Stream Attains SOC2 Type II and ISO 27001 Compliance

Tess G.
Tess G.
Published May 18, 2021

Stream is proud to announce the successful completion of its SOC 2 Type II and ISO 27001 audits, achieving compliance with the organizations’ thorough security standards. The certifications showcase Stream’s dedication to providing a highly secure in-app chat solution to enterprise customers, in addition to the company’s existing HIPAA and General Data Protection Regulation (GDPR) compliance.

The audits were completed with the help of Secureframe, a platform that enables organizations to obtain and maintain global compliance standards, and streamline the audit process. Stream saved hundreds of hours of manual work required by partnering with Secureframe to get their SOC 2 and ISO 27001 certifications–read more about this partnership in this case study.



The SOC 2 audit determines that Stream’s security controls meet the certifier’s specific and strict requirements, ranging from organizational — such as security awareness training — to technical, which includes running vulnerability scans, encrypting data at rest, tracking the software development lifecycle, and more. SOC 2 has more than 200 of these requirements, making it easier and clearer for those evaluating external software solutions that house customer data to assess the associated risks. When a company is SOC 2 compliant, it guarantees that there are organizational practices in place to safeguard the privacy and security of client information. Having the SOC 2 report attesting to an enterprise’s compliance means its users can rest assured that the data they’re handing over to be processed is protected—no small thing in today’s technologically-run world.

SOC 2 requires organizations to establish and follow rigid security policies and procedures. These regulations are classified by five “trust service categories" to protect customer data:

  1. Security
  2. Availability
  3. Processing
  4. Integrity
  5. Confidentiality

ISO 27001

ISO 27001

ISO 27001, published in partnership with the International Electrotechnical Commission (IEC), is a widely known certification for information security management systems (ISMS) to manage security assets such as intellectual property, employee information, or financial data. Stream’s ISO 27001 certification, achieved through a comprehensive and careful audit, validates to customers and partners that it safeguards their data and sensitive messaging and communication.

Why It Matters for Stream

These security compliance achievements provide our users with even more confidence in how Stream manages real-time data across the globe. Our customers trust us by outsourcing their chat and activity feeds development so that they can focus on activities that are more core to their business, so we are committed to providing as much transparency into our operations, processes and results as possible. With these certifications, we now have valuable insights into our organization’s risk and security posture, vendor management, internal controls governance, and regulatory oversight that we can proudly share with our user base. By completing these audits, our customers can safely rely on Stream's real-time system, network, and infrastructure.

“The SOC 2 and ISO 27001 recognitions are a testament to our team’s hard work in ensuring we provide our customers with a high level of security and privacy, and ultimately, peace of mind in implementing our technology,” said Marco Ulgelmo, head of information security at Stream.

Learn more about Stream’s secure chat API and sign up for a free Stream Chat trial today.