All UPS data shared with our cloud service is encrypted. This data is strictly limited to UPS monitoring and account profile information.
Schneider Electric cloud services adhere to industry standards for data access control, data redundancy and auditing of data transfers.
UPS data is accessed through a secure web portal, using industry standard authentication and encryption.
Our operations team follows policies for systems access and management, and continuously monitors our systems for security vulnerabilities.
We understand the importance of keeping the personal and business profile data you share with us during account creation secure and private. Our web portal uses HTTPS for all browser connections.
All UPS data sent to our cloud service is encrypted in transit using standard AES encryption. We collect data only from the Smart-UPS that you connect to our cloud service:
The web portal does not access any data stored on your servers or storage, or monitor any traffic passed through your network.
When your data reaches our cloud, it is processed by our cloud services. We actively monitor to prevent unauthorized or malicious access to our cloud. Our cloud network is maintained only from specific sources (using Access Control Lists), and only a limited set of authorized personnel have access.
In addition to being secure, our cloud services run in a redundant configuration to ensure that none of your data is lost. Our cloud services maintain the location of your data.
In addition, our cloud services keep an audit trail of the data it receives and processes, so we can retrace your steps.
After processing, your data is made available to you in the web portal.
Being able to access your UPS data everywhere is great – but we also understand your security concerns. In recognition of this, our user authentication system implements a number of security features:
For security, we recommend that you:
We understand the importance of monitoring and managing the new cybersecurity threats that are discovered daily. That's why all personnel involved with the development of this service continuously undergo cybersecurity training. Only cybersecurity-trained maintenance personnel have access to the APC systems. Access to all APC systems is securely logged.
This service is maintained and operated by a core DevOps team with high standards for cybersecurity and data privacy. All parts of the APC system are continuously monitored and scanned for potential security vulnerabilities, or privacy issues. The APC Support team is on-call to respond to newly discovered threats or issues.
This service runs in a high availability configuration on all components. Our databases are geographically replicated, and we perform regular back-ups.
We run automated scans against our production environment which cover both vulnerabilities in the servers, and our own code.
APC adheres to the Secure Development Lifecycle (SDL), helping our development teams build more secure software and address security compliance requirements. Validation of our security protections include threat modelling, attack surface review and penetration testing.
After 5 invalid login attempts the account is temporarily locked for a period of 15 minutes after which you can login again with a correct username/password combination.
Please visit the web portal Help Center for more information about our service, and to contact the APC™ Support Team.