Utilities and other companies use energy risk management, power trading, energy scheduling, and energy accounting data to operate effectively. This sensitive and confidential data must be properly secured. A secure cloud hosting infrastructure protects this data and prevents unauthorized access.
MCG Energy provides comprehensive, integrated and user-friendly Energy Trading and Energy Risk Management Software hosted on a secure cloud infrastructure. Our top priority is to make sure all of our client’s data and computer information is safe and protected. MCG Energy’s comprehensive cloud hosting infrastructure gives us a leading edge in the SaaS marketplace. To demonstrate our dedication to cybersecurity, we have a complex, multi-tiered program of annual third-party audits to ensure we always exceed the highest industry requirements and standards for data management.
MCG Energy offers its innovative energy software solutions in a SOC2 and NIST SP 800-53 Mod Level compliant private cloud, all covered by one comprehensive SOC/NIST report assuring no gaps between system and hardware. In addition, MCG Energy is becoming FedRAMP authorized to enhance our cloud hosting services for federal customers and systems. MCG’s CEO and CISO Mike Prickett notes that “Expanding our cybersecurity footprint to meet FedRAMP standards will cover federal customers who need this level of security, and our other customers will have the peace of mind that these standards are met if ever needed in the future.”
Contact us to discuss the high safety measures MCG Energy employs to protect all our customers from information leaks or data breaches.
Active-Active Configuration – The Backbone of MCG Energy’s Hosting Infrastructure
Active-active datacenter operation is the key to MCG Energy’s hosting infrastructure. We surpass 99.99% uptime in our software implementations through redundancy of hosting hardware systems coupled with flexibility of software design in an active-active datacenter operation. MCG load balances customer web traffic and data processing to run at all times in both datacenters. This constant use of the redundant datacenter removes concerns about up-to-date code, functional capability of systems, or any need for disruptions with failover testing. MCG Energy also mirrors system data in synchronous, high-availability mode. Database mirroring in all datacenters ensures systems will continue to function without interruption in the unlikely event of a datacenter failure.
Learn more about MCG Energy’s Hosted Data Services.
MCG Energy’s SOC2 Certification
In the energy sector, SOC2 (AICPA, “System and Organizational Controls”) is an audit that assesses the adequacy of an organization’s cybersecurity risk management programs and reporting frameworks. SOC2 auditing identifies whether a company’s data systems are susceptible to information leaks or data breaches. The audits are performed by an independent auditor and require companies to identify and explain their policies and procedures to protect computational data and related information. The independent auditor’s report shows whether sensitive information is protected by the company and any third-party vendors.
SOC2 has become a standard for annual auditing of technology-based businesses, not only for cybersecurity but also for data handling. MCG Energy has always had unqualified annual SOC2 audits each reporting cycle, and provides reports to customers when they are available every year.Contact MCG Energy about SOC 2 Security Standards
What is NIST SP 800-53 Compliance?
The Federal Information Security Management Act (FISMA) Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. NIST (National Institute of Standards) then created a set of guidelines to improve the security standards of information systems used by the U.S. government. Specifically, NIST SP 800-53 is a risk management framework for federal information systems. This framework specifies the security controls that a federal agency or a federal contractor are required to follow for Low, Moderate, and High security baseline compliance. NIST standards have undergone periodic updates with contributions from the Committee on National Security, the Intelligence Community, and the Department of Defense.
The standards laid out for NIST SP 800-53 are complex. Meeting these standards is complicated, and MCG Energy is proud that it is NIST SP 800-53 Moderate (Mod) level compliant. To achieve compliance MCG Energy:
- Demonstrates it follows all mandated information security statutes and regulations
- Has policies & procedures in place to ensure adherence to the rules
- Documents the ability to withstand information breaches
- Demonstrates effective protocol for handling leaked information in the unlikely event a breach were to occur
Getting on FedRAMP
MCG Energy is in the unique position of having both the datacenter hosting facilities and software packages SOC2 audited and NIST compliant. Other vendors typically are unable to provide this level of security for the software applications themselves. Like SOC and NIST, MCG Energy’s FedRAMP authorization will cover infrastructure and cloud hosting, as well as all the software applications running in those datacenters. Some vendors rely purely on the FedRAMP-ready versions of AWS and Azure, while their software products are not FedRAMP authorized which leaves material gaps and exposure to the end user/customer. Paying for AWS FedRAMP infrastructure doesn’t get you there as a strong infrastructure only goes so far. A hardened cohesive system covering both the hardware and software provides the full breadth of coverage for data security. FedRAMP authorization of datacenters AND applications will meet even higher standards, and will greatly enhance MCG Energy’s qualifications to be a cloud hosting provider for U.S. government systems.Contact MCG Energy for more information