software. The whitepaper details compliance with security standards such as ISO/IEC 27001:2013 and NIST 800-171, and describes the Trimble Secure Development Lifecycle (TSDLC) framework aimed at ensuring secure application development. It also discusses data center and cloud security, emphasizing the shared responsibility model with AWS and Azure. The document explains user authentication and credential management processes, data storage practices, and the handling of Personally Identifiable Information (PII) in compliance with GDPR and CCPA. Additionally, it covers continuity and disaster recovery measures, source code protection, secure development environments, code review processes, and rigorous testing and quality assurance practices to ensure high-quality software and service delivery.
