Security and NIS2 Compliance in Mervis SCADA

At Energocentrum Plus, safeguarding your building technologies and data is our top priority. Mervis SCADA is designed with a “secure-by-design” philosophy, ensuring that your energy systems, building automation, and data acquisitions remain protected against modern cyber threats.

We are proud to be ISO/IEC 27001:2022 certified, reflecting our strict adherence to the highest international information security standards.

With the European Union’s NIS2 Directive establishing stricter cybersecurity requirements for critical infrastructure, Mervis SCADA is actively equipped to help your organization achieve and maintain compliance. We provide the necessary technical safeguards, access controls, and auditing tools to ensure your operational technology (OT) networks meet these rigorous legal frameworks. As a provider for state critical infrastructure projects, we regularly test data recovery procedures and system restoration capabilities.

To protect your infrastructure and ensure uninterrupted service, Mervis SCADA utilizes multiple layers of security:

• Two-Factor Authentication (2FA / MFA): To align with NIS2 requirements, Mervis Portal features mandatory Multi-Factor Authentication. This ensures that compromised passwords alone cannot grant access to your SCADA environment.
• Advanced User Permissions: Granular, role-based access controls allow you to restrict system interactions based on the principle of least privilege, ensuring users can only access what they need.

• HTTPS & End-to-End Encryption: Mervis SCADA utilizes HTTPS (Let's Encrypt) for secure communication. This guarantees that data traveling between your facilities, the Mervis cloud, and end-user devices is heavily encrypted and protected from interception.
• Legacy Support: Unencrypted channels remain available for legacy BMS and control systems that lack encryption support, though secure connections are strongly recommended.

• Certified Data Centers: To support EU data sovereignty and compliance requirements, our cloud services are hosted strictly in top-tier, certified facilities. Our primary secure location is vshosting (ISO 27001, Czech Republic), with OVH (France) serving as an independent backup.
• Infrastructure Details: For a comprehensive look at our server architecture, hybrid OS environments, and connectivity metrics, please refer to our dedicated Cloud Infrastructure page.

• Daily Off-Site Backups: Data is backed up every 24 hours to ensure continuous data integrity.
• Redundancy: Backups are safely stored in two independent locations outside the primary data center.

• Detailed Event Logs: Mervis SCADA continuously records system events, user actions, and alarms. This provides total transparency over who did what and when within the system.
• Audits & Updates: We perform regular server updates and undergo penetration testing to ensure compliance with security standards required by critical infrastructure clients.

For further questions regarding Mervis SCADA security infrastructure, deployment architectures, or specific compliance documentation, please contact our sales and technical support team.