BlastIQ Security and Privacy overview

Orica is commited to ensuring the security and privacy of our customer's data stored in the BlastIQ system. This is an overview of our approach to security and privacy, however we would be happy to provide additional information on request.

Privacy Policy

BlastIQ operates in compliance with the Orica privacy policy, available here: https://www.orica.com/Privacy

Security Testing

BlastIQ undergoes independent 3rd party security testing at least annually (and additionally on demand as required) in line with company procedures. Testing includes penetration testing (unauthorised access) and internal data segregation security (testing for authorised access beyond privileges).

Critical and High severity vulnerabilities are remediated with the highest level of urgency by the BlastIQ engineering team. Security Audit Reports are not provided to customers for security reasons.

Security Breach Notification

As required by law, Orica will notify customers and users in a timely manner of a Notifiable Data Breach. In addition Orica will notify customers in a timely manner if any of their data in BlastIQ is the subject of a Data Breach.

Data Storage Location

Data stored in BlastIQ is located in Azure and AWS data centres in Singapore. Encrypted backups my be stored in Hong Kong for geo-redundancy. For data security information relating to infrastructure platforms please refer to https://aws.amazon.com/security/ and https://azure.microsoft.com/en-au/overview/security/

Data Backup

Automatic backups are taken on a minimum of a daily basis for all datastores, critical transactional systems have much shorter backup windows. Encrypted backups are stored in Azure Hong Kong for geo-redundancy or within a different AWS availability zone in Singapore.

System Availability

BlastIQ Systems are hosted as distributed cloud services with zero-downtime upgrades for most deployments. Historical availability and planned Maintenance or Incidents impacting availability of the BlastIQ system components are published at https://status.blastiq.com and customers can subscribe to receive notifications of planned maintenance outages and incidents affecting availability.

Change Management

BlastIQ is offered as a multi-tenanted Software as a Service offering. Customers are not consulted for approval of changes, however Public APIs are versioned for breaking changes and customers have time of concurrent versions operating to facilitate upgrades.

Public notifications of application updates can be subscribed to via https://status.blastiq.com with release notes published for end user applications on the BlastIQ Support Centre https://support.blastiq.com/release-notes

The BlastIQ system changes are all tested in Development and Test environments prior to release, these environments contain mock data for security reasons (A Customer’s data will not be removed from the Production Environment).

All code changes are peer reviewed, then tested in development and test environments using automated test suites and manual testing prior to release to the production environment.

Secure Application Development

The BlastIQ Engineering team practices secure application development in accordance with a documented Secure Application Development standard.

All code changes are peer reviewed and merged using source control systems with audit records and history of changes.

All application builds and deployments to cloud infrastructure or release for download are performed using automated continuous integration systems to ensure reliability, repeatability and security.

Data Ownership

Please refer to your BlastIQ Commercial Agreeement for Data Ownership contract terms.

Data Portability

Data stored in the BlastIQ System can be extracted by the customer using the BlastIQ Public API, documented here: https://support.blastiq.com/hc/en-us/articles/360015817533

Data Access

Users with access to a customer's data are categorised into Read, Write and Admin roles and are visible within the BlastIQ Administration portal at blastiq.com/admin 

A limited number of BlastIQ team members have access to customer data for support and maintenance purposes. These team members operate within strict guidelines to ensure customer data is managed securely and privately at all times.

Encryption

All BlastIQ data is encrypted in transit using Transport Layer Security (TLS). Data stored in the BlastIQ Data Lake is encrypted at rest, some data stores in the BlastIQ cloud are not encrypted at rest but are located within secure facilites managed by Microsoft (see Data Storage Location above for links to Microsoft's physical security information)

Single Sign On

Single Sign On to BlastIQ is used for all Orica employees (including mandatory multi-factor authentication). 

Single Sign On is available to customers with an Azure Active Directory for their domain (e.g. @customer.com), please raise a support request if you would like to set this up for your domain users.

Logging and Auditing

All activities on BlastIQ, particularly those relating to security are logged. BlastIQ is a multi-tenanted application and these logs are not available to customers at this time.

Domain Whitelist

BlastIQ relies on connectivity from the customer's devices to a number of internet domains to provide the services, they are detailed here: https://support.blastiq.com/hc/en-us/articles/360013898633

Minimum System Specifications

The minimum system requirements to run BlastIQ are documented here: https://support.blastiq.com/hc/en-us/articles/360035362513

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request