Blueboard security program overview.
Blueboard’s comprehensive security program ensures that our client's data is secure and protected. We’re able to identify flaws and reduce risks using industry-standard security frameworks, layered security controls, and third-party assessments.
Blueboard is committed to protecting our corporate brand and meeting all of our regulatory obligations. We embrace the concept of defense-in-depth to ensure robust security controls are in place at multiple levels in order to meet the most demanding security requirements.
Blueboard’s security program and controls are based on industry best practices and frameworks, including NIST Cyber Security Framework.
External audits and regulatory compliance.
As part of our commitment to a robust information security program, Blueboard undergoes annual third-party audits and assessments, including SOC 2 Type 2, risk assessments, and external penetration tests, which are used to identify gaps, correct flaws, and manage risks to acceptable levels.
As part of our commitment to information security Blueboard undergoes annual third-party audits and assessments— such as SOC 2 Type 2, risk assessments, and external penetration tests— which are used to identify gaps, correct flaws, and manage risks to acceptable levels.
Blueboard is required to meet both GDPR, as well as the California Consumer Privacy Act (CCPA). We are both financially and culturally committed to meeting the terms and obligations of these pieces of legislation.
Trusted vendors.
Blueboard evaluates the security controls of prospective vendors before entering into any service agreements. We do this to ensure service providers have security controls that meet or exceed our own internal security requirements.
Blueboard uses cloud service providers, which have extremely high-security standards and practices.
At Blueboard, we’re committed to maintaining the integrity, confidentiality, and availability of our systems and customer data.
APP FRAMEWORKS
Application security and monitoring.
Blueboard uses OWASP frameworks to make sure security is “baked in” to our customer-facing web applications.
We regularly scan for security vulnerabilities in our web applications and user endpoints. All critical and high-level security vulnerabilities are remediated in an expedited fashion. Any breach of security— actual or suspected— is reported to and investigated by the Blueboard Information Security Team.
OUR APPROACH
Security is part
of our culture.
At Blueboard, we take a “layered approach” to protecting assets. Which means we embed technical security controls within organizational practices to create strong layers of defense.
We believe people are the strongest security control. Each Blueboard employee goes through mandatory, ongoing security awareness training. Our security team measures and reports on results, and acts on any identified opportunities for improvement.
Questions and contact information.
If you have any questions about this Security Statement or want to learn more about our security practices, please contact us at bb-security@blueboard.com.
Does Blueboard have a security statement?
How does Blueboard protect our data?
How do we authenticate to Blueboard's application?
What types of personal data does Blueboard collect?
Has Blueboard suffered a security or data breach in the last 5 years?
Does Blueboard store or process data outside the United States of America?
If Blueboard processes data outside the US, how do you comply with GDPR?
Does Blueboard share any of its data with third parties (e.g. subprocessors)?
Looking for the best way to reward, recognize and incentivize your top people?
Connect with our team for a personalized demo of our recognition and rewards platform and see our hand-curated experience menus.
Let's talk
