Compliance

The Bluewater Compliance Program seeks to consistently monitor, evaluate, and improve our focus on security by adopting 3rd party standards and audits. Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.

ISO 27001:2022 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how Bluewater perpetually manages security in a holistic, comprehensive manner. This widely recognized international security standard specifies that Bluewater do the following:

  • We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
  • We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
  • We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.

Bluewater has certification for compliance with ISO 27001:2013 . This certification is performed by independent third-party auditors. Our compliance with these internationally recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that the Bluewater security program is in accordance with industry leading best practices.

Cyber GRX logo

Bluewater has completed CyberGRX assessment which has been independently validated by CyberGRX partners, Deloitte and KPMG. Customers can leverage Bluewater’ CyberGRX report to reduce their supplier due-diligence burden. CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to Bluewater’ assessment each year. CyberGRX assessment provide advanced capabilities by integrating Bluewater’ responses with analytics, threat intelligence, and sophisticated risk models, based on known breach kill chains, to provide an in-depth view of Bluewater’s security posture.

Customers can use CyberGRX’s Framework Mapper feature which will allow them to map Bluewater’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.

How can I access Bluewater’s CyberGRX report?

Contact your Bluewater CSM or Solutions Consultant or email sales@bluewatercontrol.com. Once your request is approved, you will receive an email invitation with further instructions on how to access the report.

What outputs will Bluewater customers receive from CyberGRX?

Customers will receive full access to Bluewater’ Cyber GRX Vendor Profile.

Customers will have access to Bluewater’ CyberGRX Tier 2 Remote validated assessment. This features five control domains (Strategic, Operations, Core, Management, and Privacy), that include controls and sub-controls based on standard frameworks (e.g., ACSC, ISM, CMMC, ISO 27001)

Customers can use CyberGRX’s Framework Mapper feature which will allow them to map Bluewater’ assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.

How often is Bluewater’ CyberGRX assessment updated?

Bluewater’ CyberGRX assessment and evidence validation are updated annually. Once the assessment is updated, all Bluewater customers with access to Bluewater CyberGRX report will receive an email notification from the CyberGRX platform that Bluewater has updated their assessment.

Ready to get started?

Find out how Bluewater can help you save time and money to achieve a positive ROI.