Our primary responsibility concerning regulations is to provide metering solutions that meet the relevant requirements, and we consistently achieve this goal. We hold ourselves and our solutions to rigorous security standards, constantly striving to stay at the forefront of technological advancements. We achieve this by regularly subjecting our systems to testing and challenges by internal specialists. Integrating security into our development process from the outset ensures that our meters, systems, and processes are designed with data security at the highest level.
In compliance with data protection regulations, specifically the GDPR, it's crucial to outline procedures for collecting, safeguarding, and managing consumption data. Documentation of the security measures in your metering solutions, as well as how you and your suppliers approach data security, is essential. We have a longstanding commitment to security, evidenced by our ISO27001 certification, and we've seamlessly integrated security measures into our metering solutions from the outset. If needed, we can provide documentation detailing how our data security solutions have been implemented.
Five Security Principles
We have defined five security principles which we always use as starting points when we develop solutions. The principles make sure that the solutions comply with the requirements and that data is managed confidentially.
1. Data Encryption
All metering devices have individual encryption keys to protect data from meter to collection unit and from collection unit to server. These must not be transferred via plain text in emails, USB keys or the like. Therefore, we have methods for exchanging encryption keys with our customers in a safe way, so that encryption keys will not fall into the wrong hands.
Storage and decryption of data happen solely behind firewalls and in the data management system to ensure the data security required by the legislation.
2. Role-Based Access
Data security is not only a technical matter. It is also about internal processes. Among others, this means that there is a difference between who needs to see and handle which data in the system and when to do so. Because of this, our systems make it easy to handle roles and rights and perform the necessary restrictions required for you to comply with the GDPR.
3. Logging of Activities
An important element of data security is the human factor – because no chain is stronger than its weakest link. This is why activity logs and traceability in our solutions ensure full transparency so that you know exactly which user has done what and at what time. In this way, you can at always live up to your documentation responsibility.
4. Multiple Layers of Security
Our systems have several layers of functions and controls that increase the security. Hereby a potential security breach can be isolated to a single part of or component in the system, because several security layers have been built in between the single layers. This minimizes potential damages.
5. Contingency Plan
We always try to keep ahead of IT criminals. If a security breach should occur anyway, we have a contingency plan for ensuring that both you and we are quickly up and running again. This implies a number of clear steps for how we detect security breaches, clarify the scale of the incident and contact the people who may be affected. In that way, you can rest assure that we are always prepared.