BlueFlag Security Platform Enhancements. Read Press Release
We operate with rigorous security standards and SOC 2 compliance, ensuring the highest level of protection for our customers.
Secure Personnel
BlueFlag Security takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.
All BlueFlag Security contractors and employees undergo background checks in accordance with local laws and industry best practices.
Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who need access to sensitive or internal information.
We conduct employee security training & testing using current and emerging techniques and attack vectors.
Secure Development
BlueFlag Security protects developer identities and their tools throughout the software development lifecycle (SDLC).
All BlueFlag Security projects including on-premises software products, support services, and our Digital Identity Cloud follow SDLC principles.
All development of new products, tools, and services, and major changes to existing ones, undergo a design review to ensure security requirements are incorporated.
All team members involved in any system development undergo annual secure development training in coding or scripting languages they utilize plus other relevant trainings.
Software development is conducted in line with OWASP Top 10 recommendations for web application security.
Secure Testing
BlueFlag Security deploys third party penetration testing and vulnerability scanning of all production and Internet facing systems on a regular basis.
All new systems and services are scanned prior to being deployed to production.
We perform penetration testing both by internal security engineers and external penetration testing companies on new systems and products or major changes to existing systems, services, and products to ensure a comprehensive and real-world view from multiple perspectives.
We perform static and dynamic software application security testing of all code, including open source libraries, as part of our software development process.
SECURE CLOUD
BlueFlag Security Cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.
All customer cloud environments and data are isolated and stored within a dedicated trust zone to prevent any accidental or malicious co-mingling.
Our entire platform is continuously monitored and all data is encrypted at rest and in transmission to prevent any unauthorized access or data breaches.
We separate each customer's data and our own, utilizing unique encryption keys to ensure data is protected and isolated.
We implement role-based access controls and the principles of least privileged access, and review revoke access as needed.
BlueFlag Security is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of our dedication to protecting our customers by regularly assessing and validating the protections and effective security practices we have in place.
BlueFlag Security successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that BlueFlag Security information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
BlueFlag Security was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com.
BlueFlag Security was audited by Customers and prospects can request access to the audit report here here.
Have a question or want to see BlueFlag Security in action? Contact us or schedule a demo and somebody will get back to you as soon as possible.
BlueFlag Security is an identity-based developer security company helping manage developer risks across the software development lifecycle process using a single integrated platform.
