BlueBox System Security

Read below for our BlueBox System Security information and please do use the form on our contact page if you have any queries.

As part of our commitment to maintaining the highest standards of security we hold a monthly security and data-protection review and are constantly updating and modifying our defences and processes to mitigate against unwanted access to systems and data under our control.

BlueBox WorldWide Ltd is a registered data-processor with the UK Information Commissioner's Office (

To this end we apply the following standard security measures to all our systems:

  • UK, EU and US data centers providing industry leading physical security for our cloud infrastructure
  • Data is stored within the geographic boundary of the client - ensuring valid protection under applicable data protection laws
  • WAF protection provided by leading global providers adds an additional barrier to intruders where required
  • IAM security access processes to restrict unwarranted access to data
  • Business continuity processes in place in event of a data outage or disruption
  • Critical support services and processes providing 24 hour contact and communication when required
  • Penetration testing and remediation, as required, to ensure systems meet current standards of threat protection
  • SSL encrypted data transport for all communications to and from our systems
  • Strict password policies and two-factor authentication for user access were required
  • Encryption-at-rest for databases that require enhanced protection
  • Anonymization of data (removing personal/identifying data from data streams where applicable)
  • Vetting and verification of upstream and downstream data processing partners
  • Data Breach policy
  • Data Management Retention and Erasure policy
  • Data Protection policy
  • Data Subject Access Request procedures
  • Active service scanning and monitoring (Sslyze, OpenVAS, OWASP ZAP, Nmap UDP)

If you have any questions about security at The BlueBox, please contact: