Security & Compliance
In a world with ever-increasing cyber threats, established protocols for data protection and continuous operations are paramount to achieving and retaining customer confidence. EnergiApp, in our mission to drive powerful results in the field of energy efficiency and sustainability management, understands the importance of addressing this concern. To this end, we have drawn on established best practices and industry compliance certifications to develop an industry-leading data security standard– one that benefits our own internal operations while providing our valued clients with peace of mind. Below, you’ll learn more about the systems and processes EnergiApp is using to ensure exceptional data security.
Hardened, Redundant and Resilient
EnergiApp’s data centers are geographically disparate and equipped with climate-controlled independent cooling systems, battery backup, uninterruptable power supply (UPS) and on-site generators to provide the highest level of availability. Physical access to sensitive areas is protected with video surveillance and dual-authentication barriers, including biometric scanners.
Defense in Depth
Critical systems sit behind multiple levels of protection using leading commercial security solutions, including redundant antivirus, application whitelisting and file integrity monitoring hardware. Layered technologies such as web application firewalls (WAF), data leakage prevention (DLP), intrusion detection/prevention systems and network load balancers work together to combat modern Denial of Service (DOS) and brute-force attacks.
Customer data stored in our Platform is assigned unique key identifiers, logically separated and securely stored in our enterprise data lake to ensure information is kept confidential and isolated at all times.
Secure Transfer & Storage
Confidential information resides in data stores within our secure facility and is protected using a variety of industry-standard access controls and best practices. External web services use strong 2048-bit Transport Layer Security (TLS) keys to encrypt data transmissions.
EnergiApp conducts regular vulnerability scanning across the entirety of our extranet. We collaborate with trusted third-parties to perform annual penetration testing, confirming that our network perimeter and critical defense systems are always functional and optimized against the latest threats.
Our security infrastructure is tuned to provide early warning alerts in response to indications of performance issues and potential security incidents. Experts monitor our critical system environment 24/7 using security information and event management (SIEM) technology to minimize any impact to availability and thwart unauthorized access.
Development Life Cycle
EnergiAp’s Agile software development methodology uses a progressive Dev/Ops model to enhance speed without sacrificing quality.
Industry Standard Practices
Our information security program and infrastructure design is aligned with the NIST Cyber Security framework and ISO 27001-2013 standards for security and risk management best practices. These practices include annual data security training, security incident management, change and configuration management, and exercising the principle of least privilege for access control.
To learn more about EnergiApp’s Security and Compliance program or report an incident or abuse, please contact us at PO Box 334, Coppell, TX 75019 or firstname.lastname@example.org.