BHP's Software Standards for Suppliers

BHP and Expande released a masterclass last June to help software developers understand the standards that suppliers must meet when developing and implementing applications for BHP’s operations.

The presenation was led by Rodrigo Almendras, Manager Applications Design & Engineering MinAm of BHP; Luis Medinelli, Tech Lead of Digital Factory at BHP, and Joel Campusano specialist consultant.

AX Legal has provided a summary of some of the main points addressed in the master class but it is highly recommended that companies who are working in this space to view the presentation in full.?It can be found?here.

CyberSecurity Share

Over the last few years, and particularly through the pandemic, cyber-attacks have grown exponentially across the globe. In response, BHP has updated their previous policies and has already started implementing them across their operations.

The Secure Application Standard applies to all in-house developed, COTS, SaaS, and other applications which transmit processes or store the companies data.

BHP has established a set of rules to secure applications:

• Authentication & Authorization
• Input validation
• Session Management
• Overall requirements

It is recommended to check compliance with these new standards. Some controls have been further defined, and some have been removed as non-essential.

Rationale behind the Changes

The goal is to have common guidelines to facilitate the development of custom applications:

• To have a common landscape for developers and support teams.
• To have set standard and technical specifications for custom applications.
• To define the principal criterion for the acceptance of applications.
• To do a useful transfer to operations to facilitate the support of the application.

Jurisdiction and Applicability

This standard is adopted by Technology Minerals Americas and governed by Minerals Americas Design and Engineering.?

• Architects, technical leads, developers, third party companies, and other delivery teams should be familiar and comply with this standard.
• Compliance to the standard is validated by Technology Architecture board or the appropriate architecture panel.

Design Principles

• Build applications with patterns to promote the construction of reusable software components.
• Build the application with a structure and language of software code (class names, class methods, class variables) that match the business domain.
• Avoid accidental complexity, as a result, the software is harder to understand than it should be.

Technological Recommendations for Custom Applications

Conclusion

BHP is hoping that the new policies will level the playing field so that suppliers can start with the same standards allowing for speedier development periods.?The new policies will also ensure that software being used in its operations are scalable for the future and can be adapted to the ever-changing security situation.

It is important to keep in mind that the challenges are greater when doing custom development, as it requires more specific attention to the policies and controls as defined by BHP.

For the full presentation and access to the masterclass, it can be found?here.

Ax Legal is an advisory firm that works with foreign companies in Latin America. Our team of legal and commercial advisors have a distinguished track record of helping foreign technology and services companies to grow and operate in Latin America. Over the years, we have worked with starts up, mid-size businesses, and publicly listed companies. The one common factor that connects are clients is that they are leaders in their field, providing innovative technologies and services to the industrial sectors.

To better understand how we can support you in the Region, please contact Cody Mcfarlane at?[email protected]