Software data security and code integrity

How do we ensure anonymized test data?

Our test data is refreshed to baseline test data each night before test automations take place. There is both physical and logic separation between production and test environments. No customer production data is held at Blue Prism. Any data from customers required for testing purposes is sanitized and anonymized to ensure all content is non-sensitive.

How do we store code safely?

Blue Prism uses GIT, which is the industry-standard source code repository. Individual development team members are provided access to development/test systems according to their role. Role-based access control is realized with a combination of systems, including GitLab, HTTPS, and SSH authentication.

Specific access to Blue Prism source code is further secured through 2048-bit RSA-based SSH key pairs.

How do we ensure release integrity and validation?

All software releases are built and verified in an automated, secure, clean room environment and signed with a code signing certificate within that same environment. All servers run up-to-date anti-virus software.

Following this, automated and manual verification takes place alongside automated testing across a wide range of platforms and configurations. When a release is approved, secure publication to the Blue Prism customer and partner portal is again automatically handled, leaving an audit trail of the entire release life cycle.

The source code and build scripts can only be obtained over an SSH connection, with ECDSA keys verifying the remote server to ensure the integrity of the transferred code.

Blue Prism use a code signing certificate to protect against accidental or malicious alteration of the application files. The code signing certificate is secured with the source code and is not available outside that environment, assuring the integrity of the source and any installer signed with it.