Trust is the foundation of our relationship with utility businesses around the world. In turn, that trust needs to extend to the millions of end-consumers for whom we process smart meter consumption data every day. We value the confidence that our customers put in us and take the responsibility of protecting their information and information of their customers incredibly seriously.
To be worthy of your trust, we have built and will continue to grow ONZO with an emphasis on security, compliance and privacy.
Security: protect and control
ONZO is designed with a secure, highly distributed infrastructure, with multiple layers of protection.
Our robust information security management framework is designed to assess risks and build a protective culture of security at ONZO.
The ONZO platform is designed with multiple layers of protection, including secure data transfer, data encryption, multi factor authentication and role-based access controls distributed across a scalable, secure infrastructure, provided by Amazon Web Services, the worlds leading Cloud infrastructure provider. Using a highly distributed platform allows us to operate a resilient service with a high level of reliability, with no single points of failure.
We continually assess risks to improve the security, confidentiality, integrity and availability of the ONZO platform. We regularly review and update security policies, provide our employees with security training, perform application and network security testing (including penetration testing), conduct risk assessments, and monitor compliance with security policies.
Control and visibility
We utilise a number of tools that allow ONZO to maintain a robust security posture.
Multi factor authentication
This security feature adds an extra layer of protection to our infrastructure by only allowing selected ONZO team members access to our platform via a combination of something they know (typically a password) and something they have (an electronic security token).
Our API requires secure authentication to happen before the API will return data. Authentication is provided by our partner Auth0, who are a world leader in authentication and access control technology.
Recovery and history
Every item of consumption data is stored and archived in its raw form before being processed. This allows us to examine, when necessary original data before it is cleansed and processed and also allows us to restore original data should there ever be a need.
Compliance: trust and verify
Compliance is an effective way to validate a service’s trustworthiness. Our partner AWS is certified to standards such as ISO 27001 and SOC 1, 2 and 3 and Cyber Essentials. Their independent third-party auditors test their controls and provide their reports and opinions – which we share with you whenever possible. ONZO is working towards ISO 27001.
Privacy: our commitment
Every day, millions of households trust ONZO with their personal consumption data. Because of this, it’s our responsibility to protect this information keep it private. Our commitment to privacy is at the heart of every decision we make.
Protecting your data
We work hard to protect your information from unauthorised access and have designed policies and controls to safeguard the collection, use and disclosure of your information.
What kind of data we collect
With whom we may share information
How we protect this data and how long we retain it
Where we keep and transmit your data
What happens if the policy changes or if you have questions
General Data Protection Regulation (GDPR)
It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.