Access to HES systems is restricted to Home Energy Saver staff. Supporting IT staff have maintenance access to the underlying hardware/virtual infrastructure for HES.
The HES system, as well as supporting systems, maintain extensive log records and send logs to a central collection point. These logs are used to detect malicious activity. For example, failed logins to the system are reviewed.
The HES system is maintained and patched by professional IT staff.
HES follows best practices in firewalling and reducing network exposure by only allowing network traffic required for business needs. For example, database connectivity is limited to the IP addresses of the web servers.
Data stored by HES is hosted at Amazon and stored in a MySQL database.
There is no encryption on the data stored in the HES databases.
No system is immune for compromise. However, if a compromise or data-breach is detected, we follow incident response procedures which include taking affected systems offline and performing forensics to identify the cause and extent of the breach. Any compromised system is rebuilt from original media to ensure system integrity.
Technical Notes >