If you do not have a testing program in your company, you usually have an audit team, which performs many of the same benefits as a blue team. The audit team could be the blue team or an independent assessor. In a mature organization, a blue team is for self-policing; the audit team is separate and is, as the name suggests, for auditing.
Audit teams use AttackIQ’s Security Optimization Platform to identify their security controls and then determine how best to assess them. The audit team is largely akin to the testing team but it could also be an independent party.