Itron and GDPR
Itron has a formal program to identify, inventory and assess risk for the protection of personal data residing in Europe, including that used as part of the programs directed by Itron customers acting as data controllers.
Further, Itron has architected security into our solutions from end to end, from our communications modules in the field to the back office applications, systems and processes that supply and support them. This practice supports a "Secure By Design" principle as set forth in the GDPR, whereby data protection is built into a system from the outset, rather than as an afterthought addition.
Our deployment architecture and policies strive to reflect the "best practice" controls recommended in many standards, especially in the areas of asset management, access control (based on the principle of least privilege), physical and environmental security, and contingency plans for business operations and infrastructure continuity.
Itron implements the business policies and procedures that are required to ensure the continued safety of systems and data. These include, but are not limited to, access specific security roles, physical protection mechanisms for facilities and data centers, formal policy and procedure for change control, personnel background checks and security and incident management training.
These processes and procedures align to a broad set of reference control frameworks that include, but are not limited to ISO-27001, SOC 2 Type 1, SOC 2 Type 2 and SSAE-16. Itron performs regular tests of our technologies and processes under a formal methodology to ensure that we can rapidly and effectively identify and manage risks to our internal operations and our customers' environments that may arise over time.
If you have any questions, please email privacy@itron.com.