Information and platform security

Corporate information security

Blue Prism has a comprehensive information security strategy and documented policies across several areas, such as employee vetting, physical asset management, logical security, and access control to electronic devices, use of personal equipment (for example, mobile devices), etc.

Blue Prism takes network security very seriously and adds further controls to mitigate the risk of viruses or malware breaching any aspect of the network. There are several policies and controls in place to assure this that govern corporate security, physical site access, logical and remote network access, antivirus software, and email scanning processes.

Security and vulnerability assessments are carried out periodically, which validate the appropriateness of the controls that are in place. These include input validation and sanitization; authentication and access control; audit; and management of sensitive information. Blue Prism is ISO 27001 compliant throughout the organization. Blue Prism corporate information security is led and overseen by our IT Services organization.

Development platform security

Development on physical devices

Each physical development machine is secured by centrally enforced operating system controls, which administer high-quality security measures, including full disk encryption, anti-virus software, and network firewalls.

Provision and maintenance of centralized development and test environments

Centralized development and test systems are managed through central access control policy. Security patches are validated and applied to the operating systems. Microsoft patches are made available to Blue Prism through the Microsoft Insider program.

Access controls of centralized test environments

Direct or native access to the centralized test environments is not typically permitted. Access is instead offered through a VPN or secured web socket proxy provided only over HTTPS (TLS), with individual user accounts managed within the support system's version control repository and a multi-factor authentication process. Direct access is only permitted and available to a small number of authorized administrators for diagnostics and troubleshooting purposes.

All test environments are protected by file system permissions and operating system access controls, which are managed centrally via a configuration management system.