Blueboard security program overview.

Blueboard’s comprehensive security program ensures that our client's data is secure and protected. We’re able to identify flaws and reduce risks using industry-standard security frameworks, layered security controls, and third-party assessments.

Blueboard is committed to protecting our corporate brand and meeting all of our regulatory obligations. We embrace the concept of defense-in-depth to ensure robust security controls are in place at multiple levels in order to meet the most demanding security requirements.

Blueboard’s security program and controls are based on industry best practices and frameworks, including NIST Cyber Security Framework.

External audits and regulatory compliance.

As part of our commitment to a robust information security program, Blueboard undergoes annual third-party audits and assessments, including SOC 2 Type 2, risk assessments, and external penetration tests, which are used to identify gaps, correct flaws, and manage risks to acceptable levels.

As part of our commitment to information security Blueboard undergoes annual third-party audits and assessments— such as SOC 2 Type 2, risk assessments, and external penetration tests— which are used to identify gaps, correct flaws, and manage risks to acceptable levels.

Blueboard is required to meet both GDPR, as well as the California Consumer Privacy Act (CCPA). We are both financially and culturally committed to meeting the terms and obligations of these pieces of legislation.

Trusted vendors.

Blueboard evaluates the security controls of prospective vendors before entering into any service agreements. We do this to ensure service providers have security controls that meet or exceed our own internal security requirements.

Blueboard uses cloud service providers, which have extremely high-security standards and practices.

+ Read more
- Read less

These providers have been accredited or comply with:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16

  • PCI Level 1

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)

  • GDPR

At Blueboard, we’re committed to maintaining the integrity, confidentiality, and availability of our systems and customer data.

+ Read more
- Read less

Each of our service providers encrypts data in transit, in use, and at rest using TLS and AES-256 encryption.

Application security and monitoring.

Blueboard uses OWASP frameworks to make sure security is “baked in” to our customer-facing web applications.

We regularly scan for security vulnerabilities in our web applications and user endpoints. All critical and high-level security vulnerabilities are remediated in an expedited fashion. Any breach of security— actual or suspected— is reported to and investigated by the Blueboard Information Security Team.

Security is part
of our culture.

At Blueboard, we take a “layered approach” to protecting assets. Which means we embed technical security controls within organizational practices to create strong layers of defense.

We believe people are the strongest security control. Each Blueboard employee goes through mandatory, ongoing security awareness training. Our security team measures and reports on results, and acts on any identified  opportunities for improvement.

+ Read more
- Read less

Blueboard relies on both passive and active physical security controls, designed to protect our assets and employees from various types of attacks, such as sabotage, damage, and criminal activity.

Employee on Blueboard's secure platform.

Questions and contact information.

If you have any questions about this Security Statement or want to learn more about our security practices, please contact us at support@blueboard.com.

Looking for the best way to reward, recognize and incentivize your top people?

Connect with our team for a personalized demo of our recognition and rewards platform and see our hand-curated experience menus.

Request a demo
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Cookies Policy for more information.