We know how important reliable IT is for organisations and when you’re looking to outsource critical IT infrastructure and support, having confidence in your service provider is essential. At Blue Chip, we use our technical expertise and customer focus to provide the level of customer experience that leaves a customer certain they made the right choice.
For us to demonstrate that standards are maintained, and our processes are based on credible frameworks, we are independently certified.
Blue Chip currently holds four ISO certifications, all audited annually by a UKAS-accredited certification body. We don’t view this as an annual box-ticking exercise, we strive to get real value from applying these management systems by embedding them throughout our organisation. This ensures we have effective controls, processes and governance in place and adopting a culture of continual improvement. These certifications cover all our services and sites.
We also undergo an annual independent review of Service Organisation Controls (SOC) which is focussed on related processes and controls, as well as an annual assessment for the Payment Card Industry Data Security Standard (PCI -DSS).
It’s vital that our customers to feel they are in safe hands. We help our customers meet their regulatory requirements for service outsourcing whilst making their ongoing due diligence processes simple by being able to provide the relevant information
As an organisation providing outsourced services to customers, Blue Chip undergo an annual independent review of service organisation controls (SOC), focused on related processes and controls. The subsequent SOC report details internal management processes and controls we’ve put in place. This additional assessment provides even greater assurance to our customers.
The SOC2 report looks at our non-financial reporting controls, relating to the two trust principles of security and availability. It covers common criteria in areas such as these:
The SOC 2 trust services criteria are aligned to the 17 principles of the COSO framework and provides us with another great way to identify opportunities for improvement.
Blue Chip is also a PCI DSS (Payment Card Industry Data Security Standard) Level 1 Service Provider for our managed hosting services, since November 2013.
This is the highest standard, only given to service providers who store, process or transmit in excess of 6,000,000 credit card transactions annually. It requires an annual Report on Compliance (ROC) with the assessment conducted by a Qualified Security Assessor (QSA).
As a provider of managed hosting services, we work with a variety of businesses, including those that accept electronic payments. While PCI DSS specifically protects cardholder data, the strict security processes we implement to comply with this standard, strengthen the security of any sensitive data we interact with.
PCI DSS is rightly seen as the gold standard in IT security controls, which are tested with a set of highly technical and comprehensive IT audit tests – 430 in total.
In addition, we have our own PCI Internal Security Assessor (PCI ISA), responsible for ongoing compliance for both Blue Chip and our customers, providing appropriate support and guidance throughout the process.
We’re proud to say we are a PCI Security Standards Council Participating Organisation which provides us the opportunity to input our opinion on any future development of PCI DSS standards.