Compliance and Certification

AICPA Service Organization Control

AICPA Service Organization Control 2 Report

The SOC 2 Report is completed following a review by an independent auditor. This report provides more detailed information regarding an organization’s controls relevant to security, availability, and confidentiality of data. BlueJeans currently undertakes a SOC 2 Type II audit on annual basis and can make the report available to current or potential customers upon execution of a non-disclosure agreement. If you are interested in viewing BlueJeans’ recent SOC 2 Type II report, please contact your account manager for more details.

AICPA Service Organization Control 3 Report

Our SOC 3 report is freely distributable and includes the service auditor's opinion on BlueJeans maintaining effective controls at the organization relevant to security, availability and confidentiality.

EU-U.S. Privacy Shield through BlueJeans

EU-U.S. Privacy Shield

BlueJeans complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. BlueJeans has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

GDPR Compliance

The General Data Protection Regulation (GDPR) unifies data privacy requirements across the European Union (EU) and has taken effect on May 25, 2018. The GDPR establishes data privacy as a fundamental right for EU citizens.

Key principles of GDPR include:

  • Lawful, fair and transparent of processing of personal data

  • Keeping personal data only as long as needed to fulfill the original purpose of collection

  • Having in place appropriate technical and organizational security measures help to protect data against unlawful processing, disclosure, access, loss, destruction, or alteration

  • Responding to and effectively handling data subject requests regarding their personal data

 

Data security and user privacy have always been priorities for BlueJeans. To better support your GDPR-compliant use of our services, we have been working in many areas, including the following:

  • Software, Systems and Processes

  • Data Security and Privacy Practices

  • Information Security Certifications

  • Cross-Border Data Transfers

  • Privacy Policy, contracts and data processing agreements

 

Software, Systems and Processes

BlueJeans has:

  • Modified its software, systems and processes to enable our end users and enterprise customers to proactively address requests by EU Nationals regarding personal data.

  • Systemized its response to user requests to correct, export or delete personal data.

  • Continued to review our systems and processes to prioritize privacy by design and by default.

 

BlueJeans continues to implement its existing technical and organizational measures regarding the security of personal data including routinely reviewing and updating security controls related to data retention, data at rest and in transit, and incident management.

 

Data Security and Privacy Practices

BlueJeans is continuously looking for ways to strengthen its data security and privacy practices, both in designing and providing our products and services as well as in our internal operations. Our current practices include the following:

  • BlueJeans protects data access with role based controls based on business-need-to-know.

  • Our production systems are hosted in tier-4 secure co-location data centers segregated in different security zones formed by use of perimeter devices and proxies.

  • BlueJeans conducts periodic network scans and penetration testing to assess risk and performs any needed mitigations.

  • BlueJeans employs encryption to protect personal data and anonymization to obfuscate certain aspects of data kept for statistical purposes.

 

To learn more about BlueJeans’ security practices please refer to our security page.

 

Information Security Certifications

BlueJeans has established strict information security policies and procedures encompassing security, availability, privacy and confidentiality of customer data. BlueJeans seeks and receives an AICPA SOC 2 Type II and SOC 3 compliance certification for those data practices every 12 months. Policy, Communications, Procedural, and Monitoring control activities, as well as Disaster Recovery are covered in these certifications. This certification attests to our BlueJeans’ ongoing commitment to rigorous data privacy and security controls across our organization.

 

Cross-Border Data Transfer Mechanisms

BlueJeans complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. BlueJeans has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.

Changes to Privacy policy, contracts and data processing agreements

BlueJeans has published an updated Privacy Policy to help meet the transparency and notice requirements required by the GDPR. We continue to do proper diligence on our subcontractors, subprocessors and service providers to help make sure personal data is treated and protected appropriately. Our updated list of subprocessors and subcontractors are here.

If you require a Data Processing Agreement as part of your company’s compliance requirements, please request a copy of our Data Processing Agreement by emailing privacy@bluejeans.com.