Systems Security, Integrity, and Privacy
Our solution is the leader in Rapid Emergency Response Systems
Hardware User Interface
BluePoint Alert Solutions engineered its systems with life-safety at its core. The following are some of the attributes required of other life-safety systems that are incorporated into our solution.
- All components supervised
- Redundant communications
- Battery back-up
- Secure from unauthorized disabling
- Notifies all facility occupants
- 24/7 security
- UL and FM certified monitoring
Central Station Monitoring Systems
BluePoint Alert Solutions systems are monitored by an Underwriters Laboratories (UL)-listed and Factory Mutual (FM)-approved Central Station with the following attributes.
- Four (4) interconnected operating stations located throughout the United States including the East Coast, West Coast and Midwest. These facilities have comprehensive disaster recovery plans in place
- The UL/FM-Listed Central Station significantly surpasses the UL/FM requirements
- Four sources of power—2 primary and 2 secondary
- Secondary sources of power can run for 145 hours without refueling [UL requires only 12 hours]
- Central Station operates on secondary sources of power weekly under full load for 45-minutes
- Central Station maintains multiple, real-time on-site and off-site back-ups. There are currently five (5) backup systems in place
- Data centers and operations centers at primary and secondary locations have active, redundant HVAC systems on back-up power [UL has no requirement for redundant systems]
- All alarm receivers have a complete real-time back-up plus the UL/FM required cold back-up per 5 hot receivers
- All systems are protected from fire by a non-water fire extinguishing system (FM 200) that will protect equipment from water damage [UL only requires some form of fire extinguishing]
- Phone and internet services provided by multiple providers with a multi-homed BGP routing service so that the loss of any carrier has no effect on service [UL does not require multiple services]
- Communication systems rated at 99.999% availability with less than 5 minutes down time (planned or unplanned) per year
- All Central Station employees are licensed which includes an FBI-background check
- All Central Stations implement access control security and meet all UL/FM physical protection system requirements
- BluePoint signals receive the highest priority protocol for operator action
- BluePoint’s Command and Control services reside and operate on the Central Station systems
Command & Control Communications Platform
The following are attributes of the Command & Control (C2) Communications Platform running on the UL/FM-listed Central Station systems.
- Multiple carriers provide four (4) independent connections to the internet, each monitored and fully redundant
- Configured firewall systems, with port level access control lists, installed behind all internet connections
- Firewall configurations reviewed on a weekly basis
- All internet connections implement a configured intrusion detection and prevention system (IDS/IPS)
- IDS/IPS configurations reviewed weekly and monitored with immediate notifications to network admin group
- Access to routers are via its console port only
- Weekly auditing of access to routers, firewalls, and IDS/IPS
- All networked devices maintained at the latest patch level
- Data-centers do not use any wireless connectivity into network systems
- Centralized administration of antivirus software on all networked computers
- Antivirus software runs on all networked computers; all emails scanned for viruses; antivirus definitions updated daily
- Antivirus software cannot be disabled or modified by users
- Level Two compliance with Payment Card Industry Data Security Standard (PCI DSS)
- Quarterly network scans and penetration testing by a third-party
Within C2, BluePoint collects and stores private information about you and the responsible parties you identify including, but not limited to, the following: 1) names; 2) home or business addresses; 3) city, state, and zip code; 4) phone number(s); 5) email address(es); 6) digital information; 7) static/permanent location and/or moving/mobile location(s). Note that we do not collect or store any financial information within the system.
For us to provide our services, either you, or a third-party with whom you have a business relationship, provides us with additional information pertaining to your rapid emergency response system (RERS) or protective system and/or other information required. This information includes, but is not limited to, the type, number, and placement of alarm equipment including: panels, media, sensors, cameras, speakers, microphones, pull stations, mobile pendants, panic buttons, horns, strobe lights, and building infrastructure information.
We capture and store information regarding your RERS system's history including, but not limited to: dates, times, activations, contacts, conversations, alarms, trouble signals, and performance.
If your RERS system includes a video or audio component, or incorporates such components, we will capture an image, video clip, real-time video, or a video stream from the facility. For audio (two-way voice or audio sensors), we will capture and record any words, conversations and/or sound(s) that are loud enough to be transmitted. When you install or authorize a third-party to install cameras and/or listening devices in or around your facility, you are responsible for ensuring that you are in compliance with any and all applicable laws.
If you are using a location-based device that is designed to either monitor movement within a defined space or a geo-location type device that is designed to transmit a signal to C2 as an activation for BluePoint to perform a prescribed response, BluePoint does capture and store location information. We use the location information to perform the prescribed response and to keep a record of the activation.Information Use
We use the information we collect to perform the service for which you have contracted; to keep you apprised of the state of the facility; to better inform any responsible parties or authority agencies regarding your state or the state of your facility; and to provide you with better services.
We share your personal information with:
- Authorities having jurisdiction as directed by you or your third-party provider. Authorities having jurisdiction include, but are not limited to: police, fire, emergency services, health service providers, security firms or guards, and building management companies.
- Responsible parties are people who you, or your third-party provider, have identified to be notified if BluePoint receives an activation from you, your RERS, or your property.
- Members of the judicial system if we should receive a subpoena from a court having legal jurisdiction.
Activations and/or changes to the database are monitored and you will be notified of any changes to the information.
We may also use some of your non-personally identifiable information, such as the equipment used in your system, to converse with system manufacturers or service providers with the goal of fixing an issue or providing you with better security service.What We Do Not Do With Your Personal Information
We do not rent
any of your personal information or personally identifiably information to any party or entity.
BluePoint uses several levels of security to protect your information from loss, misuse, and from being changed without authorization.
- Any time you enter personally identifiable information into C2, it is done on a secure website (using a secure protocol, e.g., HTTPS).
- We require proper identification with passcodes or passwords before we allow any changes to your information.
- We use commercial-level security to prohibit unauthorized access to database information through the internet (although no method of data transmission can be said to be completely secure). See Command & Control Communications Platform, above
- We monitor our systems rigorously. Any time the system perceives a security issue, notifications are immediately sent to the onsite IT department to investigate.
- We use a third-party service to monitor our system security and actively search for vulnerabilities.
Access to Your Personal Information
You can access and modify your personal information within C2 with proper identification and a passcode or password via the website or web application. RERS system "mission-critical" information has to be changed by BluePoint, and may be dependent upon the requirements of the authority having jurisdiction.