Energy Access Expert for Villaya Flex Application – User Guide PDF

Product Defense in Depth

Use a layered network approach with multiple security and defense controls in your IT and control system to minimize data protection gaps, reduce single-point of-failure and create a strong cybersecurity posture. The more layers of security in your network, the harder it is to breach defenses, take digital assets or cause disruption.

Secure Development Lifecycle

Schneider Electric uses a Secure Development Lifecycle (SDL) process, a key product development-based framework that helps ensure products follow secure design processes across all lifecycle stages. The Schneider Electric SDL process complies with IEC 62443–4.1.

Go to the International Electrotechnical Commission for information about the IEC 62443 international standard.

The SDL process includes the following:

  • SDL practices applied to internal development actions.

  • Final cybersecurity review required for the project release.

  • Security training for personnel involved in the product development.

Application Security Capabilities

Secure Communication

This security capability helps to protect the confidentiality of information through secure protocols that employ cryptographic algorithms, key sizes, and mechanisms used to prevent unauthorized users from reading information in transit, i.e. HTTPS, secure Modbus.

Component Integrity Check

Guaranteeing integrity is paramount to security. Ensure an integrity verification mechanism is employed for all scripts, executables, and other important files included in a product (component or system).

Event Logging

Application and infrastructure level events are logged for further validation and debugging purposes.

Data Privacy

The Energy Access Expert web application is developed with data privacy by design best practices. Personal data is collected and processed in an open and transparent manner. Refer to Schneider Electric’s Schneider Data Privacy and Cookie Policy for more details on how we process and protect your personal information, including how you can use the rights granted to you by applicable data protection law (such as the rights of access, rectification, and objection).

Cloud-based Software Cybersecurity Details

Cloud commissioning is a cloud-based service that supports front-end commissioning applications or clients to interact with the cloud using microservices or APIs and is hosted on the Microsoft Azure Cloud.

Secure Development Lifecycle

Schneider Electric is continuously monitoring the changing security landscape of cryptography and cybersecurity to ensure that we offer the best available protections to our customers and their sensitive data. Our development practices follow a secure development lifecycle, which ensures a high level of code quality and usage of up-to-date libraries to ensure an optimal level of cybersecurity. All Schneider Electric cloud systems are regularly audited by an internal process that includes penetration tests.

Data Security at Rest

Schneider Electric follows best practices to create a highly secure solution and limit the risk of data being compromised in any meaningful manner while protecting the privacy, control, and autonomy of each customer's data independently from others.

Our solution includes asset information and user information (such as country, city, state etc.,).

Data Security in Motion

Schneider Electric cloud-based application implements best practices such as:

  • All communications to and from Energy Access Expert Villaya Flex with internal Schneider Electric systems or external third-party systems are encrypted using HTTPS (the minimum level required is TLS 1.2).

  • The certificate involved in these encrypted sessions leverages the SHA-256 with RSA encryption secure hash algorithm.

  • Schneider Electric is continuously monitoring the changing security landscape of cryptography and cybersecurity to ensure that we offer the best available protections to our customers and their sensitive data.

Data Privacy

Schneider Electric focuses on securing data flows coming from connected products and solutions (whether they connect to non-Schneider Electric hosts or platforms managed by Schneider Electric) and aligning to the latest data integrity and privacy regulatory requirements, such as the European General Data Protection Regulation (GDPR).

  • Data policy is compliant with local regulations.

  • The customer data use and protection policy is to be electronically signed by the responsible party of the site (for example, the building owner or tenant).

  • No data will be exported without this agreement.

  • Data remains customer ownership.

Feedback
QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.
Contact Information
Legal Information
Privacy Policy
Change your cookie settings