What makes EnergySys secure?
Security and compliance are of the utmost importance. You need to know your data is safe and that you are meeting regulatory obligations, like EPA, OSPAR, FERC, and EITI. But in such a dynamic and fast-changing landscape, keeping up can be tough.
Not with the EnergySys Cloud Platform. We take security and data compliance extremely seriously and are fully committed to providing a highly secure, scalable and reliable platform. Here are just some of the things you won’t have to worry about when you become an EnergySys customer.
Availability and Disaster Recovery
EnergySys has a very high degree of redundancy and resilience. Over the past five years, we have had no significant outages.
Multiple instances of the service operate simultaneously, with data replicated automatically between them. These instances are running in widely geographically separated availability zones, with completely redundant infrastructure, power and cooling. In the event of a disaster in one centre, the system will failover to the secondary centre with minimal service interruption.
Through these measures, we have consistently achieved 99.95% availability of the EnergySys Cloud Platform, excluding all planned maintenance.
Data Backup
Our backup strategy addresses a range of different recovery needs. Data is continuously replicated from production to standby. We take incremental backups throughout the current day to ensure we can always recover the service to a state that is, at the most, a few minutes old. Full backups are taken every day, encrypted, and stored for seven days in a location separate from the production environment. Monthly backups are taken to preserve the full state of the data store, and these are stored for ninety days. Finally, binary data, like calculation logs and reports, are held in secure storage and replicated across accounts.
Security
Our focus on security and resilience is unrelenting. We are ISO 27001 certified and complete an annual SOC II Type 2 audit. We use military-grade encryption for our communications, role-based authorisation, a least-privilege model for all user access, and we never mix data from different customers. The infrastructure is provided by Amazon Web Services (AWS) and is operated to the highest security standards.
ISO 27001
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program. This includes an Information Security Management System (ISMS) which defines how an organisation perpetually manages security in a holistic, comprehensive manner.
This ensures that we:
- Systematically evaluate our information security risks, considering the impact of company threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis
AWS’ implementation of and alignment with ISO 27001, 27017, and 27018 demonstrates a commitment to information security at every level of the organisation. Both EnergySys and AWS are assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with these internationally recognised standards and code of practice is evidence that our security program is comprehensive and in accordance with industry leading best practices.
