Our Information Security

Blue Star is committed to providing our customers with industry-leading solutions to ensure they are protected from today’s cybersecurity threats.

To support this, we have invested in operating an ISO/IEC 27001:2022 certified Information Security Management System (ISMS) which is designed to cover all activities related to print management services, including print, packaging, customer communications, design, branded merchandise and logistics services.

Security Profile

Blue Star’s security rating score is based on UpGuard’s analysis of hundreds of individual checks across ten categories: Website, IP/Domain Reputation, Encryption, Vulnerability Management, Attack Surface, Network, Email, Data Leakage, DNS, and Brand Reputation.

The security score provides a data-driven, objective, and dynamic measure of Blue Star’s cybersecurity performance. The higher the rating, the better the security posture. Please visit trust.bluestar.co.nz for more information.

Security Rating

UpGuard Rating

Risk Management & Governance

Blue Star has invested in the appropriate resources and controls to protect and service our customers. This investment includes the implementation our ISMS system and team responsible for the security and risk management program and the governance process. The security team is focused on defining new and refining existing controls, implementing and managing the Blue Star security framework as well as providing a support structure to facilitate effective information security  management. Our Group Information Security & Technology Manager, who reports to the Chief Executive Officer, manages the Security Team.

Regular risk assessments are conducted annually to identify potential security threats and vulnerabilities. Risk treatment plans are implemented to mitigate identified risks. Security policies are reviewed and updated annually.

Information Security Objectives

We have developed our ISMS system using the ISO 27001:2022 framework.

Our key objectives are to:

  • Maintain industry-leading security standards
  • Continuously monitor & improve our security posture
  • Maintain customer confidence & service levels
  • Protect against unauthorised data access / loss
  • Protect against unplanned downtime
  • Continuously monitor & comply with all legislation
  • Maintain shareholder value

Information Security Controls

In order to ensure we secure both business and client data, we have implemented an array of security controls. Blue Star’s security controls are designed to allow for a high level of employee efficiency without artificial roadblocks, while minimizing risk. The following sections describe a subset of controls.

4.1 Access Control & User Authentication

Central to our security framework is strict access management. Only authorized personnel have access to sensitive data, and this access is managed through least privilege controls. Multi-factor authentication adds an extra layer of security to our login processes, ensuring that access credentials are protected. We enforce strong password policies, requiring complex passwords that are regularly changed, reducing the risk of unauthorized access.

Blue Star monitors and logs all access activity to ensure that any unusual and suspicious activity is proactively reviewed and responded to by our security operations partners.

4.2 Data Security & Encryption

All data in transit and at rest is safeguarded through encryption protocols that use  secure encryption methods and ciphers (e.g. TLS 1.2 / 1.3). This prevents unauthorized interception or tampering of sensitive information during transmission and storage.

4.3 Network Security

In addition, Blue Star employ advanced network security measures — including firewalls, intrusion detection, prevention and response systems — designed to monitor and protect our infrastructure from malicious activities.

4.4 Application Security

Our application security practices are aligned with OWASP best practices in software development. Regular code reviews, security testing, and adherence to a secure development lifecycle help us identify and remediate vulnerabilities proactively. Web Application vulnerabilities are monitored on a continuous basis and penetration testing performed on a regular basis as part of our Attack Surface Assurance (ASA) program providing proactive defense against common threats such as SQL injection and cross-site scripting attacks.

4.5 Incident Management & Response

In the unlikely event of a security incident, Blue Star have established a comprehensive incident response policy and tested response plans. This enables us to detect, contain, and remediate issues swiftly, minimizing potential impact. We maintain detailed incident logs for analysis and continuous improvement.

4.6 Employee Training & Awareness

Employee training and awareness are integral to our security posture. Blue Star staff participate in regular security education programs, ensuring they remain vigilant against evolving threats such as phishing attacks and social engineering. We also collaborate with trusted partners and suppliers, ensuring their security practices align with our standards to protect your data throughout the entire supply chain.

4.7 Supplier & Third-Party Security

Security requirements are incorporated into third-party agreements. Due diligence and risk assessments are performed on suppliers and partners along with regular reviews of third-party performance and security posture.

4.8 Business Continuity & Disaster Recovery

Our business continuity and disaster recovery plans are tested annually, ensuring rapid restoration of services in the face of unforeseen disruptions. These plans include redundant data backups stored securely across multiple locations, guaranteeing data availability and resilience.

Compliance & Continuous Improvement

Our commitment to ISO 27001 ensures that we regularly:

  • Conduct internal audits and management reviews.
  • Update security controls based on evolving threats.
  • Maintain comprehensive documentation for transparency and accountability.