APC keeps your data secure

Our platform performs secure data collection, secure data processing, and follows operational security procedures.

Our security policy covers data collection, data processing, data access and operational security.

Summary

All UPS data shared with our cloud service is encrypted. This data is strictly limited to UPS monitoring and account profile information.

Schneider Electric cloud services adhere to industry standards for data access control, data redundancy and auditing of data transfers.

UPS data is accessed through a secure web portal, using industry standard authentication and encryption.

Our operations team follows policies for systems access and management, and continuously monitors our systems for security vulnerabilities.

We encrypt all data shared with our cloud services. This data is strictly limited to UPS monitoring and account profile information.

Data Collection

We understand the importance of keeping the personal and business profile data you share with us during account creation secure and private. Our web portal uses HTTPS for all browser connections.

All UPS data sent to our cloud service is encrypted in transit using standard AES encryption. We collect data only from the Smart-UPS that you connect to our cloud service:

  • We collect Smart-UPS alarms and device status data.
  • We collect data about the performance of your UPS.
  • We collect the device metadata such as device name, time-zone, and description that you provide during device registration.

The web portal does not access any data stored on your servers or storage, or monitor any traffic passed through your network.

Schneider Electric cloud services adhere to industry standards for data access control, data redundancy and auditing of data transfers.

Data Processing

When your data reaches our cloud, it is processed by our cloud services. We actively monitor to prevent unauthorized or malicious access to our cloud. Our cloud network is maintained only from specific sources (using Access Control Lists), and only a limited set of authorized personnel have access.

In addition to being secure, our cloud services run in a redundant configuration to ensure that none of your data is lost. Our cloud services maintain the location of your data.

In addition, our cloud services keep an audit trail of the data it receives and processes, so we can retrace your steps.

We provide access to your UPS data through a secure web portal, using industry standard authentication and encryption.

Data Access

After processing, your data is made available to you in the web portal.

Being able to access your UPS data everywhere is great – but we also understand your security concerns. In recognition of this, our user authentication system implements a number of security features:

  • We enforce a timeout after a period of non-activity.
  • We make sure that you verify your email account.
  • When authenticating with the web portal, we always transmit data to your web browser using HTTPS.

For security, we recommend that you:

  • Keep your browser and device up to date with the latest security updates from your manufacturer.
  • Lock the device you use to access the web portal with a strong passcode.
  • Log out of the web portal and close the web browser when you are not using it. Never leave a browser unattended when logged in to the web portal, as this exposes your account and data to anyone with physical access to your workstation.
  • Keep your UPS firmware up to date. UPS firmware upgrades via the cloud are made available in the web portal.
  • Enable 2FA (multifactor authentication).
Our operations team follow security procedures for systems access and management, and continuously monitor our systems for security vulnerabilities.

Operational Security

We understand the importance of monitoring and managing the new cybersecurity threats that are discovered daily. That's why all personnel involved with the development of this service continuously undergo cybersecurity training. Only cybersecurity-trained maintenance personnel have access to the APC systems. Access to all APC systems is securely logged.

This service is maintained and operated by a core DevOps team with high standards for cybersecurity and data privacy. All parts of the APC system are continuously monitored and scanned for potential security vulnerabilities, or privacy issues. The APC Support team is on-call to respond to newly discovered threats or issues.

Frequently Asked Questions

How is Disaster Recovery performed for primary and backup servers?

This service runs in a high availability configuration on all components. Our databases are geographically replicated, and we perform regular back-ups.

How is cybersecurity assured?

We run automated scans against our production environment which cover both vulnerabilities in the servers, and our own code.

APC adheres to the Secure Development Lifecycle (SDL), helping our development teams build more secure software and address security compliance requirements. Validation of our security protections include threat modelling, attack surface review and penetration testing.

What happens in case of suspicious login attempts?

After 5 invalid login attempts the account is temporarily locked for a period of 15 minutes after which you can login again with a correct username/password combination.

Do you have further questions?

Please visit the web portal Help Center for more information about our service, and to contact the APC Support Team.

Further Resources