BigFix Trust Center
Software security is critically important to HCL and our valued clients. It is also central to the way BigFix is developed. The HCL security strategy covers all aspects of our business, including corporate and organizational security policies, incident management and response, business continuity and disaster recovery, secure software development processes, and privacy.
This web page specifically addresses the BigFix secure development process, as well as our company and product certifications important to our commercial and government customers. It conveys how the BigFix solution helps IT and Security teams secure their endpoint fleet.
Secure Product Development
HCL Software adheres to stringent development processes to protect the code we develop and provide to both our commercial and government customers.
Additionally, BigFix content is protected in several ways. First, the BigFix Content Servers are running in secure data centers. Second, file access control lists (FACL) limiting access and changes to authorized users. And lastly, BigFix content itself is cryptographically signed during the secure build process. Content that is not signed correctly is rejected by BigFix servers and logged as an error. As a result, content downloaded by our customers from the BigFix Content Servers is protected and secure.
Secure Product Support
Our Product Support teams protect our customer data and information by collecting only vital information, limiting access to customer contact information and case data to only those who are actively working to troubleshoot the reported problem, and encrypting customer sensitive information making it unreadable to anyone other than the intended party. Our data protection policy includes:
- Collecting only vital company and contact information.
- Communicating customer information and data via HTTPS and Transport Layer Security (TLS) protocols.
- Sending diagnostic data via SFTP or HTTPS using TLS protocols and encrypting stored data using the AES algorithm.
The HCL Software Support organization has achieved ISO27001 certification. External auditors have reviewed HCL Software’s practices, policies, and procedures and found that our Information Security Management System (ISMS) meets the requirements of the standard. ISO 27001 compliance demonstrates our ability to protect our client’s data and information.
BigFix Security Bulletins
The HCL Product Security Incident Response Team (PSIRT) manages the receipt, investigation and internal coordination of reported security vulnerabilities for HCL Software product offerings. The PSIRT coordinates with product development teams who investigate reported security vulnerabilities and identify the appropriate response plan. Once a response plan is identified, the product teams communicate with internal and external parties in the execution of our vulnerability response process. For more information, visit the HCL Software PSIRT page.
The HCL PSIRT publishes Security Bulletins to our customers and partners. Each Security Bulletin describes the CVE and points to additional details and remediation. A list of BigFix Security Bulletins can be on the HCL Software Community Forum.
HCL collaborates with a variety of organizations who evaluate our compliance to industry security so that our customers and partners can be assured of our product integrity. For more information about HCL Software corporate compliance, visit the HCL Software Compliance page. The following HCL and BigFix certifications have been obtained or are in progress as indicated below).
We are committed to protecting the privacy of visitors to our websites, individuals who register to use the products and services, individuals who register to attend our corporate events and webinars, and our business partners. For more information, see the HCL Privacy Statement.
BigFix helps IT and Security teams improve security compliance
BigFix secures workstations and servers, regardless of location, connection or status. BigFix delivers a set of effective solutions that enhances our client’s ability to secure their organization’s endpoints against cyberattacks and threats.
Our valued clients can rest assured that we keep security foremost in our minds as we develop, test and deliver effective and secure endpoint management solutions to our commercial and government customers. For more information, please contact us.