Security and NIS2 Compliance in Mervis SCADA

At Energocentrum Plus, safeguarding your building technologies and data is our top priority. Mervis SCADA is designed with a “secure-by-design” philosophy, ensuring that your energy systems, building automation, and data acquisitions remain protected against modern cyber threats.

We are proud to be ISO/IEC 27001:2022 certified, reflecting our strict adherence to the highest international information security standards.

With the European Union’s NIS2 Directive establishing stricter cybersecurity requirements for critical infrastructure, Mervis SCADA is actively equipped to help your organization achieve and maintain compliance. We provide the necessary technical safeguards, access controls, and auditing tools to ensure your operational technology (OT) networks meet these rigorous legal frameworks.

To protect your infrastructure and ensure uninterrupted service, Mervis SCADA utilizes multiple layers of security:

• Two-Factor Authentication (2FA / MFA): To align with NIS2 requirements, Mervis Portal features mandatory Multi-Factor Authentication. This ensures that compromised passwords alone cannot grant access to your SCADA environment.
• Advanced User Permissions: Granular, role-based access controls allow you to restrict system interactions based on the principle of least privilege, ensuring users can only access what they need.

• HTTPS & End-to-End Encryption: All web traffic and cloud communications are secured via HTTPS using trusted Let's Encrypt certificates. This guarantees that data traveling between your facilities, the Mervis cloud, and end-user devices is heavily encrypted and protected from interception.

• Reliable Data Centers: Mervis SCADA cloud services are hosted in top-tier, highly secure data centers. Our primary infrastructure is housed with OVH (France), backed up by a secondary site at Faster (Czech Republic).
• High Availability: Our infrastructure is designed for resilience, consistently delivering high historical availability (99.5% - 99.95% annually) to keep your monitoring and control operations online.

• Daily Off-Site Backups: We perform regular, automated backups of all critical data every 24 hours.
• Redundancy: To prevent data loss in the event of a catastrophic failure, these backups are securely stored across two separate off-data-center locations.

• Detailed Event Logs: Mervis SCADA continuously records system events, user actions, and alarms. This provides total transparency over who did what and when within the system.
• Audit Server Integration: The platform maintains comprehensive audit trails critical for post-incident forensics and regulatory reporting, a key component for companies demonstrating NIS2 compliance.

For further questions regarding Mervis SCADA security infrastructure, deployment architectures, or specific compliance documentation, please contact our sales and technical support team.