Access to the EnergyIQ infrastructure is restricted to EnergyIQ staff and subcontractors.
The EnergyIQ systems maintain extensive log records and send logs to a central collection point. These logs are used to detect malicious activity or system problems. For example, failed logins to the system are reviewed.
Energy IQ follows best practices in fire-walling and reducing network exposure by only allowing network traffic required for business needs. For example, database connectivity is limited to the IP addresses of the web servers.
Database connectivity for EnergyIQ is encapsulated via connection pooling within the Java Application Server. No username or password information is stored in any user visible pages. EnergyIQ Passwords themselves are hashed and stored in the DB.
EnergyIQ data are stored data in an Oracle database, and are intrinsically backed up via within the cloud-based infrastructure.
There is no encryption on the data stored in the EnergyIQ database.
Please note that no personal information is required in order to browse the site. Account creation requires first name, email address, company name, and password. All other data input is optional, with the level of a user’s building characteristics dependent on the type of benchmarking desired. We may share the information you choose to provide to us with our research collaborators and our partners who help to provide this service. We may share the information you provide to us with the Department of Energy and other Federal Agencies. For information on data sharing policy please visit LBNL's Privacy, Security, and Disclaimers: https://commons.lbl.gov/display/cio/Home+Energy+Saver+-+Privacy+Policy
No system is immune for compromise. However, If a compromise or data-breach is detected, we follow incident response procedures which include taking affected systems offline and performing forensics to identify the cause and extent of the breach. Any compromised system is rebuilt from original media to ensure system integrity.