Cybersecurity

Our commitment to cybersecurity

At Allegion, we strive to provide seamless access and a safer world. Security and privacy are at the core of what we do and what we think about every day. ​

​To protect the devices, products and systems that in turn protect people and assets wherever they reside, work and thrive, we take a broad and deep approach to ensuring safety and security.

Protecting devices, products and systems

At Allegion, security and privacy are at the core of what we do and what we think about every day.

Security and Privacy by Design

Schlage products are designed with security and privacy in mind.

  • Allegion utilizes a Defense in Depth approach to security by utilizing multi-layered security controls
  • Data is protected at rest and in motion
  • It is assumed external systems are insecure
  • Users and processes are authenticated and then their authorization is verified
  • Respect users’ right to privacy and strive to protect it

Built on Proven Security Practices

A Secure Development Lifecycle (SDL) is utilized to drive security into the product during development.

  • Full-time global cybersecurity team committed to driving security into software/firmware development process
  • Cybersecurity training for all developers and testers
  • Security & Privacy requirements defined during requirements phase
  • Threat modeling conducted during design phase
  • Static Analysis Tools utilized during implementation phase

Security Updates and Vulnerability Management

Schlage provides firmware & software updates securely if vulnerabilities are identified.

  • Firmware updates are encrypted and signed using cryptographically secure method
  • Security issues are tracked to closure and root-cause analysis is performed
  • Lessons learned are incorporated into the development process to prevent repeat incidents

Tested by Internal and External Experts

Schlage utilizes a 3rd party penetration tester to validate the security of its products.

  • Allegion utilizes Best-in-Class 3rd Party Penetration Testers which includes:
    • Penetration testing (run-time analysis)
    • Reverse engineering (binary analysis)
    • Code reviews (static analysis)
    • Threat modeling (design analysis)
    • Device testing (hardware analysis)

Responsible Product Disclosure

Allegion Vulnerability Disclosure Program

Schlage takes the security of our products and systems seriously, and we value and appreciate contributions from the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our customers. As part of our commitment to protecting our devices, products and systems, we have a vulnerability disclosure program. If you have identified a potential security vulnerability or privacy issue with Allegion devices, products or systems, please visit our Vulnerability Disclosure Program page.

Resources