APC keeps your data secure

Our platform performs secure data collection, secure data processing, and follows operational security procedures.

Our security policy covers data collection, data processing, data access and operational security.

Summary

All UPS data shared with our cloud service is encrypted. This data is strictly limited to UPS monitoring and account profile information.

Schneider Electric cloud services adhere to industry standards for data access control, data redundancy and auditing of data transfers.

UPS data is accessed through a secure web portal, using industry standard authentication and encryption.

Our operations team follows policies for systems access and management, and continuously monitors our systems for security vulnerabilities.

We encrypt all data shared with our cloud services. This data is strictly limited to UPS monitoring and account profile information.

Data Collection

We understand the importance of keeping the personal and business profile data you share with us during account creation secure and private. Our web portal uses HTTPS for all browser connections.

All UPS data sent to our cloud service is encrypted in transit using 128 bit AES encryption. We collect data only from the Smart-UPS that you choose to register with our service:

  • We collect Smart-UPS alarms and device status data.
  • We collect data about the performance of your UPS.
  • We collect the device metadata such as device name, time-zone, and description that you provide during device registration.

The APC SmartConnect web portal does not access any data stored on your servers or storage, or monitor any traffic passed through your network.

Schneider Electric cloud services adhere to industry standards for data access control, data redundancy and auditing of data transfers.

Data Processing

When your data reaches our cloud, it is processed by our cloud services. We actively monitor to prevent unauthorized or malicious access to our cloud. Our cloud network is maintained only from specific sources (using Access Control Lists), and only a limited set of authorized personnel have access.

In addition to being secure, our cloud services run in a redundant configuration to ensure that none of your data is lost. Before being committed to storage, your data is associated with your account and our cloud services maintain the location of your data.

In addition, our cloud services keep an audit trail of the data it receives and processes, so we can retrace your steps.

We provide access to your UPS data through a secure web portal, using industry standard authentication and encryption.

Data Access

After processing, your data is made available to you in the APC SmartConnect web portal.

Being able to access your UPS data everywhere is great – but we also understand your security concerns. In recognition of this, our user authentication system implements a number of security features:

  • We enforce a timeout after a period of non-activity.
  • We make sure that you verify your email account.
  • When authenticating with the web portal, we always transmit data to your web browser using HTTPS TLS 1.2.

For security, we recommend that you:

  • Keep your browser and device up to date with the latest security updates from your manufacturer.
  • Lock your device using a strong passcode.
  • Log out of the SmartConnect web portal and close the web browser when you are not using it. Never leave a browser unattended when logged in to the SmartConnect web portal, as this exposes your account and data to anyone with physical access to your workstation.
  • Keep your UPS firmware up to date. UPS firmware upgrades via the cloud are made available in the SmartConnect web portal.
Our operations team follow security procedures for systems access and management, and continuously monitor our systems for security vulnerabilities.

Operational Security

We understand the importance of monitoring and managing the new cybersecurity threats that are discovered daily. That’s why all personnel involved with the development of APC SmartConnect continuously undergo cybersecurity training. Only cybersecurity-trained maintenance personnel have access to the APC SmartConnect systems. Access to all APC SmartConnect systems is securely logged.

APC SmartConnect is maintained and operated by a core DevOps team with high standards for cybersecurity and data privacy. All parts of the APC SmartConnect system are continuously monitored and scanned for potential security vulnerabilities, or privacy issues. The APC Support team is on-call to respond to newly discovered threats or issues.

Frequently Asked Questions

How is Disaster Recovery performed for primary and backup servers?

APC SmartConnect runs in a high availability configuration on all components. Our databases are geographically replicated, and we perform regular back-ups.

How is cybersecurity assured on APC SmartConnect?

We run automated scans against our production environment which cover both vulnerabilities in the servers, and our own code.

APC adheres to the Security Development Lifecycle (SDL), helping our development teams build more secure software and address security compliance requirements. Validation of our security protections include threat modelling, attack surface review and penetration testing.

What happens in case of suspicious login attempts?

After 5 invalid login attempts the account is temporarily locked for a period of 5 minutes after which you can login again with a correct username/password combination.

After 10 invalid login attempts in a row the account is permanently locked. To unlock the account, you must reset your password, or contact the APC Support team for assistance.

Do you have further questions?

Please visit the APC SmartConnect Help Center for more information about our service, and to contact the APC Support Team.

Visit the Help Center