IT Security

Optera’s approach to information security

Optera provides a sustainability data platform and expert services to a wide variety of customers who, in turn, provide or manage critical services and data operations. The increasing complexity of cyber attacks, such as those occurring through trusted third parties, demonstrate how a broadened understanding of the risk ecosystem is required to better mitigate information security risks.

At Optera we recognize that we are a part of a broader information security ecosystem and attack climate. As a result, we are acutely aware of the importance and value in prioritizing information security at all levels of operations, from the use of laptops up to the development and operation of our SaaS applications.

In addition, we understand that effective security measures support the success of all its activities by increasing trust in our brand, in our mission, and by reducing risk to our customers and partners. To that effect, we have selected ISO27001 for our information security governance and management standard. Work is done daily to adhere to the governance and security requirements applicable to our operations. Information security is discussed weekly among all levels of leadership and is prioritized as a key driver of our success.

 In addition to the adoption of information security as a core organizational priority, Optera conducts the following critical measures to improve its risk awareness and mitigation capabilities:

  • Frequent vulnerability scanning both on internal and external address spaces
  • Annual penetration testing of its sustainability application and platform, with demonstrated remediations of findings
  • Creation of standardized policies, procedures, and requirements expected across all operations that have an impact on security
  • The adoption of a Secure Software Development Lifecycle (SSDLC) intended to improve security awareness among its developers and to reduce likelihood of vulnerabilities in its applications
  • Annual risk assessment of the entire organization
  • Regularly maintained asset and data inventory
  • Regularly updated risk register and mitigation measures necessary to reduce risk to an acceptable level
  • Standardized monitoring and logging of all events surrounding critical assets, data, and user actions

We understand that “Security” is never finished, but will always be an ongoing effort that requires significant vigilance and dedication. Following this understanding, we seek to be certified in the ISO27001 standard and to adopt current best practices for securing our infrastructure and customer data.