Opower, the leading customer engagement solutions provider for the utility industry, today announced that it has successfully completed a Service Organization Controls (SOC) 2 Type 2 examination related to the Security and Confidentiality principles of the American Institute of Certified Public Accountants (AICPA) Trust Services Principles (TSPs). The examination, completed by Deloitte & Touche LLP, covered the design and effectiveness of Opower’s data security controls over the Opower 4 platform.
“As part of Opower’s founding principles to protect confidentiality and earn the trust of the industry we serve, we have invested heavily in data integrity, confidentiality and security,” said Dan Yates, founder and CEO of Opower. “Reaching this prestigious recognition illustrates the success and nature of our commitment and establishes Opower as the market vanguard for data confidentiality. Our solutions support more than 80 utilities and 15 million consumers around the world and are based on the most rigorous standards available.”
About SOC 2 Certification
The examination, conducted by Deloitte & Touche LLP, included independent testing of controls related to the Opower 4 Customer Engagement Platform. The SOC 2 Type 2 report indicates that controls were suitably designed and operating effectively over a period of time to meet the criteria for the security and confidentiality principles set forth in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (AICPA, Technical Practice Aids).
“This report gives our utility clients assurance that our controls related to keeping data secure and confidential are designed and operating as intended,” said Lee Aber, Director of Information Security at Opower. “Opower and its clients demand transparency and rigorous adherence to controls to provide for the confidentiality of their customer data. Successfully completing a SOC 2 Type 2 examination provides an objective, third party evaluation of specific controls we have implemented for the protection of Utility data across our business.”
Certifications and Data Principles
As the leading customer engagement solutions provider for the industry, Opower is trusted by utilities to deliver results while protecting customer data and relationships. Our approach starts with the customer. In early 2012, we published a set of principles to help customers understand how Opower provides insight, protects privacy and puts them in control, and in June, implemented Privacy by Design. We’ve also worked with industry leaders to standardize aspects of these principles.
Opower has been certified by TRUSTe under the US-EU “Safe Harbor” framework. In addition, we’ve invested heavily to ensure that our infrastructure and business processes adhere to the latest security and compliance best practices. Opower’s security practices are built on the US National Institute of Standards and Technology (NIST) risk management framework. SOC 2 is the next step in these security efforts.
Working with 80 utility partners and serving more than 15 million consumers across six countries, Opower is the world’s leading provider of customer engagement solutions for the utility industry. By providing the tools, information and incentives consumers need to make smarter decisions about their energy use, the Opower 4 engagement platform and solution suite enables utilities to involve their customers in programs that support, energy efficiency goals, smart grid and new rate structures, brand loyalty and lowering the cost of service.
Proven to drive behavioral change at scale, Opower has helped its utility partners achieve more than 1.7 TWHs in energy savings, and drives significant increases in customer program participation and overall customer satisfaction. Founded in 2007 and privately held, Opower is headquartered in Arlington, Virginia, with offices in San Francisco and London.