Skip to main content

Security Policy

Protect your business and plan with greater peace of mind

The best strategies can be undermined with improper security. Blue Ridge delivers enterprise-wide cloud security. Manage tools for user access, data encryption, and compliance with today’s industry standards. Act with assurance and safety on a single planning platform with secure architecture and stay focused on running your business and reaching your financial goals.

Development Practices

  1. Blue Ridge follows Secure Software Development Life Cycle (SSDLC) – a systematic standard security process model to develop a secure application from inception to release.
  2. Solid configuration management and release process and procedure in place
  3. Controlled access to different environments
  4. Web Application Security Practices.
  5. Infrastructure Security

Security

Blue Ridge cloud-native supply chain solutions are built from the ground up using the core principle of information security known as AIC (Availability, Integrity, Confidentiality)

  • Security training -Information security management system (ISMS) training to all employees.
  • Internal security and privacy- Privacy by design with a commitment to use customers’ information only to deliver services and not for providing unrelated services like advertisements.
  • Audit and Compliance – SOC 2 Certified. Audit Compliance perspective all key events, data and log are maintained.
  • Operational security – administrates a vulnerability management, malware prevention process that actively scans for security threats using a combination of commercially available tools.
  • Identity and access
    • Least privilege admin model
    • Use strong authentication
    • Enforce stringent security standards
  • Incident Management – rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. If an incident occurs, the IT team logs and prioritizes it according to its severity.
  • Application – Safe to host certified by conducting penetration tests from third parties periodically. Public endpoints encrypted with HTTS (TLS 1.1+)
  • Data – Customer data isolation. Fault Tolerance and Disaster Recovery powered by strong DR and back up procedure and processes.

Monitoring

  • Comprehensive view on application Availability, Reliability and Performance
  • Monitor capabilities from both server-side and client-side perspective
  • Runtime and Proactive monitoring of Infrastructure
  • Correlation between the application activity and load and the infrastructure state it resides on
  • Create actionable alerts with actions
  • Prepare dashboards and workbook
AICPA SOC Certification
Safe Host Certification