It is in Bluedrop’s DNA to take the security and privacy of our partners seriously. As a leading software as a service (SaaS) company with nearly three decades of domestic and international experience in the areas of health and safety certification management, workforce training, and virtual service delivery.
The SkillsPass platform, benefits from Bluedrop’s experience and deep commitment to these values. It offers a robust and multi-layered approach to data security and privacy protection that includes:
a company-wide commitment to data security and privacy that permeates the entire organization and is monitored on an ongoing basis by our Information Security Committee and reported on at the executive and board level;
strict adherence to all applicable SaaS data security and privacy requirements, most notably our System and Organizational Control (SOC) 2 Type 1 audit certification. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 certification is widely recognized as a gold standard for data security and requires companies to establish and follow strict information security policies and procedures. These policies and procedures are validated by an independent third party and demonstrate the Company’s commitment to protecting the confidential data we are entrusted with from unauthorized access and maintaining the availability of our services; and
the delivery of a SaaS solution that offers privacy compliance by default via built-in infrastructure, network, and application functionality that supports the overall security strategy and regulatory compliance effort. Specific examples include:
Inclusion of role-based security options and robust enterprise authentication methods including 2-factor authentication (TOTP), Single Sign On compatibility, along with regular vulnerability and penetration testing audits to ensure ongoing security and continuous improvement.
Effective utilization of data encryption to mitigate exposure risks, including encryption of all data in transit between end users and all components of the BLN solution, along with encryption of all databases and data backups at rest, with the encryption keys stored on FIPS 140-2 validated hardware security modules. All encryption methods are reviewed and updated as best practices and industry standards evolve.
Use of the Amazon Web Services Cloud as Bluedrop’s primary host environment, thereby offering an additional layer of security and privacy via the tools offered by this AWS including a secure data centre and network architecture that offers enhanced firewall protection, access controls, monitoring and more.