Security and Compliance
Below you can read about the security and compliance measures we use to protect your data. Our goal is to meet the high standards required by regulated utilities and municipalities in the jurisdictions in which we operate.
Secure Hosting on Microsoft Azure
We host our platform on Microsoft Azure, which has strong security features like:
- 24/7 Monitoring: Automatic checks watch for suspicious activity.
- Physical Security: Azure data centers have strict entry controls and surveillance.
- Built-In Tools: Azure provides encryption and firewall services to guard data.
Access Control
- User administration by clients: Client staff currently administering enterprise application user permissions for Microsoft Azure applications will perform the same duty for the Trace Intercept application.
- Role-Based Permissions: We make sure only authorized people can access specific parts of our system.
- Multi-Factor Authentication (MFA): We use MFA to verify that only legitimate users can log in.
- Strong Password Requirements: We enforce complex passwords to lower the risk of unauthorized access.
Data Protection
- Encryption: We use encryption in transit (HTTPS/SSL) and at rest to protect your data from leaks or hacks.
- Regular Backups: We create secure backups to make sure your digital twins are safe, even if there is a system issue.
- No Sharing with Other Clients: Each customer's data is kept separate and private.
Compliance Frameworks
- GDPR: We follow the General Data Protection Regulation to protect personal data in the European Union.
- ISO 27001: While we work toward industry certifications like ISO 27001, we already follow its best-practice guidelines for information security.
- Local Utility Requirements: We stay updated on new rules from regulators in our operational jurisdictions and update our policies as needed.
Incident Response
- Security Monitoring: Our system tracks unusual activity 24/7.
- Breach Notification: If we discover any data breach, we will alert you as quickly as possible and follow legal requirements to handle the event.
- Dedicated Team: We have a trained team that investigates, contains, and fixes security issues.
Third-Party Testing and Audits
- Penetration Tests: We work with outside experts to find and fix security gaps in our system.
- Vulnerability Scans: Regular scans help us catch potential weak spots before they become problems.
Employee Training
- Ongoing Security Training: Our staff learn how to handle sensitive data, spot risks, and follow compliance rules.
- Strict Policies: Everyone on our team agrees to confidentiality and data protection standards.
Updates and Improvements
We review our security controls often to keep up with new threats and to meet the changing demands of regulated utilities and municipalities. This includes:
- Updating firewalls and software
- Improving monitoring tools
- Reviewing and upgrading our compliance approaches.