GridIQ is designed from the ground up for the security requirements of electric utilities. Read-only OT access. Zero Trust architecture. NERC CIP aligned. Here is exactly how we protect your infrastructure.
GridIQ connects read-only to your existing SCADA system via standard industrial protocols. We receive telemetry. We never send commands. We never modify setpoints, trip breakers, or change any operational parameter. Your control room retains 100% operational authority at all times. Our server IP (165.232.147.17) can be allowlisted for one-way outbound TCP only.
DNP3, Modbus TCP, IEC 61850 MMS, and MQTT connections are receive-only. GridIQ also ingests third-party sensor API feeds (Gridware AGR, Sentient Energy, PingThings, and others) as read-only data sources. No function codes that write, control, or configure are ever sent. Your RTUs and IEDs see only polling requests.
Standard TLS 1.3 encrypted TCP over internet. No client-side VPN software, no agents installed on your network, no changes to your firewall beyond one allowlist rule.
All GridIQ traffic originates from a single static IP: 165.232.147.17. Your firewall team can verify and allowlist this single address. No dynamic IPs, no CDN origins.
We require no changes to your SCADA system, no software installed on OT workstations, no modifications to PLC/RTU configuration. Your OT environment is untouched.
NIST SP 800-207 compliant. Every API request is authenticated and authorized independently. No implicit trust based on network location. Microsegmentation. Immutable audit logs.
JWT HS256 tokens with 8-hour expiry. bcrypt password hashing. Role-based access control (Admin/Operator/Viewer). Per-utility data isolation — no cross-utility data access is architecturally possible.
TLS 1.3 for all data in transit. AES-256 for data at rest. SSL certificates via Let's Encrypt with automatic renewal. HSTS enforced. A+ SSL Labs rating.
Each utility's data is stored in isolated database rows with utility_id foreign keys enforced at every query. No shared data pools. One utility cannot access another's telemetry, alerts, or configuration.
GridIQ is designed to help utilities achieve and maintain NERC CIP compliance, and our own platform architecture is aligned with CIP requirements.
CIP-002: BES Cyber System identification and categorization
CIP-003: Security management controls and policies
CIP-005: Electronic security perimeters — read-only access model
CIP-007: System security management — patch tracking, port management
CIP-008: Incident reporting and response planning
CIP-010: Configuration change management and vulnerability management
CIP-011: Information protection — data classification
CIP-013: Supply chain risk management
DigitalOcean SFO3 data center. SOC 2 Type II certified facility. ISO 27001 certified. SSAE 18 compliant. Physical security with biometric access controls.
PM2 process management with automatic restart on failure. nginx reverse proxy. Database backups every 6 hours with 7-day retention. Uptime monitoring.
Rate limiting on all authentication endpoints to prevent brute force. CORS restricted to gridiq.ink domain only. Input validation via Pydantic v2 on all endpoints.
Stripe PCI-DSS Level 1 certified payment processing. No card data ever touches GridIQ servers. Webhook signature verification on all Stripe events.
NormandinTECH commits to 99.5% monthly uptime for the GridIQ platform API and dashboard. This equates to no more than 3.6 hours of unplanned downtime per month. Scheduled maintenance windows are excluded and communicated 24 hours in advance.
P1 (platform down): acknowledged within 30 minutes, resolution target 2 hours. P2 (degraded performance): acknowledged within 2 hours, resolution target 8 hours. P3 (minor issues): acknowledged within 1 business day.
Automated uptime checks every 5 minutes. Immediate email alert on any failure. Database backups every 6 hours. All incidents logged and available upon request.
Your utility data is backed up every 6 hours. Backups retained for 7 days. Recovery point objective (RPO): 6 hours. Recovery time objective (RTO): 4 hours for full platform restoration.
Email support via contact form. Response within 1 business day for standard issues. Enterprise customers receive priority response. Onboarding call included with all paid plans.
NormandinTECH is registered on SAM.gov (System for Award Management) and available for federal procurement. GridIQ is available to federal agencies, rural utilities service (RUS) funded cooperatives, and state government entities through standard federal procurement channels. For federal procurement inquiries, submit a request via our contact form.
We welcome security reviews, architecture calls, and penetration testing discussions. Submit your questions through our contact form and we will respond within one business day.
Submit Security Inquiry