Security is the Core of our Business and a Top Priority

We are prepared for the new era in privacy regulation

Privacy



BlueDot SOC2 compliance!

SOC 2, which stands for Service Organization Control 2, is a set of compliance standards and guidelines developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 is specifically designed for service organizations, such as cloud service providers, data centers, software-as-a-service (SaaS) companies, and other entities that handle customer data and provide services that involve the storage, processing, or transmission of this data.

The SOC 2 framework focuses on the controls and processes a service organization has in place to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data. These are often referred to as the "Trust Services Criteria." There are five key trust services criteria:

Security: This criterion assesses the security measures in place to protect customer data from unauthorized access, breaches, and other security threats. It encompasses physical security, logical access controls, data encryption, and other security-related practices.

Availability: Availability measures the system's uptime and reliability, ensuring that services are available and accessible when needed by customers. This criterion assesses a service organization's ability to maintain its systems and services, even in the face of disruptions or outages.

Processing Integrity: This criterion evaluates the accuracy, completeness, and validity of data processing. It ensures that data is processed correctly and that there are controls in place to prevent errors and unauthorized alterations.

Confidentiality: Confidentiality focuses on protecting sensitive information from unauthorized disclosure. It includes measures such as data access controls, encryption, and data classification.

Privacy: Privacy addresses how a service organization handles personal information and complies with relevant privacy regulations, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

To achieve SOC 2 compliance, service organizations undergo a thorough audit by an independent third-party auditor who assesses their controls and processes against the trust services criteria. Upon successful completion of the audit, the service organization receives a SOC 2 report, which can be shared with customers and other stakeholders to demonstrate their commitment to data security and privacy.

SOC 2 compliance has become a valuable standard for organizations that handle customer data, as it helps build trust with customers, partners, and regulators by demonstrating a commitment to data security and privacy. It's often a requirement for organizations seeking to do business with larger enterprises or in industries with strict data protection requirements.

 

BlueDot is hosted with Microsoft Azure Cloud.

BlueDot is hosted in Microsoft Azure Cloud Servers and uses Intrusion Protection, Web Application Firewalls, Performance and Availability Monitoring Systems and Antivirus Systems which are implemented in our Azure's state of the art network, providing real-time protection from hackers, viruses and other threats, and ensuring the highest level of performance of every device on our internal networks.

BlueDot uses the highest HTTPS encryption method available (TLS): This communication protocol is used for secure communication across the internet.The databases uses Transparent Data Encryption, which encrypts the database at rest. And all uploaded documents are also encrypted at rest.

BlueDot offers Microsoft Two Factor Authentication (2FA): Two-factor authentication is an electronic authentication method in which a user is granted access to our application only after successfully presenting two pieces of evidence to an authentication mechanism.

In addition to all the security measures BlueDot has been issued the Privacy Shield Framework Seal by the US Department of Commerce, which is issued to companies who commit to a range of data protection principles that are consistent with the core requirements of EU law and GDPR regulations.

General Data Protection Regulation

BlueDot follows GDPR guidelines

Personal Privacy: BlueDot provides its customers with an Administrator Module. By using the Administrator module our customers effectively protect their information, update it, delete it as well as manage security settings, users, etc. We do not access or use customer content for any purpose other than providing support, maintaining and improving the BlueDot services and as otherwise required by law.
The Administrator Module allows you to access your personal data, correct errors, erase your data or export it per GDPR requirements:

- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data

Data Security: BlueDot is hosted with Microsoft Azure Cloud services. Azure offers Intrusion Protection, Web Application Firewalls, Performance and Availability Monitoring Systems and Anti virus Systems are implemented in our Azure's state of the art network, providing real-time protection from hackers, viruses and other threats, and ensuring the highest level of performance of every device on our internal networks.
Microsoft understands that to realize the benefits of the cloud, you must be able to trust the cloud. Microsoft has been leading the industry in establishing clear security and privacy requirements and then consistently meeting these requirements. Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as by the British Standards Institute, verify Azure's adherence to the strict security controls these standards mandate.

Disclosure of Customer Service Data: BlueDot only discloses Service Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities. For more details please read our Privacy Policy.

Transparent Policies: BlueDot has developed security protections and control processes to help our customers ensure a secure environment for their information and we have updated our Privacy Policy to reflect these changes.

Controls and Notifications: BlueDot has a process in place to make customers aware of and personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR time frames.

If you have any questions about our Privacy Policy , the information we have collected from you online, the practices of this Website, or you wish to access or correct the Personal Information we hold about you, please contact us at:

Data Protection Officer
BlueDot
Westshore Int’l Plaza
2202 N. West Shore Blvd Suite 200
Tampa, Florida 33607, United States