Security at Bluestone PIM

Compliance and Certifications

Bluestone PIM demonstrates its commitment to security through rigorous, independent verification.

Bluestone PIM holds the accredited certification for ISO/IEC 27001:2022. This gold-standard certification validates that the company operates a comprehensive Information Security Management System (ISMS) covering the entire PIM platform, professional services, and engineering operations.

Bluestone PIM is also SOC 2 Type II certified. These detailed audit reports provide independent assurance that internal controls regarding Security, Availability, and Confidentiality are operating effectively over time.

Additionally, Bluestone PIM is fully compliant with the General Data Protection Regulation (GDPR). The company maintains transparent Data Processing Agreements (DPAs) and adheres to strict privacy-by-design principles to ensure personal data is processed lawfully.

Global Infrastructure and Reliability

The platform runs on Amazon Web Services (AWS), benefitting from industry-leading physical and environmental security.

Bluestone PIM employs a resilient multi-zone architecture for high availability. Services and data are replicated across multiple Availability Zones (AZs) to guarantee redundancy. Traffic automatically reroutes to healthy instances in the event of an outage, ensuring uninterrupted service.

The production environment operates within a Virtual Private Cloud (VPC) for robust network defense, creating a strict boundary between customer data and the public internet. The platform utilizes AWS Web Application Firewalls (WAF) and CloudFront to filter malicious traffic and provide robust protection against Distributed Denial of Service (DDoS) attacks.

Data Protection

Bluestone PIM secures data at every stage of its lifecycle.

All data transmitted between users and the platform is protected using strong TLS 1.2+ (HTTPS) encryption. Data at rest, including live databases and backups, is encrypted using the AES-256 standard, ensuring it remains unreadable to unauthorized parties.

To safeguard against data loss, the platform performs daily incremental and full backups of production databases. Disaster recovery plans are tested annually to verify that operations can be restored quickly and effectively in the event of a major disruption.

Application Security

Security is built into the software development process, not added as an afterthought.

Engineering teams align development practices with the OWASP Top 10 document. Development, testing, and production environments are strictly separated to prevent accidental interference or exposure.

The security team performs automated vulnerability scanning on a weekly and monthly basis. Identified risks are prioritized and patched strictly according to their severity. Furthermore, Bluestone PIM partners with independent, third-party security firms to conduct annual penetration tests of the application and infrastructure. This proactive approach helps identify and remediate potential weaknesses before they can be exploited.

Operational Security

Access to production environments is granted on a strict need-to-know basis. The principle of least privilege is enforced and access rights are audited quarterly to ensure compliance.

Multi-Factor Authentication (MFA) is mandatory for all employees accessing corporate systems, cloud resources, and administrative interfaces.

All corporate workstations are secured with full-disk encryption and monitored by centrally managed Endpoint Detection and Response (EDR) agents to detect and block malware.

Reporting Security Issues

Bluestone PIM values the security community. If you identify a potential vulnerability, please report it immediately.

Contact: security@bluestonepim.com

The security team acknowledges all reports promptly and collaborates with researchers to validate and resolve findings.