Trust & Verification Hub

This page provides insights into the data we access and how we protect it. Our rigorous approach to security is backed by our certifications, partnerships and verified compliance documentation. 

Our Security Approach

Strategic Blue reduces cloud costs by focusing entirely on optimizing the pricing rates paid for cloud services. Key to this “rate optimization” is the use of cloud vendor commitments such as AWS Reserved Instances and Savings Plans or Google standard and flexible committed use discounts. These enable access to discounted rates in exchange for a commitment to spend agreed amounts or use particular services over a defined term.

Our Information Security approach revolves around minimizing and protecting the data we need access to:

  • We use a least-privilege approach to gain access to cloud cost & usage, billing metadata on a non-intrusive basis.  
  • We operate in a way that makes it easy to isolate and audit what we’re doing.
  • We do not need access to the data within your cloud accounts/projects, or the ability to affect technical operation or configuration of your cloud services.

We combine policies, procedures and technical controls to ensure a consistently robust approach is maintained through our people and technology. We adhere to industry recognized standards such as ISO 27001 and ISO 9001. Security obligations are reflected in our contractual agreements with customers, cloud vendors, suppliers and partners. 

Partners & Praise

Security & Compliance Functions

Our business is built upon reliable and secure services. We have established a strong security and compliance function for all our services, which is embedded in all of our processes.

AWS Data Access Policy

We will only ever request access to, and store, the minimum information we need. 

View our Policy
GCP Data Access Policy

We will only ever request access to, and store, the minimum information we need. 

View Our Policy
Data Protection & Privacy

Minimal data held and secure by design. 

 

View our policy
GDPR Policy

Committed to applying the principles of GDPR to your data.

 

View our statement
Security Audit & Certification

Internal audit and externally validated certification for our secure approach. Including ISO 27001 and Cyber Essentials

View our certification
Information Security Approach

Minimal Access to customer data, using cost meta-data only.

 

View our approach
Information Security Controls

Visibility of our commitment to security across the organization.

View our security controls
Security Audit & Certification

Internal audit and externally validated certification for our secure approach. Including ISO 27001 and Cyber Essentials

View our certification
Environmental Audit & Certification

Internal audit and externally validated  certification for our ISO 14001 based environmental and sustainability policies.

View our policies
Environment & Sustainability Policy

We are committed to reducing our environmental impact and ensuring a sustainable future.

 

 

View our policy
Carbon Reduction Plan

Strategic Blue aims to be net carbon zero by 2040. 

 

Read our plan
Company Policy

We are a flexible, medium-sized organization with strong support for our staff and a commitment to equality. 

View our policy
Supply Chain Management

We review and vet our suppliers to ensure compliance with our ethos and values.

 

View our statement
Modern Slavery Statement

Strategic Blue is committed to the Modern Slavery Act and the abolition of modern slavery and human trafficking.

 

View our statement
Governance Audit & Certification

Internal audit and externally validated  certification for our ISO 9001 quality management and governance policies.

View our policies
Corporate Governance

Strategic Blue has embedded policies and processes to ensure the organization is structured and governed effectively.

 

View our policy
Risk Management

The Risk Management Policy summarizes our approach to identifying, assessing, and mitigating risks to protect our organization. 

Read our policy

Frequently Asked Questions

What compliance frameworks does Strategic Blue adhere to?

Our current certification portfolio includes CSA STAR (Cloud Security Alliance Security Trust Assurance and Risk), Cyber Essentials, ISO 27001:2022 (Information Security Management System), ISO 9001:2015 (Quality management systems) and ISO 14001:2015 (environmental management systems).

 

Are you SOC 2 accredited?

We are not currently SOC accredited, but we do have ISO 27001 certified and our CSA STAR accreditations can be translated into SOC standards using the CSA compliance mapping tool.

 

What is UKAS?

UKAS is the UK Accreditation Service, and is set up to assess the competence of organizations that provide certification, testing, inspection and calibration services. It evaluates these conformity assessment bodies and then accredits them where they are found to meet relevant internationally specified standards. We use a UKAS accredited external auditor for all of our ISO certifications.

What Procurement offerings is Strategic Blue subscribed to?

Strategic Blue is a G-Cloud 14 provider, offering UK public sector customers an easy procurement route for our services. We are registered with FSQS (Financial Services Qualification System) and Whistic to standardize and streamline onboarding processes for our customers, providing assurance around our service quality and security.