Cloud Security Controls
Effective date: December 11, 2013
Blue Coat Cloud Security Services is based on a solid technical and operational security platform. Advanced security technologies have been implemented to protect customer's data and service availability and performance. Operationally, Blue Coat has implemented a formal Information Security Management System (ISMS) that includes all the policies, processes and controls to maximize data availability and protection. The ISMS is based on ISO standards and governs all aspects of service delivery and operations.
Blue Coat has selected internationally recognized standards to validate its security processes, tools and controls meet customer’s data integrity, availability and protection. In addition to continuous internal reviews and audits, we have engaged with industry recognized auditing firms to confirm our adherence to these standards, which will provide customers with a high confidence that their data and service requirements will be met under strict security, availability and privacy controls.
To ensure delivery of the highest level of security and availability to its customers, Blue Coat has implemented an Information Management Security System and obtained the ISO 27001 certification. We are absolutely dedicated to continuously proving our commitment to best security practices while providing customers with confidence in our Cloud services.
Pursuing ISO2001 certification was a natural choice since it best represents our risk based service delivery approach and security best practices. This internationally recognized set of systems and network security, operational controls, data privacy and governance represent a comprehensive security management model that governs all aspects of our Cloud services delivery.
We partner with NQA, a world-leading registrar, to perform external audits of our ISMS effectiveness and adherence. During a six-month process and multiple audits, we earned the ISO 27001 certification in January 2014.
Blue Coat as a services organization understands the importance of earning customer’s trust in our services while continuously proving our commitment to security.
We selected SSAE16 as another core standard to provide assurance to our customers that the required control and security objectives are designed and efficiently operated as part of our Cloud service delivery.
Pursuing the SSAE16 certification required us to develop an in-depth and comprehensive description of the “system” supporting all services, policies, procedures, personnel and operational activities following SSAE16 recognized audit guides.
For a period of six months, Marcum LLP, a nationally recognized Accountants and Advisors firm, conducted an independent review of the Cloud systems description and our effectiveness operating these security and service delivery controls. Their audit report did not identify any exceptions.
The SSAE16 audit report, including a management security controls statement and auditors validation, is available to any customer upon request.
Report of Organizational Actions Affecting Basis Securities