PurpleBox Bolsters Utility2030's Cybersecurity with Comprehensive Services
PurpleBox Bolsters Utility2030's Cybersecurity with Comprehensive Services
Utility2030's sensitive data and ensuring the trust and security of their customers. PurpleBox, through its security measures, plays a vital role in enhancing Utility2030's cybersecurity. It ensures the confidentiality of customer information by enforcing confidentiality agreements for employees, contractors, and vendors. Rigorous employee background checks are conducted, and comprehensive security training is provided to employees, including annual refreshers and specialized training for engineering teams.
Employee workstations are safeguarded with automatic locking and encryption, meeting DoD standards during decommissioning. The principle of least privilege is adhered to, limiting access to essential functions and data only. Physical access controls are implemented at both offices and data processing facilities, and regular penetration testing and vulnerability scanning, conducted by third-party vendors, help maintain robust security across internal and external infrastructure and services.
Utility2030 - Organizational Cybersecurity
Confidentiality
Agreements
Our service agreements provide for the confidential treatment of confidential customer information, including customer data. And we require all our employees and contractors as well as vendors to sign confidentiality agreements to ensure the protection of confidential information.
Limited Employee
Access
(Principle of Least Privilege)
Utility2030 follows the principle of "least privilege" in governing employee access to our systems. Access to our customers' data is limited to legitimate business needs, including activities needed to support our customers’ use of our services. We map network accounts directly to our employees using a unique identifier; generic administrative accounts are not used. We periodically review employee access to internal systems to ensure that employees’ access rights and patterns are commensurate with their current positions. A formal employee termination notification process exists, which is initiated by our Human Resources ("HR") department. Upon notification by HR, all physical and system accesses are promptly revoked.
Employee Security
Training
We train all new employees about their confidentiality, privacy and information security obligations as part of their onboarding training. A compulsory annual security and privacy training ensures employees refresh their knowledge and understanding. Engineering teams receive further training related to their work duties and access.
Employee
Workstations
Automatically Locked
Our employee workstations are automatically locked after a pre-determined period of non-use via the MDM system we have implemented.
Employee
Workstations
Encrypted
All employee workstations are encrypted and wiped at time of decommission using DoD standards.
Employee
Background
Checks
Utility2030 employees are required to provide specific documents verifying identity and undergo federal and state criminal background checks prior to being hired.
Physical Access
Control
Utility2030 has implemented appropriate controls to restrict physical access to its offices. Our cloud service providers have implemented robust security measures to control physical access to the data processing facilities we use.
Penetration
Testing
We have an independent, third-party security vendor conducting manual penetration testing of our internal and external infrastructure and services on an annual basis. This manual testing is complimented by automated testing on a more frequent regular basis using a variety of commercially available testing tools.
Vulnerability
Scanning
Utility2030 uses a number of automated scanning tools to scan for cloud, network and application security vulnerabilities on a frequent basis.