EnerNOC has invested millions of dollars in its energy management information technology, including its commitment to maintaining rigorous security standards. As a company that manages energy data for hundreds of federal, military, and other mission-critical facilities, EnerNOC utilizes the latest security technologies and protocols, as well as operational best practices, to ensure that our customers’ energy information is handled with the utmost care.
EnerNOC employs a multi-step code review process across many phases of the software development lifecycle. Third-party penetration tests are performed, along with internal audits. EnerNOC also utilizes a multi-phase development lifecycle that includes unit testing, integration testing, system testing, and performance testing. Security testing is done on a per-feature basis for new functionality, including stress tests for security and controls.
Real-time energy data is passed from our customers’ sites to EnerNOC’s Network Operations Center, but access is permitted only to authorized users. At the customer’s discretion, data transfer can be restricted to the customer’s preferred communications networks.
EnerNOC operates two redundant Network Operations Centers in Boston and San Francisco to ensure maximum uptime. In addition, EnerNOC employs a redundant failover capacity between our two data center locations. With data backed up to our secondary facility in near real time, our customers’ information is kept secure. We also leverage disk-to-disk backup, among other off-site backup strategies. Each of these ingrained practices helps us unlock the value of this data for our customers and ensure that it is available for them when they need it.