Face aux menaces grandissantes en matière de cybersécurité, la sécurité des installations de nos clients est prioritaire pour Socomec. En 2021, 69 % des cyberattaques ciblaient des entreprises, dont 11 % étaient dirigées contre des hôpitaux, et il est primordial de répondre à cette augmentation exponentielle du nombre d’intrusions.
Socomec est certifié ISO/IEC 27001 depuis 2022 pour ses solutions IoT, attestant de sa conformité aux standards internationaux en matière de gestion de la sécurité de l'information.
Nos produits IoT jouent un rôle essentiel pour relier les réseaux et les infrastructures clients. Faites-nous confiance pour mettre en œuvre des mesures de sécurité optimales et protéger vos données contre les cyberattaques.
Voir le certificat ISO 27001 Voir la lettre d'engagement ISO 27001
Security and Connectivity Q&A
- ISA62443-4-2: Socomec equipment, such as the Net Vision card, complies with this international benchmark standard for industrial systems.
- ISO27001: Certified by AFNOR, this standard ensures that Socomec applies best practice in cybersecurity for its IoT solutions.
Socomec guarantees total data security through the following practices:
- Secure communication (HTTPS/MQTTS): All communications between Socomec products and cloud services are encrypted via HTTPS, preventing any access or modification of data in transit.
- Authentication via private key (token): Each cloud connection is validated using a unique private key generated by the platform. This key must be entered into the Net Vision card to enable any communication.
Socomec servers are hosted by Agora Calycée, a subsidiary of the Socomec group, ensuring full control over the infrastructure. These servers are located in Paris, Lyon, Strasbourg and Singapore, with plans underway to expand to the United States. All services operate on a secure private cloud.
Socomec works with partners certified by ANSSI (National Cybersecurity Agency of France) to conduct regular penetration tests. These audits replicate modern cyberattack techniques to evaluate the robustness of the equipment.
An official certification confirming the security of the products is issued after each test campaign.
Data integrity is maintained through:
- HTTPS encryption, which prevents any alteration of information in transit.
- Validation mechanisms, which verify the authenticity of the data before it is processed by the cloud platforms.
Software updates are carried out proactively:
- Regular deployment of patches to address identified vulnerabilities.
- Notifications sent to users subscribed to the Socomec Cybersecurity mailing list (available on our Cybersecurity web page) to ensure the rapid and secure installation of patches.
Yes, all communication services, including RJ45 Ethernet ports, can be disabled using the product's configuration tool.
For connected UPS systems, if the client requires full control over their system, it is possible to remove the device's connectivity card.
Socomec collaborates with leading cybersecurity companies to integrate the latest technological advancements and maintain optimal protection against emerging threats.
Through the user interface, access is controlled by username and password to ensure secure entry. Additionally, users can be assigned specific roles to define their access levels based on their needs and responsibilities.
For products requiring enhanced access control, authentication is performed using a digital certificate.