September 25, 2024
Ensuring ESG Data Security with Oren’s Prism Software
At Oren, safeguarding your ESG data is our top priority. Our Prism platform, powered by Amazon Web Services (AWS), ensures unparalleled protection with robust security measures. AWS provides industry-leading infrastructure security, encryption, and compliance with global standards such as ISO 27001 and SOC 2. Prism uses advanced security features, including TLS encryption, JWT-based authentication, role-based access controls, and AWS CloudWatch for real-time monitoring. Oren's development team also adheres to best practices, such as API key management, sign-in security, and regular security reviews, ensuring safe and reliable ESG data management for your organization.

Contents

Example H2
Example H3
Example H4
Example H5
Example H6

At Oren, safeguarding your ESG data is our top priority. Our robust security measures ensure that your sensitive information remains protected, adhering to industry-leading standards and practices. We leverage the power of Amazon Web Services (AWS) and a secure technological infrastructure to offer unparalleled protection for your ESG and sustainability data.

Trust in Our Security Infrastructure

Our commitment to data security is reinforced by our choice of AWS as our cloud provider. AWS provides a state-of-the-art cloud infrastructure that is more secure than many traditional on-premises systems. This transition allows us to focus on delivering top-tier ESG solutions while AWS handles the intricate aspects of data security. Our Prism platform operates on AWS, benefiting from its comprehensive security features to keep your data safe.

AWS Security Measures for Prism

AWS is known for its rigorous security protocols and compliance with global standards. Here’s how AWS ensures the security of Prism’s data:

  • Infrastructure Security: AWS manages its infrastructure with top-tier security practices, adhering to standards like SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, ISO 9001, ISO 27001, ISO 27017, and ISO 27018. This extensive compliance framework provides a strong foundation for securing our cloud services.
  • Virtual Firewall Protection: Our EC2 instances, where Prism is hosted, utilize AWS’s virtual firewall capabilities. Multiple security groups are configured with specific rules to control traffic, and Network ACLs complement this by filtering connections. Additionally, we use TLS (Transport Layer Security) for secure communication with AWS resources.
  • Monitoring and Alerting: AWS CloudWatch continuously monitors our EC2 instances, and we use Application Load Balancer (ALB) to manage traffic and protect against common threats like Distributed Denial of Service (DDoS) attacks. This real-time monitoring helps us detect and respond to potential security issues promptly.
  • Data Protection with Encryption: Prism utilizes MongoDB Atlas databases hosted on AWS, which provides automatic encryption for all stored data. TLS encrypts data in transit, ensuring that information remains secure as it moves between systems.
  • Storage Security: AWS S3 applies multiple layers of access restrictions based on IAM (Identity and Access Management) setups, ensuring that only authorized users can access data. MongoDB Atlas inherits these security features, further securing data in storage.
  • Authentication and Authorization: Prism employs JWT-based authentication and role-based authorization to secure user and application data. Authentication policies prevent unauthorized access, while role-based access controls ensure that users can only access resources pertinent to their roles. Access to our integration layer is protected by credentials and bearer tokens, with SSL connections for secure communication.

Oren’s Security Practices

Oren’s development team adheres to industry best practices to maintain the security of Prism. Key practices include:

  • Cloud-Watch Monitoring: AWS CloudWatch is configured to detect and mitigate denial-of-service attacks through load balancing and traffic management. Notification alerts help us monitor and control traffic spikes effectively.
  • API Key Management: We use scope-based API keys to prevent forged requests, ensuring that only authorized requests interact with our APIs.
  • Sign-In Security: Prism’s sign-in endpoint enforces strict quotas to prevent brute-force attacks, enhancing the security of user authentication.
  • Access Control: Production data access is restricted to a limited number of team members based on predefined IAM roles and policies. We maintain separate environments for production, testing, and staging to minimize risk.
  • Regular Security Reviews: We conduct quarterly reviews of security threats and compliance to stay ahead of emerging risks. We also practice minimizing open ports and providing time-bound authorization to users to prevent misuse.

Secure ESG Data Management

A secure ESG software solution like Prism ensures that organizations can manage, report, and analyze their sustainability data without compromising security. With our rigorous security practices and the support of AWS infrastructure, Prism offers a reliable platform for ESG and sustainability data reporting and analytics.

For more information on how Prism Software can enhance your ESG data management and to schedule a demo, contact our team today.

Ready to Supercharge Your Sustainability?

Ready to achieve BRSR excellence with comprehensive BRSR services?

Let's discuss how our BRSR services can
be the catalyst for your business growth.

Discover More
RESOURCES
BlogsWebinarsCase StudiesWhitepaperGlossary