As part of our commitment to maintaining the highest standards of security we hold a monthly security and data-protection review and are constantly updating and modifying our defences and processes to mitigate against unwanted access to systems and data under our control.
BlueBox WorldWide Ltd is a registered data-processor with the UK Information Commissioner's Office (https://ico.org.uk)
To this end we apply the following standard security measures to all our systems:
-
UK, EU and US data centers providing industry leading physical security for our cloud infrastructure
-
Data is stored within the geographic boundary of the client - ensuring valid protection under applicable data protection laws
-
WAF protection provided by leading global providers adds an additional barrier to intruders where required
-
IAM security access processes to restrict unwarranted access to data
-
Business continuity processes in place in event of a data outage or disruption
-
Critical support services and processes providing 24 hour contact and communication when required
-
Penetration testing and remediation, as required, to ensure systems meet current standards of threat protection
-
SSL encrypted data transport for all communications to and from our systems
-
Strict password policies and two-factor authentication for user access were required
-
Encryption-at-rest for databases that require enhanced protection
-
Anonymization of data (removing personal/identifying data from data streams where applicable)
-
Vetting and verification of upstream and downstream data processing partners
-
Data Breach policy
-
Data Management Retention and Erasure policy
-
Data Protection policy
-
Data Subject Access Request procedures
-
Active service scanning and monitoring (Sslyze, OpenVAS, OWASP ZAP, Nmap UDP)
If you have any questions about security at The BlueBox, please contact: info@blueboxonline.com