We know how important reliable IT is for organisations and when you’re looking to outsource critical IT infrastructure and support, having confidence in your service provider is essential. At Blue Chip, we use our technical expertise and customer focus to provide the level of customer experience that leaves a customer certain they made the right choice.
For us to demonstrate that standards are maintained, and our processes are based on credible frameworks, we are independently certified.
Blue Chip currently holds four ISO certifications, all audited annually by a UKAS-accredited certification body. We don’t view this as an annual box-ticking exercise, we strive to get real value from applying these management systems by embedding them throughout our organisation. This ensures we have effective controls, processes and governance in place and adopting a culture of continual improvement. These certifications cover all our services and sites.
We also undergo an annual independent review of Service Organisation Controls (SOC) which is focussed on related processes and controls, as well as an annual assessment for the Payment Card Industry Data Security Standard (PCI -DSS).
It’s vital that our customers to feel they are in safe hands. We help our customers meet their regulatory requirements for service outsourcing whilst making their ongoing due diligence processes simple by being able to provide the relevant information
To help us keep data secure, we have implemented an Information Security Management System (ISMS). ISO 27001 provides a framework, covered by 114 controls, for us to manage information security across several elements, such as:
We’ve been meeting these requirements of ISO 27001 since 2007.
At Blue Chip, the customer is at the heart of everything we do, and we are always striving to further improve our quality of service and the customer experience. We use the ISO 9001 quality management system (QMS) to organise and continually improve our processes across the business, increasing the consistency of output.
We seek feedback from customers on the service they receive, with the aim of providing exceptional service.
We’ve been ISO 9001 certified since 1996.
We care about our planet, so we’re committed to minimising our impact on the environment and becoming sustainable. Since being certified in 2007 for the ISO 14001 Environmental Management System (EMS) standard, we have an ecologically-minded focus, setting ourselves targets to lessen our environmental impact and carbon footprint.
Examples of Blue Chip environmental initiatives include:
We consistently hit our environmental targets. Our commitment to green IT helps our customers meet theirs.
We first became ISO 14001 certified in 2007
The availability of critical IT is crucial for a customer’s success. We play a key role here, thanks to our impressive capabilities to provide all services to customers in times of business disruption.
It is important to us that customers do not feel an impact when something happens to Blue Chip, so we maintain a rigorous schedule of testing where certain events are rehearsed.
We’ve developed outstanding resiliency across our business by meeting the ISO 22301 Business Continuity Management System (BCMS). This covers physical working location availability to critical IT resilience to pandemic planning.
As an organisation providing outsourced services to customers, Blue Chip undergo an annual independent review of service organisation controls (SOC), focused on related processes and controls. The subsequent SOC report details internal management processes and controls we’ve put in place. This additional assessment provides even greater assurance to our customers.
The SOC2 report looks at our non-financial reporting controls, relating to the two trust principles of security and availability. It covers common criteria in areas such as these:
The SOC 2 trust services criteria are aligned to the 17 principles of the COSO framework and provides us with another great way to identify opportunities for improvement.
Blue Chip is also a PCI DSS (Payment Card Industry Data Security Standard) Level 1 Service Provider for our managed hosting services, since November 2013.
This is the highest standard, only given to service providers who store, process or transmit in excess of 6,000,000 credit card transactions annually. It requires an annual Report on Compliance (ROC) with the assessment conducted by a Qualified Security Assessor (QSA).
As a provider of managed hosting services, we work with a variety of businesses, including those that accept electronic payments. While PCI DSS specifically protects cardholder data, the strict security processes we implement to comply with this standard, strengthen the security of any sensitive data we interact with.
PCI DSS is rightly seen as the gold standard in IT security controls, which are tested with a set of highly technical and comprehensive IT audit tests – 430 in total.
In addition, we have our own PCI Internal Security Assessor (PCI ISA), responsible for ongoing compliance for both Blue Chip and our customers, providing appropriate support and guidance throughout the process.
We’re proud to say we are a PCI Security Standards Council Participating Organisation which provides us the opportunity to input our opinion on any future development of PCI DSS standards.
