In a world with ever-increasing cyber threats, established protocols for data protection and continuous operations are paramount to achieving and retaining customer confidence. Ecova, in our mission to drive powerful results in the field of global energy and sustainability management, understands the importance of addressing this concern. To this end, we have drawn on established best practices and industry compliance certifications to develop an industry-leading data security standard– one that benefits our own internal operations while providing our valued clients with peace of mind.
Below, you’ll learn more about the systems and processes Ecova is using to ensure exceptional data security.
Ecova’s data centers are geographically disparate and equipped with climate-controlled independent cooling systems, battery backup, uninterruptable power supply (UPS) and on-site generators to provide the highest level of availability. Physical access to sensitive areas is protected with video surveillance and dual-authentication barriers, including biometric scanners.
Critical systems sit behind multiple levels of protection using leading commercial security solutions, including redundant antivirus, application whitelisting and file integrity monitoring hardware. Layered technologies such as web application firewalls (WAF), data leakage prevention (DLP), intrusion detection/prevention systems and network load balancers work together to combat modern Denial of Service (DOS) and brute-force attacks.
Customer data stored in our Platform is assigned unique key identifiers, logically separated and securely stored in our data warehouse to ensure information is kept confidential and isolated at all times.
Confidential information resides in data stores within our secure facility and is protected using a variety of industry-standard access controls and best practices. External web services use strong 2048-bit Transport Layer Security (TLS) keys to encrypt data transmissions.
Ecova conducts regular vulnerability scanning across the entirety of our extranet. We collaborate with trusted third-parties to perform annual penetration testing, confirming that our network perimeter and critical defense systems are always functional and optimized against the latest threats.
Our security infrastructure is tuned to provide early warning alerts in response to indications of performance issues and potential security incidents. Experts monitor our critical system environment 24/7 using security information and event management (SIEM) technology to minimize any impact to availability and thwart unauthorized access.
Ecova’s Agile software development methodology uses a progressive Dev/Ops model to enhance speed without sacrificing quality.
Our information security program and infrastructure design is aligned with the NIST Cyber Security framework and ISO 27001-2013 standards for security and risk management best practices. These practices include annual data security training, security incident management, change and configuration management, and exercising the principle of least privilege for access control.
Ecova has earned the coveted SSAE16 / SOC 1 (ISAE 3402) and SOC 2 audit certifications on various service systems following an evaluation by independent third-party auditors. This audit compares a given system or solution with a recommended baseline of compliance controls, security, availability and data protection objectives. Ecova further ensures the security of our data security program by using the Shared Assessments standardized questionnaire to provide formalized and consistent evaluations of the practices in place. Our audit report and Shared Assessments template serve as a reference for the controls established by Ecova to support operations and compliance, and are available upon request through assigned client-facing representatives.