Platform security

This document details the end-to-end security measures of the measurable.energy Platform including hardware, firmware and cloud software.

Certifications

Cyber Essentials Plus 

measurable.energy is certified to Cyber Essentials and Cyber Essentials Plus scheme for business security. Full details of the certification process can be found here: https://iasme.co.uk/cyber-essentials/.

measurable.energy’s certificate can be found here: https://registry.blockmarktech.com/organisations/GBLTD11403660/

IASME IoT Cyber Assurance 

measurable.energy received the 2nd ever IASME IoT Security Assured certification. This shows measurable.energy devices, cloud services and associated web apps exceed the requirements of the UK Governments PSTI act, ESTI 303645 and the IoT Security Foundations Security Compliance Framework. The scheme is now rebranded IoT Cyber Assurance Level 2 and full details of the certification process can be found here: https://iasme.co.uk/iasme-iot-cyber/ .

measurable.energy’s certificate can be found here: https://registry.blockmarktech.com/organisations/GBLTD11403660/

ISO 27001

measurable.energy has successfully achieved and retained ISO 27001:2022 assurance from BSI.

ISO 27001 is a globally recognized international standard published by the International Organization for Standardization (ISO). It outlines the requirements for establishing a robust information security framework within an organization and is widely acknowledged as the gold standard for best practices worldwide. Obtaining this certification showcases our organization's unwavering commitment to continuously improving, developing, and safeguarding information, assets, and sensitive data through the implementation and maintenance of effective risk assessments, policies, and controls.

measurable.energy’s certificate is available on request.

End-to-End Security

Hardware

  • Secure boot enabled.

    • Only measurable.energy firmware can be run on a m.e Power Socket.

  • Physical interface disabled.

    • The m.e Power Sockets have no terminal to access data physically.

  • Secure OTA system. 

    • measurable.energy over-the-air updates are sent using industry leading security techniques to ensure no man in the middle vulnerability. 

  • measurable.energy managed. 

    • measurable.energy will manage the socket hardware throughout your installation, no need to install critical security updates. We handle that for you. 

  • Data encrypted before transmission

    • Raw, readable data is never exposed at any part of the communication network, with both encrypted storage and data transmission.

Connectivity

  • 2.4gHz Wi-Fi communications.

    • Uses your existing Wi-Fi network.

    • No third-party networks to manage. 

  • Secondary IoT secure Wi-Fi network deployment available. 

Cloud

  • AWS Cloud Secure.

    • Data processed and stored in GDPR-compliant territories only.

  • Encrypted Communication server.

    • Device-by-device encryption key pairs. 

  • Devices are air gapped.

    • Comprising 1 device has no effect on others

Hub

  • Option to sign in with Microsoft SSO accounts.

    • Centralised security through existing company services.

  • Multi-factor authentication enabled by default and enforced.

  • Full user management and controls.