Manual QA tests are performed as a further final check before deployment to a production environment.Įnergy Sensei infrastructure and source code undergo automated scanning for vulnerable packages and the identified vulnerabilities are mitigated according to the guidelines laid out in our Information Security Policy. Several types of automated testing such as integration, unit testing, and acceptance testing are integrated into the code development phase and all new code is peer-reviewed for functional completeness and accuracy. Our design practices enable us to design for privacy and intuitiveness by displaying the least amount of information necessary for a job function. This empowers our team to build secure applications from the outset. Security requirements such as role-based access control policies are written alongside feature requirements.
DISK SENSEI 1.2 SOFTWARE
The Energy Sensei Software Development Team follows a comprehensive approach to software development by adding security checks at each phase of our documented software development life cycle policy, from requirements gathering to deployment and maintenance.
Application Security and Secure Software Development Lifecycle Web connections to Energy Sensei are through Transport Layer Security (TLS) 1.2 and above and insecure connections using TLS 1.0 or below are prohibited. Your data and metadata are encrypted at rest using an industry-standard AES-256 encryption algorithm. AWS employs a robust security program with multiple certifications and attestations that, along with a shared security model with Energy Sensei, ensures our servers and your data are both physically and digitally secure. We follow the principle of least privilege, granting access to the infrastructure and application only as required to perform the required job function. AWS data centers are SOC 1, SOC 2, and ISO 27001 certified. The data is backed up regularly and the backups are also tested regularly following our Information Security Policy. We store and protect client and customer data using secure infrastructure and highly available services and datastores in Amazon Web Services (AWS).
DISK SENSEI 1.2 PASSWORD
Employee workstations are configured with full-disk encryption, strong password policies, and automatic software updates. We also identify Data Sponsors for each customer contract and the identified sponsors are required to do additional training around Data Security. Energy Sensei developers also undergo additional annual training targeted towards software application security.
We also have a well-defined Incident Response Policy to aid us in the resolution of an incident and ensure that appropriate post-mortems and root cause analyses are completed, even for near-miss incidents.Īll Cascade employees undergo a background check prior to hire and complete annual security training which covers topics such as data classification and privacy, information security, password security, phishing, and social engineering hacks.
Cascade Energy maintains Business Continuity and Disaster Recovery Plans and these playbooks are reviewed at least once a year through tabletop exercises. Organizational Data Management and Securityĭata security is a core function of our organization and is the foundational requirement for all new feature development.