As a leading software as a service (SaaS) company with nearly three decades of domestic and international experience, it is in Bluedrop’s DNA to take privacy and security seriously. The SkillsPass platform benefits from Bluedrop’s experience and deep commitment to these values. It offers a robust and multi-layered approach to data security and privacy protection that includes:
a company-wide commitment to data security and privacy that permeates the entire organization and is monitored on an ongoing basis by our Information Security Committee and reported on at the executive and board level;
strict adherence to all applicable SaaS data security and privacy requirements, most notably our System and Organizational Control (SOC) 2 Type II audit certification. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 certification is widely recognized as a gold standard for data security and requires companies to establish and follow strict information security policies and procedures. These policies and procedures are validated by an independent third party and demonstrate the Company’s commitment to protecting the confidential data we are entrusted with from unauthorized access and maintaining the availability of our services; and
- the delivery of a SaaS solution that offers privacy compliance by default via built-in infrastructure, network, and application functionality that supports the overall security strategy and regulatory compliance effort. Specific examples include:
- Inclusion of role-based security options and robust enterprise authentication methods including 2-factor authentication (TOTP), Single Sign On compatibility, along with regular vulnerability and penetration testing audits to ensure ongoing security and continuous improvement.
- Effective utilization of data encryption to mitigate exposure risks, including encryption of all data in transit between end users and all components of the BLN solution, along with encryption of all databases and data backups at rest, with the encryption keys stored on FIPS 140-2 validated hardware security modules. All encryption methods are reviewed and updated as best practices and industry standards evolve.
- Use of the Amazon Web Services Cloud as Bluedrop’s primary host environment, thereby offering an additional layer of security and privacy via the tools offered by this AWS including a secure data centre and network architecture that offers enhanced firewall protection, access controls, monitoring and more.