Security and compliance is a top priority for Energy Datametrics LLC. Below you will find current information on Energy Datametric security and compliance.
Security
Security Policies
Our security policies, controls, and standards cover a wide range of areas including information security, incident response, access control, physical security, network security, vulnerability managment, software/systems development life cycle, change management, vendor management, and disaster recovery.
Access Control
Energy Datametrics uses role-based access control and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems and for remote access to the Energy Datametrics environment. Internal policies and technical access controls prohibit arbitrary staff access to personal identifiable information (PII) without a valid business need.
Encryption
Data is transferred securely using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption. Data is also stored securely at rest with AES-256-bit encryption. Encryption keys are stored separately from the encrypted data, and it’s all hosted in our off-site secure cloud infrastructure.
Vulnerability Management
Energy Datametrics performs regular application and infrastructure security vulnerability and penetration testing, by internal security staff and third-party security researchers/specialists, to proactively identify vulnerabilities and complete remediation in a timely manner. To responsibly disclose or report a security vulnerability to Energy Datametrics, contact incident@energydatametrics.com.
Change Control
Energy Datametrics maintains systems development life cycle (SDLC) policies and procedures to guide in the documentation and implementation of application and infrastructure changes, in addition to maintaining industry-standard best practices. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, testing requirements, and required approval procedures. Version control maintains a history of code changes to track changes and to support rollback capabilities if needed.
Service Providers
Energy Datametrics production systems are housed at third-party service organization data centers and managed service providers. Third-party providers are responsible for physical, environmental, and operational security controls, and Energy Datametrics is responsible for network, application, and logical security controls of our infrastructure.
Compliance
Energy Datametrics has its systems, people, processes, and controls certified and assessed through regular independent third-party audits.
American Institute of Certified Public Accountants (AICPA)
Service Organization Controls (SOC) reports are designed to help build trust and confidence in the services performed and controls of a service organization. A SOC2 Type II report provides detailed information about the suitability of the design of controls and an independent auditor’s assurance opinion on the operating effectiveness of the controls. Energy Datametrics’s SOC2 Type II examination report is available upon request by contacting us info@energydatametrics.com.
