Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

Information Security and Business Continuity

Arcus customers need to know that Arcus will keep their information secure and carry out appropriate background checks on personnel providing the deliverables. Arcus also needs to make know that we have suitable systems in place to ensure Arcus can provide the deliverables without interruption.

Do you hold any information security accreditations?
☐: ISO 27001
☐: Cyber Essentials
☐: Cyber Essentials Plus
Other: Click or tap here to enter text.
: None

Do you operate an internal security policy?
If you answered yes, please describe the policy or attach a copy.  Yes. See attached IT policy

How, and how often, do you monitor your security compliance? Continuous monitoring of security compliance 

Please give details of any external bodies that you engage to audit your security compliance, what standards were audited and when they were last audited.  ✓: We do not engage any external auditors

Who in your organization is responsible for information security management?
Name:Alvaro Rozo
Position:Chief Product Officer
Email:alvaro.rozo@arcuspower.com
Phone:403 276 1398 

Please give an overview of how Information Security responsibilities are assigned within your senior leadership team. Please reference IT policy

Do you use segregation-of-duties controls to lower the risk of unauthorized misuse of critical systems? Yes

Please give details of how your personnel and suppliers are made aware of the key aspects of information security and why it is necessary. Please include:
• An overview of ongoing training on security awareness and 
compliance
• Details of additional training the designated security roles 
referred to in Q5.6 are required to complete
• Details on your security incident identification and reporting 
procedure.
Please reference IT policy

How do you ensure that your suppliers (at any tier), who may have an impact on the goods and services to be provided to PA, have appropriate security controls in place?
We rely on internal security controls of our suppliers

Do you conduct background vetting for all employees and contractors? 
We complete a criminal background check

Do you have business continuity and disaster recovery plans in line with business continuity best practice? Give details here and/or attach your BCDR policy.
Our data products are securely stored with redundancy and backups in place

How do you ensure that your suppliers (at any tier), who may have an impact on the goods and services to be provided to PA, have appropriate business continuity and disaster recovery plans in place? N/A

Please list the types of personal data that you expect to process on behalf of PA (if any): 
End user and business related contact information

Where will the personal data referred to above be stored and by whom? Please give details of all sub-processors. 
All personal data is maintained internally by Arcus Power

Is encryption used to protect PA information at rest and in transit? Include details as to which encryption technology will be used to safeguard PA data being stored on your systems (e.g., AES-256)? SSL Encryption Technology

Please explain how PA information will be segregated from other clients’ information (e.g., logical/physical). Customers are held within their own profile in our CRM system

Please explain how you securely dispose of data and the frequency. Please give details of any data destruction standards you adhere to. N/A

Are your devices configured to enforce a session timeout/lockout after a predetermined period of inactivity? Please provide details. Yes

Are your personnel required to change any default system account names and passwords across internal systems, and are they provided with guidelines for selecting secure 
passwords? Please describe the requirements. Yes

Do you use the latest anti-virus software on all devices and servers? Please describe which products and services are used. Yes

Does your company’s IT environment undergo full-system scans/ penetration testing? Please describe the nature of these tests and how often they are undertaken. Yes, tests are performed annually 

Does your company follow a documented process for patch management, ensuring that all security-related patches for all systems are addressed within a short timeframe? Please provide details.  Yes

 Is network security monitored on a 24/7 basis (e.g., scanning for unauthorised network connection points)? How are potential incidents flagged to your personnel? Yes

Are your physical environments (such as offices and data centres) protected with access controls e.g., card-controlled access, CCTV, security personnel, intrusion alarms? Yes

Will you or a third party engaged by you (at any tier) require access to PA’s network? Will servers be accessed from your internal networks, or will access be required over the internet? Please specify the nature of the access requested. No

Will you or a third party engaged by you (at any tier) require access to PA’s network? Will servers be accessed from your internal networks, or will access be required over the internet? Please specify the nature of the access requested. We are in the process of implementing MFA 

If you are developing or delivering software that integrates with PA systems, do you have a documented policy, process, and procedure for the secure development of software and secure control and deployment of software updates? N/A