So far for some customers we have to use Victron Energy on a VLAN without internet access. It becomes more and more complicate as your software features improve.
The topics we would like to read from a VRM security statement are:
- ISO compliance: Quality Management, 27k
- External expert assessment
- VRM sessions: encryption and authentication
- Brute-force protection
- Code signing
- Password protection, two factor authentication, HIPAA compliance
- Security testing (policy on grey and withe box pentest)
- Location of the data center
PS: This is an old post that I'm digging up because it's still relevant for our Cyber Defense Business Unit.