ScadaHud, Industrial Monitoring
Legal

Security Overview

How ScadaHud approaches security across the platform, the website and the company. Operational technology demands a different posture than typical SaaS, and this page summarizes ours.

Last updated: 2026-04-28

1. Platform security posture

ScadaHud is built for OT environments where availability, data integrity and operator accountability matter more than novelty. Security is not an add-on module; it runs through every layer of the platform.

  • On-premise first. Operational data stays on your network. Cloud connectivity is optional, never required.
  • TLS everywhere. All north-south and east-west traffic between ScadaHud components is TLS-encrypted by default.
  • Encrypted credential vault. Device passwords, API keys and other secrets are encrypted at rest using a key tied to the platform installation.
  • Role-Based Access Control (RBAC). Every module honors a single user directory and role model. Operators only see what they are authorized to see.
  • LDAP / Active Directory. Native integration with corporate identity systems for centralized authentication, group mapping and offboarding.
  • Tamper-evident audit log. Every operator action (acknowledgements, shelving, configuration edits, set-point changes, login attempts) is recorded in an append-only audit trail.
  • Certificate management. First-class support for OPC UA and MQTT client certificates, with renewal and rotation tooling.

2. Air-gap and isolation

ScadaHud can run on fully air-gapped networks. The product does not require outbound internet connectivity to operate, license-check or report telemetry. License activation can be performed offline.

3. Secure development

  • Code reviews and dependency vulnerability scanning prior to release
  • Reproducible builds with signed installers
  • Defense-in-depth against the OWASP Top 10 in the web layer
  • Hardened defaults: TLS on, RBAC on, audit on

4. Standards alignment

Where applicable, ScadaHud features are designed against widely-adopted industry standards:

  • ISA-101 for high-performance HMI design conventions
  • ISA-18.2 for alarm management lifecycle and performance metrics
  • ISA-95 for clean enterprise (MES / ERP) integration boundaries
  • OPC UA and MQTT (Sparkplug B-compatible) for interoperable device connectivity

5. Website security

scadahud.com is served over HTTPS with HSTS-style upgrade-insecure-requests. Form submissions are sent over TLS to a Node.js endpoint that forwards them to our mailbox through an authenticated SMTP relay. We do not run third-party tracking or advertising scripts on the marketing site.

6. Reporting a vulnerability

If you believe you have found a security issue in the ScadaHud platform or this website, please email support@scadahud.com with as much detail as possible. We will acknowledge receipt within two business days and work with you in good faith to investigate and remediate.

Please do not publicly disclose the issue until we have had a reasonable opportunity to address it. We are happy to credit reporters in our release notes.

7. Customer responsibilities

Industrial deployments are shared-responsibility. ScadaHud delivers the platform controls described above; you are responsible for:

  • Network segmentation between OT and IT zones
  • Physical security of operator workstations and panel PCs
  • Operating-system patching of the host machine
  • Backup and disaster-recovery procedures for the historian database
  • Strong passwords and timely user offboarding within your identity system