Clean Power Research cloud software services comply with Service Organization Controls standards for operational security, availability and confidentiality.
The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework to serve as a standard for controls that maintain the confidentiality and privacy of information stored and processed in the cloud. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.
Audits utilizing the SOC framework can be “SOC 1” or “SOC 2”. A SOC 2 audit examines a cloud service provider’s system based on the AICPA Trust Service Principles and Criteria. SOC 2 applies to Clean Power Research’s services.
At the conclusion of a SOC 2 audit, the service auditor delivers an opinion in a SOC 2 Type 2 report, which describes the service provider’s system and assesses the fairness of the service provider’s description of its controls. It also evaluates whether the service provider’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.
A SOC 3 report is a shortened summary of the SOC 2 Type 2 audit report. It is made available for users who want assurance about the service provider’s controls but don’t need a full SOC 2 report. A SOC 3 report can be conferred by the service auditor only in cases where the service provider receives an unqualified audit opinion for SOC 2.
Clean Power Research’s SOC 2 and SOC 3 Reports document Security, Availability and Confidentiality controls in place to support Clean Power Research cloud service operations and compliance.
The SOC reports cover the products and services in the PowerClerk, SolarAnywhere and WattPlan families with the exception of PowerClerk v1. PowerClerk v1 is the legacy version of PowerClerk; customers are no longer onboarded to this platform.
The external service auditor—the entity performing the audit and preparing the SOC reports—for Clean Power Research’s services is Moss Adams LLP.
Clean Power Research issues SOC 2 and SOC 3 Reports annually. For 2018, the reports cover the period from April 1, 2018 to June 30, 2018. For 2019 and beyond, the reports will cover annual periods. New reports are released in mid-September.
SOC 2 Reports are provided based on legitimate business need. However, before we are able to provide your organization with a SOC 2 report, you will need to enter into a specific, one-way non-disclosure agreement (NDA) with Clean Power Research. The SOC 3 report is a summary of the SOC 2 report and does not require an NDA.
The SOC 3 report is a shorter form summary that outlines how the audited Clean Power Research services meet the AICPA’s Trust Security Principles in SOC 2 and includes the external auditor’s opinion of the operation of controls.
|BIG-IP Servers||Session||Associated with the BIG-IP product suite that manages sessions on load balanced servers, to ensure user requests are routed consistently to the correct server.|
|CloudFlare CDN||4 weeks||This cookie is set by CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.|
|CookieLawInfo Checkbox Necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category ‘Strictly Necessary’.|
|CookieLawInfo Checkbox Performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category ‘Performance’.|
|CookieLawInfo Checkbox Personalization||11 months||This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category ‘Enhancements & Personalization’.|
|Website Search Interaction||Session||This cookie is set by Site Search 360, our search engine for all Clean Power Research websites, to record search session preferences and performance.|
|Website Search Session ID||11 months||This cookie is set by Site Search 360, our search engine for all Clean Power Research websites, to record search session preferences.|
|Google Analytics Data Limiter||1 minute||This cookie is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.|
|Google Analytics Page Visits||1 day||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.|
|Google Analytics Random Identifier||2 years||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.|
|Hotjar Analytics (multiple)||Session - 1 Year||These cookies are third-party cookies set by Hotjar. Clean Power Research uses Hotjar analytics to collect anonymous information about the performance and usage of our website. You can find more information about Hotjar privacy and cookies here.|
|Marketo Analytics||2 years||Used by Marketo to help us understand customer insights and create optimal experiences for our customers on our websites.|
|Marketo Analytics||2 years||Associated with Marketo to help us understand customer insights and create optimal experiences for our customers on our websites.|
|Marketo Tracking||2 years||This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows the website to link visitor behavior to the recipient of an email marketing campaign, to measure campaign effectiveness.|
|YouTube Videos||30 days||This cookie is set by YouTube and is used to track the views of embedded videos.|
|Google IDE||2 years||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.|
|Language||11 months||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.|
|Social Intents Chat (multiple)||Session - 7 Days||These cookies are third-party cookies set by Social Intents Live Chat. Clean Power Research uses Social Intents as a chat tool and these cookies help maintain an anonymous user session. You can find more information about Social Intents privacy here.|
|14 days||This cookie is set due to Twitter integration and sharing capabilities for social media.|
|Wistia Videos||11 months||Set by Wistia to support video functionality that may be found throughout the website. In addition to keeping track of the website visitor's position in a video should playback be interrupted, this cookie also notes user behavior regarding the video itself.|
|Wistia Videos Data||10 months||This cookie collects visitor interaction data regarding Wistia video content so that such content can be made more relevant to the visitor.|
|YouTube Embedded Videos||30 days||This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.|
|YouTube Geographical Location||30 minutes||This cookie is set by YouTube and registers a unique ID for tracking users based on their geographical location|