Data Management and Information Security

We take the responsibility of protecting your data very seriously. We are committed to keeping your data safe and secure by using best practices to protect our systems.

PowerHouse Hub understands the critical importance of protecting client data and site access. We prepare for our incident response life cycle by implementing a high level of security on three levels, hardware, application and database. Our AWS data servers have ISO 27001 certification.

Hosting

Hosting: Perimeter Layer Data Security

The PowerHouse Hub network resides within Amazon Web Services (AWS’s) world class data center. AWS implement controls, build automated systems, and undergo third-party audits to confirm security and compliance. The security includes:

01.
Access is Scrutinized

AWS restricts physical access to people who need to be at a location for a justified business reason. Employees and vendors who have a need to be present at a data center must first apply for access and provide a valid business justification. The request is reviewed by specially designated personnel, including an area access manager. If access is granted, it is revoked once necessary work is completed.

02.
Entry is Controlled and Monitored

Entering the Perimeter Layer is a controlled process. We staff our entry gates with security officers and employ supervisors who monitor officers and visitors via security cameras. When approved individuals are on site, they are given a badge that requires multi-factor authentication and limits access to pre-approved areas.

03.
Monitoring for Unauthorized Entry

We are continuously watching for unauthorized entry on our property, using video surveillance, intrusion detection, and access log monitoring systems. Entrances are secured with devices that sound alarms if a door is forced or held open.

04.
AWS Data Center Workers are Scrutinized

AWS employees who routinely need access to a data center are given permissions to relevant areas of the facility based on job function. But their access is regularly scrutinized, too. Staff lists are routinely reviewed by an area access manager to ensure each employee’s authorization is still necessary. If an employee doesn’t have an ongoing business need to be at a data center, they have to go through the visitor process.

05.
AWS Security Operations Centers Monitors Global Security

AWS Security Operations Centers are located around the world and are responsible for monitoring, triaging, and executing security programs for our data centers. They oversee physical access management and intrusion detection response while also providing global, 24/7 support to the on-site data center security teams. In short, they support our security with continuous monitoring activities such as tracking access activities, revoking access permissions, and being available to respond to and analyze a potential security incident.

Hosting

Hosting: Infrastructure Layer Data Security

LAYER-BY-LAYER ACCESS REVIEW

Like other layers, access to the Infrastructure Layer is restricted based on business need. By implementing a layer-by-layer access review, the right to enter every layer is not granted by default. Access to any particular layer is only granted if there is a specific need to access that specific layer.

MAINTAINING EQUIPMENT IS A PART OF REGULAR OPERATIONS

AWS teams run diagnostics on machines, networks, and backup equipment to ensure they’re in working order now and in an emergency. Routine maintenance checks on data center equipment and utilities are part of our regular operations.

EMERGENCY-READY BACKUP EQUIPMENT

Water, power, telecommunications, and internet connectivity are designed with redundancy, so we can maintain continuous operations in an emergency. Electrical power systems are designed to be fully redundant so that in the event of a disruption, uninterruptible power supply units can be engaged for certain functions, while generators can provide backup power for the entire facility. People and systems monitor and control the temperature and humidity to prevent overheating, further reducing possible service outages.

Our commitment to GDPR and Privacy Compliance

PowerHouse Hub is committed to upholding the highest standards of data protection and privacy in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy legislation.

Our commitment includes the following areas:

  1. Lawful Data Processing
  2. Transparency and Communication
  3. Data Minimization and Purpose Limitation
  4. Individual Rights Support
  5. Data Security
  6. Data Breach Response
  7. Vendor and Processor Management
  8. Data Protection by Design and Default
  9. Staff Training and Awareness
  10. Governance and Oversight