Security is at the heart of everything we do.

• Cloud Security

  Based on the 14 principles of Cloud Security, as determined by the National Cyber Security Centre, demonstrates how we configure and safely deploy our Cloud based event platform.

• ISO 27001

  streamGo has been awarded ISO 27001 accreditation. All elements of the framework are implemented in the business.

• GDPR Compliance

  We have commissioned an external, independent assessment of our GDPR credentials as a comprehensive evidence based audit.

We currently implement the following policies across our organisation which are reviewed quarterly internally and assessed annually as part of ISO 27001:

• Informational Security Management System Scope

• Information Security Policy

• Change Control Procedure

• Control of Documented Information Procedure

• Software Development Procedure

• Security Incident Management Procedure

• Legal and Other Requirements Management Procedure

• QISMS System Manager Actions Procedure

• Improvement Procedure

• Internal Audit Procedure

• Business Context and Critical Requirements Management Procedure

• Information Asset and Risk Management Procedure

• Handling of Personal Information Processing Requests Procedure

• Termination Procedure

• Disciplinary and Appeals Policy and Procedure

• Privacy Policy

• Cookie Policy

• Business Continuity Plan

We run multiple security controls across our platform and operational procedures:

• Biannual web application penetration tests performed by third-party.

• Regular vulnerability scans, including emerging threat scans.

• Unit testing, code review & QA conducted on all changes made.

streamGo take network security incredibly seriously and adopt the following best practices:

• Web Application Firewall (WAF)

• Anti-DDOS (AWS Shield Advanced)

• Intrusion Detection System (IDS)

• Database access only permitted within VPC

• SSH and API keys rotated regularly

• Regular password changes to admin accounts of our platform and super-admin permissions limited to authorised personnel.

• Annual infrastructure security audit performed by third-party

streamGo adopt international standards to protect your data and that of your attendees:

• Encryption in transit – TLS v1.2

• Encryption at rest – AES-256

• We run regular patch management operations on all of our servers and staff laptops.

• Staff are unable to install new software on their laptops without admin approval.

• Avast Web Shield is installed on all staff devices.

• Our platform is built to withstand heavy load and maintain an extremely high availability status. We use multiple regions and availability zones in AWS to maintain our platforms presence. We can support events of upto 100,000 attendees without issue.

• Our platform uses global multi-CDNs with real time fall back to maintain content delivery at scale.

• We have a fully functional Disaster Recovery and BCP plan that is tested regularly.

• Our data and platform are in AWS data centers – more info on their security controls can be found here: AWS Cloud Security Controls

• Our database is a single instance in an AWS London data centre – data is not spread across multiple servers and data is not stored in any other country/server

• The server scales depending on capacity requirements

• The server scales depending on capacity requirements

• Employees follow our Information Security Policy

• streamGo are not required to have a DPO under the GDPR regulations.

• We fully comply with the GDPR policies and would report any breaches to the Information Commissioner’s Office.

• All platform data is hosted and stored in the United Kingdom, London, AWS Data Center.