The localization partner you can trust

BLEND Information Security Policy requirements apply to the entire BLEND organization and must be adhered to by all employees and individuals involved in these business processes.

All BLEND employees are required to follow the organization’s information security policy. BLEND’s Information Security Management System (ISMS) is overseen by its Chief Information Security Officer (CISO). BLEND is ISO-27001 certified.

All BLEND employees complete ongoing security and awareness training. We conduct regular access audits, password updates, and operate according to the principle of the least privilege. We also provide role-specific security training.

All employee laptops have encrypted hard drives and are password protected. System administrators are the only ones authorized to install, configure, and alter the hardware. All software installations, additions, modifications, and connectivity are monitored, reported, and automatically mitigated where needed.

Delivery and removal of equipment to/from the data center facility are authorized, logged, and always monitored. User-specific access credentials and MFA methods are required to access workstation equipment, services, and applications.

BLEND’s office is monitored and protected by security and fire alarm systems. CCTV cameras are installed throughout the office and capture entrances and exits. Sensitive areas are protected with entry controls, with only authorized personnel allowed access.

All BLEND facilities are in the Cloud, with no employee physical access.

BLEND’s internal network is restricted, segmented, and password protected, with all network security-related events logged.

Our team of server specialists keeps the software and its dependencies up to date to eliminate potential security vulnerabilities. We use monitoring solutions to prevent and eliminate software attacks.

BLEND utilizes a protocol to handle security events, including escalation procedures, mitigation procedures, and post-mortem investigations. All employees are informed of our policies.

A background check is performed on all new employees, contractors, or other individuals with access to BLEND’s systems or the network in accordance with local laws.

BLEND implements vendor risk management practices to ensure that third parties are scrutinized and comply with security standards. See our sub-processors.

BLEND uses Amazon Web Services (AWS) data centers for our computing infrastructure. AWS has ISO 27001 certification and has completed multiple SSAE 16 audits. For more information on their security measures, visit the AWS Cloud Security page.  

We employ the most up-to-date methods and tools to keep our environment safe:

•         Network segmentation and isolation
•         All endpoints are firewalled and monitored
•         Resource Access is available for approved personnel and logged
•         Traffic is encrypted monitored for suspicious or malicious activity using AWS tools
•         Redundant backup for VMs
•         Cross-cloud backups for data

In addition to the benefits provided by AWS, our application has additional built-in security features:

•       Two-Factor Authentication
•       REST API Authentication (API Key)
•       Role-based restrictive permission system
•       Backups and versioning
•       Password complexity standard
•       Following OWASP Web-development security standards

BLEND does not store any customer billing information on our servers. All payments go through PCI-compliant partners. More details about their security setup can be found on our vendor list.

Customer data can only be accessed by authorized employees who require it for work purposes. We can limit data access upon request. Please consult your Project Manager.

We retain data for as long as necessary for business purposes. Custom retention periods and conditions can be configured for enterprise clients. Please consult your Project Manager.

BLEND has developed Disaster Recovery and Business Continuity plans, which are regularly tested and updated.

BLEND conducts annual penetration testing by an independent, third-party security audit agency. No customer data is exposed to the agency. A summary of the penetration test findings is available to enterprise customers upon request.