Information Security Controls
—
In order to ensure we secure both business and client data, we have implemented an array of security controls. Blue Star’s security controls are designed to allow for a high level of employee efficiency without artificial roadblocks, while minimizing risk. The following sections describe a subset of controls.
4.1 Access Control & User Authentication
Central to our security framework is strict access management. Only authorized personnel have access to sensitive data, and this access is managed through least privilege controls. Multi-factor authentication adds an extra layer of security to our login processes, ensuring that access credentials are protected. We enforce strong password policies, requiring complex passwords that are regularly changed, reducing the risk of unauthorized access.
Blue Star monitors and logs all access activity to ensure that any unusual and suspicious activity is proactively reviewed and responded to by our security operations partners.
4.2 Data Security & Encryption
All data in transit and at rest is safeguarded through encryption protocols that use secure encryption methods and ciphers (e.g. TLS 1.2 / 1.3). This prevents unauthorized interception or tampering of sensitive information during transmission and storage.
4.3 Network Security
In addition, Blue Star employ advanced network security measures — including firewalls, intrusion detection, prevention and response systems — designed to monitor and protect our infrastructure from malicious activities.
4.4 Application Security
Our application security practices are aligned with OWASP best practices in software development. Regular code reviews, security testing, and adherence to a secure development lifecycle help us identify and remediate vulnerabilities proactively. Web Application vulnerabilities are monitored on a continuous basis and penetration testing performed on a regular basis as part of our Attack Surface Assurance (ASA) program providing proactive defense against common threats such as SQL injection and cross-site scripting attacks.
4.5 Incident Management & Response
In the unlikely event of a security incident, Blue Star have established a comprehensive incident response policy and tested response plans. This enables us to detect, contain, and remediate issues swiftly, minimizing potential impact. We maintain detailed incident logs for analysis and continuous improvement.
4.6 Employee Training & Awareness
Employee training and awareness are integral to our security posture. Blue Star staff participate in regular security education programs, ensuring they remain vigilant against evolving threats such as phishing attacks and social engineering. We also collaborate with trusted partners and suppliers, ensuring their security practices align with our standards to protect your data throughout the entire supply chain.
4.7 Supplier & Third-Party Security
Security requirements are incorporated into third-party agreements. Due diligence and risk assessments are performed on suppliers and partners along with regular reviews of third-party performance and security posture.
4.8 Business Continuity & Disaster Recovery
Our business continuity and disaster recovery plans are tested annually, ensuring rapid restoration of services in the face of unforeseen disruptions. These plans include redundant data backups stored securely across multiple locations, guaranteeing data availability and resilience.