Help and Safety

End users of the Ecosystem, who install and use Apps and Devices need to warrant, that their Apps are safe, secure and quality-proven without causing damage to end users’ assets. Apps and Devices are used in an industrial setting and malfunctions may lead to economic losses or even harm for workers. For this reason, purposely or carelessly harmful Apps and Devices have no place in the Ecosystem and distributors of such applications will face respective consequences and liabilities.

The Ecosystem is a neutral environment. There’s no place for political, hostile, or religious statements. Instead, an intercultural and respectful behavior is the fundamental principle of our interactions.

Documentation

[Must] App Developers and Device Builders are required to accompany their Apps and Devices with sufficient comprehensive, understandable, and easily accessible documentation. The documentation must be in English, with translations into other languages recommended.

User Documentation

[Must] Both App Developers and Device Builders need to provide a user documentation (which may also be a mandatory legal requirement in many countries). The user documentation must include the following points (if applicable)

• the scope of application,
• a description of the use,
• the minimum hardware requirements,
• setup, configuration,
• release notes,
• Readme, and
• instructions regarding the maintenance of the App or the Device.

[Must] App Developers and Device Builders are solely responsible to make the documentation available to end users, e.g., through their website. In case the App or the Device is also listed on, promoted or marketed over the Marketplace, App or Device Developer must provide a publicly accessible link to the documentation to Siemens and Siemens will post that link to the product description page. Besides, App or Device Developer have to provide the link to the developer documentation together with the App in the Hub. Release updates need to be communicated as a (short) exchange post in the Community Forum and an in-App notification, if feasible. In case of changes to the documentation link, the updated link must be provided to [industrialedgeecosystem.industry@siemens.com].

Developer Documentation

Siemens’ developer documentation for Industrial Edge can be accessed via the Community Platform. The documentation is grouped based on the user roles:

• Admins/-Operators
• App Developers
• Device Builders
• Seller

[Must] For App Developers it is mandatory to provide an own developer documentation whenever the App requires development efforts by the end user, e.g., where the App contains APIs to enable other applications to interoperate with the App.

Support

In order to facilitate interactions between Ecosystem participants, support will be offered to i) providers of app and devices and ii) from providers and the Ecosystem Orchestrator to end users. In any case, support needs to be offered based on a cooperative and solution-oriented collaboration between the Ecosystem participants.

Siemens Support to Providers

[May] Once a provider is successfully onboarded to the Ecosystem (see App Developer Approval & Product Onboarding Criteria) the provider can receive support via the Ecosystem Orchestrator. Areas of support may include issues with the purchase, delivery, installation or operation of an associated application or combinations of different applications.

• If support with the use, handling or the setup of a Siemens app or further services is needed contact us here.
• If support for Siemens apps is needed or in case of bugs contact here.

Provider Support to End User

[Must] Providers choosing to offer apps or devices within the Marketplace are required to provide reasonable (technical) support with reasonable response times for their offering, as requested by Siemens on a case-by-case basis. Where Our 1^st-level root cause analysis identified that the issue that led to the support request relates to or results from a providers app support is necessary as defined in the 6.3 under the Ecosystem Agreement

Standard Support Channels

[Should] Standard support channels should be displayed and accessible in the user interface of each application, e.g., Support@Siemens.com.

Minimum Support Period for a Phase-Out / Minimum availability

[Must] Upon notification of the Application's or SW-based Device phase-out and cessation of automatic renewals, the provider must provide support and updates at least until the last end-user subscription expires - typically 12 months.

[Must] Upon notification of HW-based device phase-out and cessation of auto-renewal, the device manufacturer must provide support and firmware updates for at least the next 12 months.

As soon as products are in unrestricted sales release, the minimum support period is extended to 36 months after phase-out information.

Harm to Production and People

Liability for Production Downtimes and Machine Damages

Providers of apps are liable if they intentionally or negligently cause damage to another person or their work. A participant acts intentionally if they recognize the potential for damage in their actions and accept it or even intend it. Errors that lead to these problems must be reported immediately. Defective apps will be removed from the Marketplace until the issues are proven to be resolved (see also Governance).

Data Security

[Must] Handling of consumers' production data and personal data is an essential aspect of the Ecosystem. To ensure a trusting interaction between providers and consumers, this data must be handled securely and in the best interest of all participants.

Security Measures

[Must] All apps and devices need to implement industry-standard security measures in order to ensure data Privacy and security of consumer assets and interests. All Ecosystem participants adhere to the defined security standards.

Anti-Spy

[Must] Access to data from other apps must be acquired via documented and published Application Programming Interfaces (APIs) and communication channels. If undocumented interfaces are identified, they must be handled as a security vulnerability and not be used as access points to individual apps. They should be reported to the Ecosystem Orchestrator, who will inform the provider.

Industrial Edge Ecosystem Framework Coordinated Disclosure Policy

In the ecosystem, we have established a structured approach to ensure the protection of our customers. This includes a policy for coordinatively disclosing vulnerabilities found in our products together with our downstream partners.

The core of this policy is that the ecosystem partners establish a Coordinated Disclosure Group, within which details about identified security vulnerabilities will be shared confidentially with all partners that are responsible for potentially affected components, before they are made available to the public.

The group will coordinate on a public disclosure date on a per-case basis, which should usually be no later than 90 days after initial information within the group.
The Coordinated Disclosure Group may decide to publish security advisories earlier than originally planned, e.g. in case that information about the vulnerability become public.

Through this structured approach, we ensure that vulnerabilities in our ecosystem are addressed in a timely manner.