Product Security Incident Response Team

Acuity Brands' PSIRT will coordinate stakeholder interests regarding security concerns that can impact connected products and cloud-based infrastructure.

Acuity Brands, Inc. announced the formation of a Product Security Incident Response Team (PSIRT), which will supplement existing security programs by coordinating stakeholder interests regarding security concerns that potentially impact connected products and cloud-based infrastructure. All Acuity Brands products containing a software component in their use, maintenance, or management will be serviced by PSIRT. Additionally, the team will manage the receipt, investigation, and notification procedure with an extended group of collaborators which may include customers, consultants, security researchers, academic institutions, and other vendors.

PSIRT provides a proactive and centralized approach for security concerns arising from the increasingly digital market. This approach is designed to reduce the response time for releasing patches for security vulnerabilities and to improve the security posture of Acuity Brands technology-based products and services.

Product Security Incident Response Process to be applied in part or entirety, depending upon team discretion.

The following figure provides a high-level view of the product security response process.

  1. Awareness: information is received regarding a potential security vulnerability
  2. Triage: the report is validated, prioritized, and resources identified
  3. Analysis: impact assessment is conducted, and remediation plan developed
  4. Coordination: all collaborators are made aware of the timelines
  5. Remediation: fixes are released, and cloud-based services are updated
  6. Notification: affected customers are notified
  7. Feedback: post-remediation activities are performed

“To continually improve our best practices, Acuity Brands has joined the Forum of Incident Response and Security Teams (FIRST), which fosters cooperation and coordination in incident prevention, stimulates rapid reaction to incidents, and promotes information sharing among members and the community at large,” said Mark-David McLaughlin, Director of Security and Risk Management, Acuity Brands Lighting. “FIRST’s documentation and the ISO 30111 standard were used as references for the development of the PSIRT program.”

The Product Security Incident Response Team will be focused on, but not limited to, the products sold under the following brands: Atrius™, Dark To Light® (DTL), DGLogik, Distech Controls®, eldoLED®, Fresco™, Holophane®, IOTA®, Lucid®, LC&D™, nLight®, nLight® AIR, ROAM®, Sensor Switch®, Synergy®, and XPoint™ Wireless. Integral to this effort is an enhanced customer communication strategy that includes security bulletins and a dedicated contact.

For timely updates, users should subscribe to Acuity’s security bulletins.

FacilityBlog, New Service Spotlights, Products & Services, Security & Safety, Service News

Acuity-Brands, digital security, incident prevention, incident response, product security, product vulnerability, response program, security concerns, security program, security response program, security team, security vulnerabilities, software safety, software security

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Under the care of ABM, systems perform, businesses prosper, and occupants thrive.

Where Others See a Facility, We See Possibility

Under the care of ABM, systems perform, businesses prosper, and occupants thrive.

crime scene

Listen Now: What To Do When Your Facility Becomes A Crime Scene

A business continuity analyst discusses steps FM teams need to consider after a crime has been committed in their buildings.

Facilities Teams, ARC Facilities Webinar

Did You Miss Our “Solving The Hidden Assets Challenge” Webinar?

Hidden assets can be a challenge for facilities teams. View this free video webinar on demand and learn how your team can retain knowledge and streamline operations.

Receive the latest articles in your inbox

Share to...