Skip to main content
BluINFO

Platform Security Index

  1. Last updated
  2. Save as PDF

Visitors Vendor Banner 2.jpg

A single place to find every BluINFO resource about Platform Security across encryption, roles/permissions, audit & logging, data retention/privacy, and SOC 2 & related attestations. Use this index to plan, configure, validate, and document your BluSKY security posture end‑to‑end.

Datasheets & Overviews

BluSKY Overview — Communication & Data Security
High‑level tour of BluSKY with a concise security summary: authentication, X.509 certificates, SHA‑256/TLS 1.2, and supported network requirements. Highlights the platform’s cloud architecture and scalable, unified model for security operations.
BluINFO Link (BluINFO)

BluSKY Data Security (Overview)
Plain‑language brief on how BluSKY secures data in transit and at rest using industry‑standard practices, with an emphasis on practical protections customers can understand and verify.
BluINFO Link (BluINFO)

BluB0X and BluSKY (What the Cloud Does for Security)
Explains how BluSKY’s cloud architecture keeps data safe, resists cyberattacks, manages backups, and applies automatic updates; includes notes on real‑time event capture and operator activity logging.
BluINFO Link (BluINFO)

 

White Papers & Architecture (Encryption, Hosting, Attestations)

BluBØX Information Security — A Detailed Review of Assured Control (Series Index)
Landing page for the information security series covering authentication, digital certificates, TLS, control‑panel security, server/network protections, and background primers.
BluINFO Link (BluINFO)

Internet Security Basics
Deep dive into authentication, administrator login security, control‑panel authentication, and the TLS encryption model used by BluSKY. Great reference when answering IT due‑diligence questionnaires.
BluINFO Link (BluINFO)

Information Security Policy (with Attestations & Audits)
Summarizes BluB0X information‑security policy and third‑party validations, referencing SOC 1/SOC 2, Cloud Security Alliance STAR, FIPS 201‑2, FISMA‑moderate hosting, and progress on ISO 27001. Useful for security reviews and procurement.
BluINFO Link (BluINFO)

Security Features in System Design
Documents secure web browser access and 256‑bit TLS for web sessions and for control panel communications (independent of the underlying IP medium).
BluINFO Link (BluINFO)

Network Security at BluBØX’s Data Center
Threat model and mitigations including firewalls, DoS protections, load balancers, and intrusion prevention systems (IPS). Explains why only HTTPS is exposed and how other protocols are denied at the edge.
BluINFO Link (BluINFO)

Server Security
Covers OS hardening and patching practices, web/app server protections (incl. Java memory‑safety benefits), and database isolation to reduce attack surface.
BluINFO Link (BluINFO)

Data Centers & Hosting
Details physical security, segmented production/DR networks, encryption between data centers (IPsec), redundancy/DR across multiple zones, and strict separation from the corporate LAN.
BluINFO Link (BluINFO)

Application Security
Explains BluB0X’s instance‑based security and ACL model—authorization is enforced on every object access, not just at login, preventing URL tampering and cross‑tenant access.
BluINFO Link (BluINFO)

Control Panel Security Design
Describes the “no inbound connections” posture, NAT/proxy compatibility, DHCP/IP configuration, and security advantages of panels initiating outbound HTTPS/TLS sessions only.
BluINFO Link (BluINFO)

Frequently Asked Questions (Security & Data Handling)
Answers what BluSKY records, how data is used, how the site is protected, how employee access is controlled (and journaled), and how customers export their data.
BluINFO Link (BluINFO)

 

Roles, Permissions & Authentication

BluSKY Permissions (Role‑Based Access Control)
Best‑practice “deny by default” guidance with a comprehensive index of permission categories (view/add/edit/delete). Includes reporting permissions crucial for auditing.
BluINFO Link (BluINFO)

Role Scope (Where Permissions Apply)
Defines scope levels—Global Company, Integrator, Customer, Occupant, Vendor, System, System Group—and how scoping limits visibility and control, especially for multi‑tenant sites.
BluINFO Link (BluINFO)

How to Enable Two‑Factor Authentication (2FA)
Step‑by‑step guide to enable 2FA on a Person profile (and for others with correct Role/Scope), adding a second factor to authentication workflows.
BluINFO Link (BluINFO)

 

Audit, Logs & Reports

Audit Report
Generates a historical record of changes made in BluSKY—who did what, and when—supporting policy enforcement and investigations.
BluINFO Link (BluINFO)

How to View Operator Activity (Across One or More Persons)
Practical recipe using Audit Person Detail plus Excel filters to audit actions performed by operators across people/companies within a chosen time range.
BluINFO Link (BluINFO)

Access Denied Details Report
Audits failed access attempts with reason codes, locations, time windows, and optional scoping to people/portals/floors—ideal for least‑privilege tuning.
BluINFO Link (BluINFO)

Access Level Report
Inventory of Access Levels, assignees, readers/floor stops, and schedules to support permissions reviews and compliance audits.
BluINFO Link (BluINFO)

Access Report
Core access‑event reporting with filterable criteria for investigations and periodic reviews; enables export to PDF/Excel for audit packages.
BluINFO Link (BluINFO)

Person Activity Report
Audits a person’s activity history—useful for HR/security coordination, incident response, or entitlement recertifications.
BluINFO Link (BluINFO)

Person Status Details Report
Snapshot and change history of a person’s state and attributes—handy for reconciliations and data quality checks that impact security posture.
BluINFO Link (BluINFO)

Role Report
System‑wide view of roles and assignments to validate least‑privilege, segregation of duties, and who can do what.
BluINFO Link (BluINFO)

Who’s In Details Report
Live/near‑real‑time presence audit—who has recently used a credential—useful for mustering, safety checks, and time‑bounded investigations.
BluINFO Link (BluINFO)

Note on report look‑backs: certain report UIs optimize for recent windows; the Operator‑Activity “how‑to” notes the UI is limited to 1 year and points to Support for deeper pulls when needed.
(BluINFO)

 

Data Retention & Privacy

Biometric Data Safeguard Policy & Consent
Defines collection by opt‑in enrollment, purpose limitation, non‑sale of biometric data, disclosure rules, and retention (typically one year from capture) with permanent destruction after deactivation within a reasonable time.
BluINFO Link (BluINFO)

“Gold Standard” Configuration for BluSKY Cameras (Cloud Retention Defaults)
Recommended camera settings; when cloud video upload is enabled for selected events, the default retention is 30 days (adjustable per policy).
BluINFO Link (BluINFO)

Frequently Asked Questions (Data Handling & Export)
Clarifies what BluSKY records, how it’s protected, and how administrators can export their data (including at account termination).
BluINFO Link (BluINFO)

BluB0X & BluSKY (Event/Operator Capture)
Notes that all local events plus user database changes, configurations, and operator activities are captured to the cloud in real time—supporting auditability and analytics.
BluINFO Link (BluINFO)

Reporting & Analytics Guide for Tenants (Exports & Scheduling)
How to run reports, choose PDF/CSV/Excel outputs, save/schedule jobs, and share appropriately—foundational for audit packs and retention workflows.
BluINFO Link (BluINFO)

VMS A&E Spec — Storage & Retention Parameters (Engineering)
A&E requirements include storage definitions and predicted retention considerations for VMS designs—useful when aligning video retention with policy.
BluINFO Link (BluINFO)

 

API & Integration Security (Provisioning, SSO/SCIM)

Understanding SCIM & Its Role in BluSKY Integration
Explains schemas/endpoints, OAuth 2.0/basic auth patterns, real‑time provisioning, and why SCIM helps meet SOC 2/GDPR/HIPAA alignment for identity lifecycle.
BluINFO Link (BluINFO)

How to Set Up BluSKY SCIM with Azure Active Directory (Support Guide)
Step‑by‑step enablement and token configuration in AAD; includes notes on BluSKY’s open API and how to align attributes/roles.
BluINFO Link (BluINFO)

BluB0X API Guidance (Developers)
Orientation for API concepts and data‑integration patterns used to keep BluSKY synchronized with authoritative systems under defined business rules.
BluINFO Link (BluINFO)

API Integration Testing & Certification Process
Describes BluB0X’s process to validate functionality, security, and compatibility of third‑party integrations with the BluSKY REST API.
BluINFO Link (BluINFO)

 

Standards & Cryptography References

Access Control Hardware A&E Spec — Cryptographic & Federal Standards
References include FIPS 197 (AES) and FIPS‑201 (PIV) among other standards relevant to secure credentialing and communications.
BluINFO Link (BluINFO)

Mercury MR51e/MR62e (Transport Security on Edge Devices)
Lists TLS 1.2/1.1 or AES‑256/128 for controller communications, support for custom TLS peer certificates, and FIPS 140‑2 OpenSSL usage—useful for end‑to‑end crypto narratives.
BluINFO Link (BluINFO)

 

Blogs & Guidance (Policy, Consent, Compliance)

Appearance Recognition Compliance Guide
Operational checklist for compliance: on‑reader opt‑in/opt‑out, required signage, and publishing retention/deletion policies; includes jurisdiction‑specific cautions.
BluINFO Link (BluINFO)

Where BluSKY Person Recognition May Not Be Accepted
Practical notes on cities/states with heightened consent/retention rules and how BluSKY’s model (opt‑in/opt‑out, data minimization) aligns with those frameworks.
BluINFO Link (BluINFO)

The Challenge of Disparate Security Systems
Why unified platforms matter for security governance—examples include lack of centralized retention policies and fragmented audits in legacy silos.
BluINFO Link (BluINFO)

Ranked List of BluSKY Features for CRE (SOC 2 Mention)
Overview piece that explicitly notes the architecture’s SOC 2 compliance as part of enterprise readiness for owners and operators.
BluINFO Link (BluINFO)

 

Training & Support

Report Training (Individual)
Short guide to finding and running reports, with PDF/Spreadsheet outputs across alarms, access, and other audit‑relevant data sets.
BluINFO Link (BluINFO)

Reporting & Analytics Guide for Tenants (How‑To)
Teaches report selection, parameters, output formats, and saved/scheduled reports—key for recurring compliance packages.
BluINFO Link (BluINFO)

 

Release Notes & Updates (Security‑Relevant)

January 2025 — Export Enhancements
Release note calling out expanded export capabilities (e.g., including additional associated devices for cameras from view lists), improving evidence packages and audits.
BluINFO Link (BluINFO)

 

Tip: Answering Common Security Questionnaires

For questionnaires needing encryption‑in‑transit, encryption at the edge, RBAC/Scope, auditability, data retention, and attestations:

Cite Overview/Internet Security Basics for TLS/X.509. (BluINFO)

Cite Application/Control‑Panel Security for instance‑based authorization and no‑inbound device posture. (BluINFO)

Cite Permissions & Role Scope for least‑privilege and multi‑tenant isolation. (BluINFO)

Cite Audit Reports for operator and access trails; include the 1‑year UI note with Support option. (BluINFO)

Cite Data Retention & Privacy items (biometric policy, camera retention defaults). (BluINFO)

Cite Information Security Policy for SOC 1/SOC 2, CSA STAR, FIPS 201‑2/FISMA Moderate, ISO 27001 status. (BluINFO)

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Classification
    Visitor Management
  2. Tags
    1. Index
    2. Platform
    3. Security