Security and compliance.

EnergySys manages business-critical operational data for some of the world’s largest energy operators. Security is not an afterthought. It is infrastructure.

What you need to know

EnergySys completes an annual SOC II Type 2 audit, holds ISO 27001 certification, and maintains greater than 99.95% uptime. Data is encrypted in transit and at rest. No customer data is ever mixed with another customer’s data. The details are below.

Infrastructure and availability

The platform runs on AWS. Multiple instances operate simultaneously, with data replicated automatically between them. Those instances sit in geographically separated availability zones, each with fully redundant infrastructure, power, and cooling.

If one availability zone experiences a failure, the system fails over to the secondary with minimal service interruption. This architecture delivers 99.95% platform availability.

Data backup

Our backup strategy is designed to cover a range of recovery scenarios.

Data is continuously replicated from production to standby. Incremental backups run throughout each day, meaning the platform can always be recovered to a state that is, at most, a few minutes old. Full backups are taken daily, encrypted, and stored for seven days in a location separate from the production environment. Monthly backups are retained for ninety days.

Binary data, including calculation logs and reports, is held in secure storage and replicated across accounts.

Access control and identity

Role-based access controls determine who can see, edit, and approve data across the platform. Permissions are configured at the user, object, and API level, following a least-privilege model. No user has access to more than their role requires.

The platform supports federation with your Identity Provider (IdP), so user access and authentication are managed centrally through your existing identity infrastructure. When someone leaves your organisation, their access is revoked through your standard processes, with no separate administration required in EnergySys.

Customer data is never mixed. Each organisation’s data is held in complete isolation from every other customer on the platform.

Full auditability. Nothing hidden.

Every process execution is logged. Every data change is tracked. Calculation logs record what ran, when, and what it produced. You can see every change, every decision, every data point.

This matters because in regulated industries, being able to explain a number is not optional. When an auditor asks how a figure was produced, or a regulator requires evidence of how emissions data was calculated, your team can show them the full working. Not a summary. The actual logic, traceable back to source.

This is one of the core reasons operators choose EnergySys over systems where the logic is buried in proprietary code. Transparency is not a feature. It is the architecture.

Certifications

We complete an annual SOC II Type 2 audit. This independently validates that our security controls are not just documented, but are operating effectively over time.

ISO 27001 is the international standard for information security management. Certification requires a documented and independently audited information security management system covering risk assessment, security controls, and ongoing management processes. EnergySys is assessed by independent third-party auditors against this standard.

Talk to us →