Proud to be Powered by Vontier. Sharing a united vision that is driven by innovation.
Proud to be Powered by Vontier. Sharing a united vision that is driven by innovation.
Maintain peace of mind and ensure your (and your customers’) data are secure. Driivz’s security-by-design approach keeps your platform safe while ensuring you’re in compliance with all regulations needed to keep your business running.
Driivz’s risk-based information security policies cover all layers of your network’s security, to ensure that it meets the 3 tenets of information security
Information is only available to individuals who are authorized to access it.
Information remains accurate, complete, and unaltered while being stored, moved, or processed.
Information is accessible to authorized individuals whenever it is needed.
Driivz’s technology solutions protect the security of our customers’ complex operational environments using a comprehensive security framework that encompasses people, processes, tools, and ongoing training to protect the platform throughout the development lifecycle.
Driivz’s platform applies advanced cryptographic controls such as TLS and VPN tunneling to ensure secure connectivity and confidentiality for data in transit and database encryption for data at rest. Robust hashing with SHA-256, AES for symmetric encryption and 2048-bit keys for asymmetric encryption ensure enhanced security for user credentials, and other sensitive data in production environments.
Platform access is restricted to authorized users, who can only access information based on their role. SSO and 2FA/MFA can be applied at login to enhance protection. Even internal calls are authenticated, with user activity tracked and stored in log files, and key data entities tracked for changes to their values.
Driivz’s development teams use rigorous Secure Software Development Life Cycle (SSDLC) methodologies to prevent vulnerabilities from reaching production code. Before code is pushed to production, Static Application Security Testing (SAST) tools proactively identify and address potential vulnerabilities within the codebase, while Software Composition Analysis (SCA) tools analyze third-party libraries and components to mitigate risks associated with open-source dependencies.
Driivz platform data is stored in industry-leading data centers hosted in multiple locations. Each environment runs within a virtual private cloud (VPC) protected by firewalls for both incoming and outgoing traffic, and intrusion prevention systems. Personally Identifiable Information (PII) is securely encrypted and stored in full compliance with GDPR. While no Payment Card Industry (PCI) data is stored, the platform is PCI-SAQ-compliant.
With a security-by-design approach, Driivz’s platform has always protected charging session data and supported OCPP security since version 1.6. Driivz was also the first platform to receive full certification for OCPP 2.0.1 including all security profiles.
Driivz ensures that employees, contractors, partners and vendors understand their responsibilities and meet all requirements, so Driivz and its customers comply with international security and privacy regulations.
Driivz’s Security Operations Center (SOC) is led by the company’s CISO and a staffed by a team of security experts that run Security Orchestration, Automation, and Response (SOAR) tools to ensure 24/7 monitoring of the platform, and swift incident response. Real-time threats are mitigated using endpoint detection and response (EDR) systems, and penetration testing and vulnerability scanning is routinely performed by an independent 3rd party security firm.
Production systems are regularly updated with security patches, and logs are created when any suspicious activity is detected or when any software is installed. Logs are analyzed in a central system which identifies trends or suspicious behavior, and issues alerts as needed. Driivz security staff routinely collaborates with security partners and labs to stay on the leading edge of cyber security knowledge and tools.
Driivz’s platform enables leading EV charging networks globally to maintain compliance with all relevant regulations for data privacy and cost transparency
Driivz has developed a robust Business Continuity Plan with the goal of providing uninterrupted delivery of critical services and products. With years of experience powering some of the largest EV charging networks globally, Driivz’s Incident Response team has always met its core objectives of minimizing interruption of service, protecting people and assets, and maintaining regulatory compliance to safeguard the business interests of our customers.
