FENECON Declaration on Information Security

1. Introduction

This declaration serves to present the current status of information security in the company.

Although there are currently no formal certifications in accordance with ISO 27001:2024 and other standards, we are guided by the relevant norms and best practices. The measures are being implemented step by step with the aim of continuous further development and possible future certification.

2. About the company

FENECON is a leading hardware and software specialist for battery electric storage solutions in the residential, commercial and industrial segments and the only German manufacturer to produce and develop such an extensive range of battery storage systems in Germany.

All storage models are characterized by the self-developed energy management system FEMS, with which FENECON significantly shapes the world’s most successful open source energy management system OpenEMS. The numerous FEMS applications in the product portfolio enable grid- and energy-transition-friendly energy management and intelligent sector coupling.

As an expert in electrical energy storage and energy management, FENECON is among the strongest innovators in the industry and is committed to a future with 100 percent renewable energy. Its performance, flexibility and innovative strength have been confirmed by numerous awards:

3 x Innovator of the Year (TOP 100 competition for German SMEs): 2023 to 2025.
5 x The smarter E Award: 2020 to 2025 for electricity storage systems, energy management, outstanding projects and business models.
Top Innovation Award (2025) and SolarProsumerAward from EUPD Research.
Bavarian SME Award and BAVARIA’s BEST 50 (2024).

As a German manufacturer that has been established in the German PV and energy market since 2011, has a lot of experience with foreign components and lives open source in many aspects (for example with an energy management system developed in-house), the topics of information security and data protection are very important to us. We welcome national and especially European regulations, as they create uniform rules on these topics.

3. Business and organizational context

As part of our growth and professionalization strategy, we are actively pursuing the official certification of our processes and measures.

ISO 9001:2015

TÜV-certified quality management for all FENECON locations by TÜV Süd.
(since 07 July 2025)
German certificate as PDF download

tuv

ITQ Basic Audit

Initiation of a security process with auditing and test report by an external IT service provider.
(since 11/06/2025)

itq

ISO 27001:2024

Certification planned and in preparation.

Monitoring and evaluation of future relevant certifications in the context of the Cyber Resilience Act (CRA), NIS2 and KRITIS - e. g.

ETSI EN 303 645 EU standard for networked devices
RED 2014/53 EU standard for cyber security
IEC 62443 Industrial communication networks - Network and system security

Cloud services

Hosting exclusively in Germany on our own servers and with a hosting partner with ISO 27001 certification.

hetzner iso 27001

4. Information security within the company

Information security is an integral part of FENECON’s corporate strategy. The aim is to sustainably protect the availability, integrity and confidentiality of information and to minimize risks for customers, partners and the company.

Responsibilities and governance

Overall responsibility for information security lies with Deputy Managing Director Stefan Feilmeier, Bachelor of Business Informatics, Master of Computer Science (Embedded Systems).

We use OKRs (Objectives and Key Results) and a delegation matrix to implement the corporate strategy in the area of information security. The majority of tasks are performed centrally across the company in the "Shared Services" department of the "Internal Services" business unit.

The respective departments (e. g. IT, quality management, strategy) rely on their own staff and cooperation with external experts to ensure long-term quality and further development. Statutory and specialist officers are appointed and staffed by internal employees or external experts, e. g. data protection officer, quality management officer.

ITQ Basic Audit

The Basic Audit took place in early 2025 and forms the foundation for an information security management system (ISMS). The audit included the areas of management, IT, digitalization & ERP system, FEMS (FENECON Energy Management System) and marketing (e. g. website).

The audit covers IT security management, virus protection, IT system safety, networking and internet, VPN & Wifi, content security, security requirements, patch management, passwords and encryption, emergency preparedness, data backup, infrastructure backup, mobile end devices, supplier management, mobile working, and cloud services.

The tasks identified in the audit were transferred to the departments concerned and are monitored by a regular IT security task force.

Information Security Management System (ISMS)

Certification in accordance with ISO 27001:2024 is planned and in preparation. Specific work on this was started following the successful audit for ISO 9001:2015 in June 2025. An ISMS manual is already being developed, an external consulting firm has been commissioned and workshops have been scheduled.

Awareness and training

Employees are regularly sensitized regarding cybersecurity and data protection via the internal e-learning platforms "FENECON Academy" and Sam Secova. Particular attention is paid to software and hardware developers, system administrators and service technicians with elevated authorizations.

Partnerships in Research & Development

FENECON has always been working closely with universities, research institutes and market companions. In particular, the cooperation in the OpenEMS Association e.V. and with the active open source community around OpenEMS as the basis of FEMS enables independent control of software quality and code safety.
openems.io

5. Information security in the products

Information security is an integral part of all FENECON hardware and software products and is systematically and uniformly taken into account in their design and further development.

The central element of all FENECON systems is the FENECON Energy Management System (FEMS), which is used in all products. It has proven its high stability and scalability over many years of use.

The FEMS platform comprises both the local energy management of the system in conjunction with other peripherals — e. g. measuring devices, analog and digital inputs and outputs, EV charging stations, etc. — and the cloud infrastructure operated by FENECON — for remote monitoring of operating states in real time, analysis of historical data, remote maintenance and provision of software and firmware updates.

Operating concept and architecture of the FEMS platform
- Local functionality
  - FENECON electricity storage systems and the FEMS energy management system work completely autonomously, even without a cloud connection.
  - Advanced optimization functions such as AI-based timetable management also work completely locally.
  - Visualization of live data, analysis of historical data and local system functions for maintenance and service purposes are available via a local web application.
- Cloud connection
  - The FEMS energy management system uses cloud connections for remote monitoring, data analysis, maintenance and provision of updates.
  - FEMS connects to the FENECON cloud via a permanent, TLS-encrypted, bidirectional connection, ensuring IT-secure and fast data exchange.
  - Components of the system (e. g. battery inverter, battery management system, cooling system, etc.) are not directly connected to the internet. All communication takes place exclusively via FEMS.
  - FEMS only uses outgoing (no incoming) compounds, making it easier to manage the company firewall. Destination addresses and ports are clearly documented: FEMS Technical Documentation.
  - The web application uses modern technologies and is optimized for operation on PCs and smartphones. FENECON provides native apps for Android and iOS.
  - Configurable automatic notification in the event of a system error and if the internet connection fails.
Technical and organizational measures
- Software development of the FEMS platform
  - FEMS is developed and operated by our own in-house team of software developers and DevOps engineers in Germany.
  - The "Software Bill of Materials" (SBOM) is maintained; unnecessary dependencies are avoided.
  - Further developments and bug fixes are fully traceable via company-wide task management, versioning of the source code and infrastructure, clear marking of release versions and comprehensible change logs.
  - Software development relies on a modern development infrastructure:
  - Comprehensive Continuous Integration (CI) system with automated tests, automated monitoring of the SBOM for "Common Vulnerabilities and Exposures" (CVE) and further developments and static code analysis.
  - Application of modern development methods such as "Security by Design", "Test-Driven Development", structured code review process, Trunk-Based Development.
- Operational safety
  - Provision of free functional and safety updates for all products over their entire lifetime, even after the warranty has expired
  - Cloud infrastructure operated by FENECON exclusively in Germany on our own servers and with a hosting partner with ISO 27001 certification.
  - Access control with role-based rights management, personal access accounts ("named users") and safe, non-reversible password encryption (PBKDF2-SHA512).
  - All configuration changes to the electrical energy storage system are versioned and traceable with time stamps and implementing accounts (requires cloud connection).
  - Preferred use of components from German or European production.

Although we are not yet formally certified to ISO 27001, our day-to-day practice already meets the requirements of this and other standards in many areas. We are constantly reviewing which other standards we would like to have certified. FENECON is committed to the continuous development and improvement of information security!