Data Privacy / Security Statement


CloudBlue Ecosystem Strengthened by Security



Compliance and Certifications

• ISO/IEC 27001 Certified
• PCI-DSS standards Certified

Information Security Training

Our associates and contractors are trained on information protection, data privacy, and compliance with our information security policy.

Information Assets

All company assets (including company networks) are provided for business use. We define acceptable uses of our data and assets.

Regulatory Compliance & Data

All users must comply with laws, regulations, and compliance programs regarding the use of data, network, and computer systems. personal data should only be stored in approved company applications, It should be collected and processed only for lawful and legitimate business purposes.

Software Development Security

As a part of the SAMM Education & Guidance practice, R&D associates participating in SDLC are trained on how to develop and deploy secure software. Our Secure SDLC practice provides security assurance from design to release ensuring security is part of our product DNA.

External Penetration Testing

CloudBlue products undergo independent third-party penetration testing covering the PCI zone and business critical services. These tests are performed in accordance with industry benchmarks and in alignment to ISO 27001 standards.



Forrest Smith
Chief Information Security Officer, Ingram Micro

“Ingram Micro and CloudBlue recognize that information is the lifeblood of our company. It’s how we communicate and transact business with you, our valued customer and vendor partners. We treat information and our company assets with respect and protect them from misuse, whether deliberate or accidental.”



Data security has never been more paramount than it is today. And as multi-cloud solutions continue to grow within our CloudBlue ecosystem, data security and privacy best practices must be top priorities for Ingram Micro Cloud.

We treat information and company assets with respect and protect them from misuse, whether deliberate or accidental.

Ingram Micro Cloud and CloudBlue are committed to following globally recognized security standards and frameworks to ensure they deliver secure and reliable services using principles and best practices established by the International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), BSIMM, OWASP ASVS and other industry recognized security standards and frameworks.



Whether you are seeking to leverage our CloudBlue SaaS, IaaS or being part the Ecosystem, you can be assured that CloudBlue has the protection of your data at the core of our offering!

Our DevSecOps methodology is focused on including security in all phases of CloudBlue software development all the way through to operations.

CloudBlue being a globally operated organization comply with different data privacy laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and the Cloud Security Alliance GDPR Code of Conduct. We incorporate the required technical and organizational security measures and safeguard the protection of the rights of the data subject.

Business Continuity and Disaster Recovery plans are implemented based on our Business Continuity Management Policy. For Marketplace CSP, CloudBlue SaaS and Connect Sites, Recovery is used for recovering a site if it goes down and making use of the Region pairs.