Security by design

A secure foundation for a resilient energy ecosystem

At Withthegrid, we believe a connected, resilient energy ecosystem must be built on a foundation of trust. The digitalization of energy infrastructure introduces powerful new capabilities, but also new vulnerabilities and attack vectors.

“Safety by design” is an active practice embedded in our products, operations, and company culture. We are committed to providing you with the tools to manage your assets securely, ensuring your data, operations, and the grid itself are available and protected.

Security program

We have established a comprehensive security program to protect our systems, software development, products and data. Our security program is built on a foundation of robust governance, risk management, continuous training, resilient security controls and ongoing monitoring and assessments to minimize blind spots.

Our certified security framework

We adhere to rigorous international and European standards to ensure our products, services, and internal processes meet the highest levels of quality and security.

Information security

Our Information Security Management System (ISMS) is ISO 27001 certified, confirming our processes for managing data securely are independently audited and verified.

Quality management

We are ISO 9001 certified, ensuring our services are consistent, reliable, and focused on customer success.

European standards

Our solutions are designed to be compliant with key European directives on cybersecurity and radio equipment, including NIS 2 & RED-DA 3.3.

Industry best practices

We follow the cybersecurity practices developed by the European Network for Cybersecurity (ENCS).

Secure platform and infrastructure

Our cloud platforms, which power the Asset Monitoring Platform (AMP) and the Teleport Cloud, are built on a secure and resilient architecture.

  • Encryption in transit: All data communication between your assets, our platform, and your systems is protected with strong, end-to-end encryption (e.g., HTTPS/TLS).
  • Encryption at rest: Your data is protected using industry-standard encryption protocols within our databases.
  • Secure cloud architecture: Our platforms run on leading redundant infrastructure located exclusively within the European Union.
  • Access management: In line with our internal security program, we implement strong access controls tied with segmentation and need-to-know principles.
The Teleport

Robust on-site and hardware security

For our Teleport Gateway, security starts at the edge, on your physical site. We have engineered our hardware to be a secure, independent controller.

  • Outbound-only connections: The Teleport is designed to only initiate outbound connections from your site to our cloud. It does not accept inbound connections, which significantly reduces the attack surface and protects your local network from external threats.
  • Certificate-based authentication: Each Teleport device uses asymmetric cryptography (PKI) to authenticate itself with our cloud, using a unique, securely stored certificate.
  • Managed firmware: We manage all firmware for the Teleport Gateway. This allows us to remotely deploy critical security patches and updates, ensuring your hardware is always protected against new vulnerabilities without requiring a site visit.
  • Future-ready: The Teleport is built to continuously meet the (rapidly!) evolving grid operator requirements for remote control, including the mandatory RfG standards in several EEA countries.

Data privacy and governance

We believe that you should always be in control of your own data. Our policies are built around transparency and protection.

  • Customer data ownership: Your data is yours. We provide the tools to access and manage it, but you retain full ownership and control.
  • GDPR: In line with the General Data Protection Regulation, we minimize data collection, implement appropriate security controls to protect it and manage retention periods as relevant. You can find more details in our Privacy Policy.
  • Principle of least privilege: We enforce strict “least-privilege” principles and strong authentication for all our internal systems. For your organization, both the AMP and Teleport platforms feature role-based access control (RBAC), allowing you to grant specific permissions to your own team members.

Business continuity and reliability

Your operations are mission-critical. Our systems are designed for high availability and constant monitoring to ensure you can rely on us.

  • High availability: Our cloud platforms are built for redundancy to prevent single points of failure. We proudly maintain and communicate our uptimes in monthly reports (see for Teleport and AMP).
  • 24/7 monitoring: Our systems are monitored around the clock. Automated alerts notify our on-call teams of any anomalies, enabling immediate investigation and response.
  • Local fail-safes (Teleport): The Teleport Gateway’s local control logic is designed to function independently. If cloud connectivity is lost, it will continue to enforce its pre-defined local strategies, such as safeguarding your grid connection limits.

Need more information?

Please get in touch with our team here.
If you’ve witnessed anything that feels off, please reach out to us via our Responsible Disclosure policy.

withthegrid logo preloader