CPower High-Level Security

CPower Security Stance High-Level

Security Overview

ANAB
      • CPower is ISO27001:2013 Certified
      • CPower works within only SOC2 compliant Datacenters
      • Networking is done using Palo Alto Next Generation Firewalls with advanced IPS systems
      • 3yrs partnered with a Security Consultancy to ensure we stay within best practices and within the guidelines of the NIST and CIP security frameworks.
      • 24 x 7 Security Operations Center (SOC)
        • Intrusion detection & prevention
        • Virus detection & prevention (EDR)
        • Bi-Weekly security reviews

Users

Password Policy
Mandatory password policies are enforced for all users. Current requirements are the following:

      • Change passwords every 90 days
      • Use a minimum 12 characters
      • Include 3 of 4 of the following: Uppercase, Lowercase, Special characters and/or numbers
      • CPower provides an encrypted, cloud based password manager for each employee, which can also generate secure passwords

Employee Cyber Security
Employee training is performed on current cyber security risks, and evaluations are performed to ensure compliance with our cyber security policies.

User Privilege
Users are provided individual accounts, and individual workstations. ‘Least access’ privilege is enforced across the environment, using a tiered access model. Any elevated access is done via an admin specific account. Access to new assets is actively monitored and reported.

Servers and Workstations

Security Patches
CPower adheres to best practices to deploy patches on a regular basis. Patches are evaluated on a case-by-case basis to evaluate severity, and downtime patching is scheduled accordingly.

Access Security and Anti-Virus
All workstations are secured with BitLocker encryption, monitored with Insight IDR from Rapid7 as well as next generation AI virus protection with live update.

Encryption
CPower utilizes an Oracle database for customer data that is fully encrypted at rest.