====== ISO 27001 Certification & Security Standards ====== At Energocentrum, we have successfully achieved **ISO/IEC 27001:2022 certification**. This milestone proves that information security is not just a feature, but an inseparable part of our high-quality building automation systems. This certification validates our commitment to standardized risk management and the protection of critical infrastructure data. {{ :en:mervis-scada:47-scada.mervis.info:05-news:urs-iso-27001-badge.png?direct&300 |URS ISO/IEC 27001 Certification Badge }} ===== Core Security Areas ===== Our internal management systems have been overhauled to focus on three core pillars: * **Software Lifecycle**: Security is integrated directly into the engineering and code management processes for our TZB and energy software. * **SaaS Reliability**: All cloud operations run within a verified framework specifically audited for information security. * **Risk Mitigation**: We provide professionals with the tools needed to handle modern security requirements (such as NIS2) with confidence. ===== Portal Security Features ===== The Mervis Portal acts as the central line of defense for your projects. We have introduced several features to help administrators enforce enterprise-grade security: ==== 1. Identity & Access Management ==== To protect critical infrastructure access, the Portal supports: * **Multi-Factor Authentication (MFA)**: Administrators can enforce mandatory MFA using TOTP (Time-based One-Time Password) or SMS for all users. * **Password Policies**: Strict password quality requirements can be implemented across all domains and subdomains. * **User Provisioning**: Streamlined tools allow for the direct generation and secure delivery of credentials to new users. ==== 2. Data Integrity & Recovery ==== To prevent data loss and improve collaboration, the Portal includes enhanced Project History capabilities: * **Audit Trails**: Users can view a detailed history of file changes for their projects to track who modified what and when. * **Disaster Recovery**: The system enables the downloading of previously deleted files from the project history, acting as a safety net against accidental deletions. ===== Compliance ===== For more details on the official standard, visit the [[https://www.iso.org/standard/27001|ISO/IEC 27001 Standard]] page.