Utility Bill Management

Security and Data Usage Overview

 

At Blackstone Energy Services (BES), we prioritize the security and privacy of our clients' data. This document outlines the measures taken to secure ONYXCentral.

This document further outlines how client data is handled. ONYXCentral is designed to streamline utility bill management by leveraging advanced technologies, while adhering to stringent security standards.

 

1. Security Measures

a. Data Encryption

All sensitive data, including utility account credentials, is encrypted using industry-leading encryption standards both in transit and at rest. Specifically:

• Transport Layer Security (TLS): Ensures secure communication between client devices and our servers, protecting data from interception during transmission.
• Advanced Encryption Standard (AES): Encrypts credentials and other sensitive data stored in our database.

b. Credential Management

• Zero-Knowledge Architecture: Client credentials are encrypted in a manner that prevents even our administrators or engineers from accessing the plaintext passwords.

·       Authentication IDs When accessing the platform through a public internet connection, clients are provided with unique Authentication IDs for their authorized users.

o   It is the responsibility of the client to maintain the security of these IDs and ensure they are not shared with unauthorized individuals. Any unauthorized access must be reported to Blackstone immediately. Clients indemnify BES against third-party claims arising from misuse of Authentication IDs. Authentication IDs include login credential and passwords stored in ONYXCentral.

• Secure Sharing with Sub-processors: When necessary, credentials are securely transmitted to sub-processors solely for the purpose of retrieving and processing utility bills. These sub-processors adhere to strict contractual and security requirements to ensure the protection of shared data.

c. Multi-Factor Authentication (MFA)

Clients are required to enable and enforce MFA for extra layer of protection to their accounts and to follow security best practices. This ensures that even if a password is compromised, unauthorized access is prevented.

d. Role-Based Access Control (RBAC)

It is recommended that Client administrator users configure access to their data on a restricted basis based on the principle of least privilege (PoLP) and zero-trust, such that users have access to the minimum level of data needed to perform required tasks.  Only authorized personnel, as defined by clients, with a specific need to access certain data are granted permission, and all access is logged for audit purposes.  BES does not administer, grant, or control RBAC to client data for any user on the platform/system.

e. Regular Security Audits

ONYXcentral undergoes regular security assessments, including penetration testing and vulnerability scanning, to identify and address potential weaknesses. Additionally, an annual SSAE SOC audit is conducted to validate our security controls. Any identified deficiencies are remediated promptly, with clients notified as required.

f. Compliance

Our system aligns with industry standards and regulations, including NIST, CIS Benchmarks, and SOC, to ensure data protection and client trust.

g. Security Requirements

We implement and maintain robust safeguards and controls to deter, detect, prevent, and correct unauthorized intrusion, access, or use of the platform and client data. While these methods are designed to provide high levels of protection, we acknowledge that no system can entirely eliminate the risk of unauthorized access. In the unlikely event that such intrusions occur despite our protocols, BES disclaims liability for actions by unauthorized electronic intruders, except for maintaining compliance with established security requirements.

h. Audit Right

We reserve the right to monitor and audit client and Authorized User usage of the platform to ensure compliance with this Agreement. Monitoring may involve:

• Conducting audits directly or via authorized third parties.
• Addressing identified violations by suspending services and notifying the client of required remediation.
• Charging additional fees for usage exceeding authorized levels or unauthorized access as per our pricing.

 

2. Data Usage

a. Purpose of Data Collection

Client-provided credentials are used exclusively to retrieve and processing utility bills. This process ensures that businesses have timely access to their utility data for better management and decision-making.

b. Sharing with Sub-processors

To facilitate the retrieval and processing of utility bills, encrypted credentials may be securely shared with trusted sub-processors. Such sub-processors:

• Are contractually obligated to use the data solely for the specified purpose.
• Implement equivalent or superior security measures to protect the data.

 

c. Data Retention

Credentials and other sensitive data are retained only as long as necessary to provide the contracted services and/or in accordance with Blackstone’s standard data retention policy. Upon termination of the client’s agreement or at the client’s request, all data is securely deleted, unless contractual obligations require the data to be kept longer

3. Platform Updates and Maintenance

a. Maintenance

From time to time, it is necessary to perform maintenance on the platform to ensure its optimal operation. We use commercially reasonable efforts to minimize the impact of downtime on clients. Where possible, we provide advance notice of scheduled maintenance via ONYXcentral and/or e-mail correspondence, including the anticipated duration of the downtime. This proactive communication ensures transparency and helps clients plan accordingly.  BES is not responsible for any impact to a client’s account during scheduled and unscheduled maintenance.

b. Platform Changes

We reserve the right to make changes to the platform to comply with safety, security, statutory requirements, or orders from governmental authorities. Additionally, we may update user documentation, operational rules, security and privacy policies, and platform components as necessary. These changes are implemented with the goal of enhancing client experience and maintaining compliance.

4. Client Responsibilities

While we implement robust security measures, clients play a vital role in ensuring the security of their accounts. We recommend following NIST-800 guidelines and advise:

• Using strong, unique passwords for their ONYXCentral user and utility accounts.
• Regularly reviewing and updating your stored credentials.
• Enabling MFA for enhanced security.
• Monitoring Authentication IDs and reporting any unauthorized access promptly.

 

Conclusion

Our commitment to security and responsible data usage is foundational to our utility bill management service and the ONYXcentral portal that serves it. By implementing state-of-the-art security measures and adhering to strict data usage policies, we ensure that our clients’ sensitive information is protected at all times.