Bluecube takes the security and privacy of its client's data seriously. We welcome the introduction of the General Data Protection Regulation as an opportunity to demonstrate and deepen our commitment to data protection.
Bluecube provides next-generation communication services including VoIP and analogue telephony, call logging and call recording, internet and mobile services. We help businesses with their office communication requirements.
Customer data is stored on Salesforce, aBILLity and Uboss. The International Organisation for Standardisation has certified Salesforce, aBILLity and Uboss for ISO27001. This means that the Salesforce, aBillity and Uboss systems, processes and methodologies conform to the accepted best practice regarding security of data. ISO27001 governs the way that Salesforce, aBILLity and Uboss handles any information, both in terms of where it is stored, how it is transmitted, how it is encrypted, and which members of staff have access to it.
The Uboss platform processes and stores phone system information, including call logging and call recordings. The platform is based on a geographically redundant database across two data centres in London. This model enables Uboss to provide high availability and quick disaster recovery. The data centres are protected by biometric locks, round-the-clock interior and exterior physical and automated surveillance monitoring. They have access control systems that permit only authorised personnel to have access to secure areas. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, employ environmental systems that monitor temperature, humidity and other environmental conditions, and contain strategically placed heat, smoke and fire detection and suppression systems. In the event of a power failure, uninterruptible power supply and continuous power supply solutions are used to provide power while transferring systems to on-site back-up generators. All systems used in the provision of our services, including firewalls, routers, network switches and operating systems, log information to their respective system log facility or a centralised server (for network systems) to enable security reviews and analysis. We carry out regular penetration tests to check the integrity of our systems.
Salesforce operates an information security management system (ISMS) for it's cloud services in accordance with the ISO 27001 international standard and aligned to ISO 27017 and ISO 27018. Salesforce has achieved ISO 27001/27017/27018 certification for its ISMS from an independent third party, which confirms security has been built into every layer of the platform.
aBILLity holds customer contact, service and billing information. As a data controller aBILLity holds some personal customer contact information to allow us to meet contractual obligations. Union Street, the organisation behind aBILLity, have performed Privacy Impact Assessments (PIAs) to identify their data stores and to ensure there is a lawful reason for holding such data. They have clear procedures in place to deal with all types of personal data requests to meet our commitments to the General Data Protection Regulations (GDPR). We do not share this data with third parties.
Users of products and services will always be informed of how any personal data will be collected and used as part of the submission process. Should a user wish to know what personal data is recorded about them, they can request this from Bluecube Telecommunications. You can also contact Bluecube should you require your personal information to be rectified, no longer processed, or completely erased.
For submission of any enquiry related to individual rights under the GDPR please contact Bluecube Telecommunications. As a data controller we maintain oversight of our data and continually review our processes and procedures on how we secure data within aBILLity.
aBILLity offer clients a bureau billing service in which they process billing information on our behalf and with our consent. Personal contact information for all our customers is either held within their EU cloud platforms or within their own on-premise IT network. We have access to those systems to carry out the billing process and do not use the data contained within those systems for any other purpose.
We meet recommended industry standards for processing such information and have gained Total Metering and Billing System (TMBS) certification to attest to our compliance with those standards. Through our TMBS certification there is a high focus on billing accuracy. For this we are independently audited in key areas related to the processing of billing activities.
The types of data processed primarily include telephone numbers, address details, account details, customer details and payment details, not all of which would necessarily fall into the Information Commissioner's Office's (ICO) definition of personal data.
Staff who process Personally Identifiable Information (PII) within their job roles have all signed a confidentiality agreement as well as receiving training on the GDPR and data security. We delete all customer databases that reside within our network within a week of the contract end date, unless there is a lawful or contractual reason not to do so.
We operate according to the principle of least privilege, ensuring a strict access control policy is in place. Access is restricted and allowed only to those individuals who require it as part of their "Job Role." This ensures that any data Bluecube Telecommunications processes is accessed only by appropriately trained staff. Our clients' billing data is not readily available to all staff at Bluecube Telecommunications and is always securely accessed.
ISO27001 - Information Security Management
aBILLity are certified against ISO/IEC 27001 and are regularly audited against this standard. A copy of Union Street's Security Policy (ISP) can be requested by contacting Bluecube Telecommunications.
Union Street uses leading cloud infrastructure providers for hosting and storing client data. We ensure any cloud provider we use meets industry standards for data security and, in addition, our own ISO/IEC 27001 certified standards and controls for the data security.
Data BackupRegular backups are taken for company and client data. Tests are conducted regularly to ensure reliability and ease of recovery.
Sensitive data will always be encrypted in transit. Data stored within our Cloud Platforms will also be encrypted in storage.
Protection and Detection
Throughout our IT infrastructure we have a variety of anti-malware solutions. These are intended to detect and protect against unauthorised intrusion or access of data. We also operate a defence-in-depth policy with regards to data infrastructure and appliances.
Data is only retained for the time necessary to process it for the purpose provided. While the purpose of processing data will vary (the many different types of employee data, for instance), should you require information on retention times on any type of data, please contact Bluecube Telecommunications.
Privacy by Design
As a software development house, data privacy, security and accuracy are considered from the initial design phase. This way we ensure due consideration is given to the protection and security of data in any new products or enhancements to the products we develop.
Our staff access
All our staff sign confidentiality agreements and receive regular training on data protection. Our staff operate from Bluecube's main HQ based in the UK. Our service desk uses caller identification methods, including the requirement to only request account information or changes to an account following the issuance of a ticket or an email sent from a person associated with a Salesforce, Abillity or Uboss account, to avoiding disclosing information or making account changes to unauthorised personnel. Our staff operate out of building with secure, key-fob access with round the-clock surveillance (physical and automated) with alarm systems in place.Cyber Essentials Accredited
Bluecube have Cyber Essentials Accreditation. This national Government and Industry endorsed scheme ensures that Bluecube audit the following areas of security on an annual basis:
We practice a routine annual internal audit at Bluecube, which helps our organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of information security management system, control, and governance processes.
To prevent the infection of Bluecube Telecommunications Ltd computers and networks and to avoid the potentially dire consequences of such infection, we have an Antimalware policy in place with number of key controls to be adopted. The key concept adopted in this policy is "defense in depth" and no single control should be relied upon to provide adequate protection. They are Firewall, Anti-virus, Spam filtering, Software installation and scanning, Vulnerability management, User awareness training, Threat monitoring and alerts, Technical reviews, and Malware incident management.
Bluecube have procedures and plans in place to prepare for disruptive events like a major failure in Lincoln, or a serious system outage with Salesforce, Abillity or Uboss etc. Bluecube also have a disaster recovery team with a group of individuals responsible for establishing and maintaining business recovery procedures. Once the decision has been taken to activate the plan, the plan owner (or deputy) will contact the members of the recovery team for actioning the plan.
© Bluecube Telecommunications Limited