Client Security Audit and Configuration Checklist for BlendVision AiM

1. Email Sending and Receiving Settings

To ensure that emails sent from the BlendVision AiM system are not blocked, please follow the steps outlined below:

Item	Action Required
System Notification Email	Add this sender to the whitelist: no-reply@one.blendvision.com
Email Sending Settings	Allow the following domain: one.blendvision.com

The necessary configurations to maintain connectivity and functionality of key services within the BlendVision AiM platform.

Item	Port	Action Required
BlendVision AiM Website Connection Issue	443	Allow the following domain: *.one.blendvision.com If using the default domain name, allow the following domain: app.cxm.blendvision.com
Video Streaming Issue	443	Allow the following domains: .one.blendvision.com .cloudfront.net drm.platform.blendvision.com
Missing Analytics Data	443	Allow the following domain: *.cdp.kkstream.io
Unable to Open Documents	443	Allow the following domains: *.officeapps.live.com common.online.office.com browser.events.data.microsoft.com
Unable to Use Google Drive	443	Refer to the settings provided by: Google Support

The secure infrastructure and practices in place to protect sensitive data and ensure compliance within the BlendVision AiM platform.

Item	Details
Data Environment	The services are deployed in the AWS cloud, utilizing multiple regions and availability zones to ensure high availability and scalability. Primary data is securely stored in Amazon S3, RDS, and DynamoDB, with permissions and encryption controls tailored to the sensitivity of the data.
Architecture and Security Measures	The infrastructure is built on AWS VPC private network architecture, which maintains a clear separation between public and private networks. Inbound traffic is managed through AWS Application Load Balancer and AWS Web Application Firewall (WAF), providing robust traffic control and protection against web-based attacks. Sensitive data is encrypted using the AES-256 standard for both transmission and storage, with server-side encryption enabled at the S3 bucket level. The API Gateway enforces strict API access control and implements rate limiting. IAM roles and permissions are configured with fine-grained controls to ensure that access to resources is granted only to authorized personnel, and multi-factor authentication (MFA) is implemented for enhanced security. Regular vulnerability assessments are conducted using AWS Inspector and third-party scanning tools. An independent third-party organization performs an annual cloud security assessment to ensure compliance and security integrity.

Item

Details

Data Environment

The services are deployed in the AWS cloud, utilizing multiple regions and availability zones to ensure high availability and scalability.
Primary data is securely stored in Amazon S3, RDS, and DynamoDB, with permissions and encryption controls tailored to the sensitivity of the data.

Architecture and Security Measures

The infrastructure is built on AWS VPC private network architecture, which maintains a clear separation between public and private networks.
Inbound traffic is managed through AWS Application Load Balancer and AWS Web Application Firewall (WAF), providing robust traffic control and protection against web-based attacks.
Sensitive data is encrypted using the AES-256 standard for both transmission and storage, with server-side encryption enabled at the S3 bucket level.
The API Gateway enforces strict API access control and implements rate limiting.
IAM roles and permissions are configured with fine-grained controls to ensure that access to resources is granted only to authorized personnel, and multi-factor authentication (MFA) is implemented for enhanced security.
Regular vulnerability assessments are conducted using AWS Inspector and third-party scanning tools.
An independent third-party organization performs an annual cloud security assessment to ensure compliance and security integrity.

Item	Details
Supported Browsers	Microsoft Edge Google Chrome Mozilla Firefox Apple Safari Note: All support the latest stable versions.
TLS Security Protocols	All external-facing services within the platform require the use of TLS version 1.2 or higher to ensure secure, encrypted communication.

Updated July 03, 2025 02:59