At Socomec, we prioritize the security of our clients‘ installations in the face of increasing cyber threats. With 69% of cyberattacks targeting businesses in 2021, including 11% directed at hospitals, it is crucial to address this exponential rise in intrusions. Socomec has obtained the ISO/IEC 27001 certification, ensuring the security and homogeneity of our entire value chain. Our commitment to cybersecurity extends to our IoT products, which play a critical role in bridging networks and client infrastructures. Trust us to deliver optimal security measures and protect your data from potential cyberattacks.
Security and Connectivity Q&A
- ISA62443-4-2: Socomec equipment, such as the Net Vision card, complies with this international benchmark standard for industrial systems.
- ISO27001: Certified by AFNOR, this standard ensures that Socomec applies best practice in cybersecurity for its IoT solutions.
Socomec guarantees total data security through the following practices:
- Secure communication (HTTPS/MQTTS): All communications between Socomec products and cloud services are encrypted via HTTPS, preventing any access or modification of data in transit.
- Authentication via private key (token): Each cloud connection is validated using a unique private key generated by the platform. This key must be entered into the Net Vision card to enable any communication.
Socomec servers are hosted by Agora Calycée, a subsidiary of the Socomec group, ensuring full control over the infrastructure. These servers are located in Paris, Lyon, Strasbourg and Singapore, with plans underway to expand to the United States. All services operate on a secure private cloud.
Socomec works with partners certified by ANSSI (National Cybersecurity Agency of France) to conduct regular penetration tests. These audits replicate modern cyberattack techniques to evaluate the robustness of the equipment.
An official certification confirming the security of the products is issued after each test campaign.
Data integrity is maintained through:
- HTTPS encryption, which prevents any alteration of information in transit.
- Validation mechanisms, which verify the authenticity of the data before it is processed by the cloud platforms.
Software updates are carried out proactively:
- Regular deployment of patches to address identified vulnerabilities.
- Notifications sent to users subscribed to the Socomec Cybersecurity mailing list (available on our Cybersecurity web page) to ensure the rapid and secure installation of patches.
Yes, all communication services, including RJ45 Ethernet ports, can be disabled using the product's configuration tool.
For connected UPS systems, if the client requires full control over their system, it is possible to remove the device's connectivity card.
Socomec collaborates with leading cybersecurity companies to integrate the latest technological advancements and maintain optimal protection against emerging threats.
Through the user interface, access is controlled by username and password to ensure secure entry. Additionally, users can be assigned specific roles to define their access levels based on their needs and responsibilities.
For products requiring enhanced access control, authentication is performed using a digital certificate.