What makes EnergySys secure?
EnergySys simplifies security and compliance with its robust cloud-based solutions, ensuring your data is secure while helping you stay ahead of regulatory demands.
What makes EnergySys secure?
Security and compliance are of the utmost importance. You need to know your data is safe and that you are meeting all your regulatory obligations, such as the NIS Cyber Security Principles and Guidance Collection and the Cyber Assessment Framework (CAF). But in such a dynamic and fast-changing landscape, keeping up can be tough.
Not with EnergySys. We take security and your regulatory compliance extremely seriously, and are fully committed to providing a highly secure, scalable and reliable platform. Here are just some of the things you won’t have to worry about when you become an EnergySys customer.
Availability and Disaster Recovery
EnergySys has a very high degree of redundancy and resilience. Over the past ten years we have had no significant outages. Multiple instances of the service operate simultaneously, with data replicated automatically between them. These instances are running in widely geographically separated availability zones, with completely redundant infrastructure, power and cooling. In the event of a disaster in one centre, the system will failover to the secondary centre with minimal service interruption.
Through these measures, we have consistently achieved 99.95% availability of the EnergySys Cloud Platform, excluding all planned maintenance.
Availability and Disaster Recovery
Our backup strategy addresses a range of different recovery needs. Each night, backups are taken, encrypted, and stored in a third location independent of the primary and disaster recovery service.
Data is continuously replicated from production to standby. Full backups are taken every day and stored for seven days in separate locations. We also take incremental backups throughout the current day to ensure we can always recover the service to a state that is, at the most, a few minutes old. Binary data, like calculation logs, are held in secure storage.
Security
Our focus on security and resilience is unrelenting. We are ISO 27001 certified and complete an annual SOC II Type 2 audit. We use military-grade encryption for our communications, role-based authorisation, a least-privilege model for all user access, and we never mix data from different customers. The infrastructure is provided by Amazon Web Services (AWS) and is operated to the highest security standards.
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program. This includes an Information Security Management System (ISMS) which defines how an organisation perpetually manages security in a holistic, comprehensive manner. This ensures that we:
Systematically evaluate our information security risks, considering the impact of company threats and vulnerabilities. Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis. AWS’ implementation of and alignment with ISO 27001, 27017, and 27018 demonstrates a commitment to information security at every level of the organisation.
Both EnergySys and AWS are assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with these internationally recognised standards and code of practice is evidence that our security program is comprehensive and in accordance with industry leading best practices.
Certifications:
ISO 27001:2013 (2021-12-10 to 2024-12-09)
ISO 27001:2022 re-certification in September 2024
SOC 2 Type II audit for 2023
Want to learn more?
If you'd like to discuss your current security protocols and whether EnergySys would be a better fit for your business, don't hesitate to get in touch.
A member of our team will go through the technological measures we put in place to ensure the security of our customer data.
Email Security with the EnergySys Platform
Adopting a SaaS Platform for Operational Efficiency
Webinar: Security in the Cloud
Over the last ten years the widespread adoption of three important standards has significantly enhanced the security of email communications. In fact, they have proved so successful, we’ve adopted them as our own standards. So, while the detail of these standards is slightly complex, we thought we’d summarise their purpose and use.
A major Australian energy company faced challenges with manual data entry, lack of real-time integration, and strained IT resources across multiple oil and gas assets. They needed a scalable solution for production management, GHG reporting, & data security, implemented quickly and cost-effectively, without requiring specialist skills.
Many still find the topic of cloud security shrouded in mystery. Over the past five years we’ve seen cloud technology emerge as a leader as companies demand more flexibility, efficiency and value. While understanding and visibility around the benefits of a cloud solution has increased, can the same be said for security?