Blusecube Cloud Services Limited – Security and Privacy of our customer’ data
Bluecube takes the security and privacy of its client’s data seriously. We welcome the introduction of the General Data Protection Regulation as an opportunity to demonstrate and deepen our commitment to data protection.
What we do
Bluecube provides managed cloud technology services including IT services & support, VoIP & UC, internet connectivity and mobile voice & data services. We help businesses with their office IT and communication requirements.
How secure is our data storage?
Customer data is stored on ZOHO, Tekton and Uboss. The International Organisation for Standardisation has certified ZOHO, Tekton and Uboss for ISO27001. This means that the ZOHO, Tekton and Uboss systems, processes and methodologies conform to the accepted best practice regarding security of data. ISO27001 governs the way that ZOHO, Tekton and Uboss handles any information, both in terms of where it is stored, how it is transmitted, how it is encrypted, and which members of staff have access to it.
The Uboss platform processes and stores phone system information, including call logging and call recordings. The platform is based on a geographically redundant database across two data centres in London. This model enables Uboss to provide high availability and quick disaster recovery. The data centres are protected by biometric locks, round-the-clock interior and exterior physical and automated surveillance monitoring. They have access control systems that permit only authorised personnel to have access to secure areas. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, employ environmental systems that monitor temperature, humidity and other environmental conditions, and contain strategically placed heat, smoke and fire detection and suppression systems. In the event of a power failure, uninterruptible power supply and continuous power supply solutions are used to provide power while transferring systems to on-site back-up generators. All systems used in the provision of our services, including firewalls, routers, network switches and operating systems, log information to their respective system log facility or a centralised server (for network systems) to enable security reviews and analysis. We carry out regular penetration tests to check the integrity of our systems.
Salesforce operates an information security management system (ISMS) for it’s cloud services in accordance with the ISO 27001 international standard and aligned to ISO 27017 and ISO 27018. Salesforce has achieved ISO 27001/27017/27018 certification for its ISMS from an independent third party, which confirms security has been built into every layer of the platform.
The popularity of Software as a Service (SaaS) products, like Office 365 or Salesforce, has prompted the providers of these services to ensure their products are GDPR compliant. Not only for their own protection, but as a selling point to businesses that now require compliance. Tekton’s ZOEY platform is no different, our infrastructure supplier is IASME GDPR certified and the data centres they host the infrastructure in are ISO27001 and IL2 certified too. This has allowed smaller businesses to use these services with a certain peace of mind, though just because you use specific programs or services that are GDPR compliant, does not necessarily mean that the entire business is within the law.
ISO27001 – Information Security Management
Union Street are certified against ISO/IEC 27001 and are regularly audited against this standard. A copy of Union Street’s Security Policy (ISP) can be requested by contacting Bluecube Telecommunications.
Union Street uses leading cloud infrastructure providers for hosting and storing client data. We ensure any cloud provider we use meets industry standards for data security and, in addition, our own ISO/IEC 27001 certified standards and controls for the data security.
Regular backups are taken for company and client data. Tests are conducted regularly to ensure reliability and ease of recovery.
Sensitive data will always be encrypted in transit. Data stored within our Cloud Platforms will also be encrypted in storage.
Protection and Detection
Throughout our IT infrastructure we have a variety of anti-malware solutions. These are intended to detect and protect against unauthorised intrusion or access of data. We also operate a defence-in-depth policy with regards to data infrastructure and appliances.
Data is only retained for the time necessary to process it for the purpose provided. While the purpose of processing data will vary (the many different types of employee data, for instance), should you require information on retention times on any type of data, please contact Bluecube Telecommunications.
Privacy by Design
As a software development house, data privacy, security and accuracy are considered from the initial design phase. This way we ensure due consideration is given to the protection and security of data in any new products or enhancements to the products we develop.
Our staff access
All our staff sign confidentiality agreements and receive regular training on data protection. Our staff operate from Bluecube’s main HQ based in the UK. Our service desk uses caller identification methods, including the requirement to only request account information or changes to an account following the issuance of a ticket or an email sent from a person associated with a Salesforce, Abillity or Uboss account, to avoiding disclosing information or making account changes to unauthorised personnel. Our staff operate out of building with secure, key-fob access with round the-clock surveillance (physical and automated) with alarm systems in place.
Cyber Essentials Accredited
Bluecube have Cyber Essentials Accreditation. This national Government and Industry endorsed scheme ensures that Bluecube audit the following areas of security on an annual basis:
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
We practice a routine annual internal audit at Bluecube, which helps our organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of information security management system, control, and governance processes.
In order to prevent the infection of Bluecube Telecommunications Ltd computers and networks and to avoid the potentially dire consequences of such infection, we have an Antimalware policy in place with number of key controls to be adopted. The key concept adopted in this policy is “defense in depth” and no single control should be relied upon to provide adequate protection. They are Firewall, Anti-virus, Spam filtering, Software installation and scanning, Vulnerability management, User awareness training, Threat monitoring and alerts, Technical reviews, and Malware incident management.
Bluecube have procedures and plans in place to prepare for disruptive events like a major failure in Lincoln, or a serious system outage with ZOHO, Tekton or Uboss etc. Bluecube also have a disaster recovery team with a group of individuals responsible for establishing and maintaining business recovery procedures. Once the decision has been taken to activate the plan, the plan owner (or deputy) will contact the members of the recovery team for actioning the plan.
© Bluecube Telecommunications Limited