Security is at the heart of everything we do.
We develop some amazing and innovative features for our platform, while ensuring your data is safe with internationally recognised security and processes.
Data Security
We use internationally recognised cryptography and algorithms.
Security Controls
Our platform access controls allow for different levels of access to data.
Regular Testing
We regularly run vulnerability assessments and penetration tests.
-
Cloud Security
Based on the 14 principles of Cloud Security, as determined by the National Cyber Security Centre, demonstrates how we configure and safely deploy our Cloud based event platform.
-
GDPR Compliance
We have commissioned an external, independent assessment of our GDPR credentials as a comprehensive evidence based audit.
We currently implement the following policies across our organisation which are reviewed quarterly:
Informational Security Management System Scope
Information Security Policy
Change Control Procedure
Control of Documented Information Procedure
Software Development Procedure
Security Incident Management Procedure
Legal and Other Requirements Management Procedure
QISMS System Manager Actions Procedure
Improvement Procedure
Internal Audit Procedure
Business Context and Critical Requirements Management Procedure
Information Asset and Risk Management Procedure
Handling of Personal Information Processing Requests Procedure
Termination Procedure
Disciplinary and Appeals Policy and Procedure
Privacy Policy
Cookie Policy
Business Continuity Plan
We run multiple security controls across our platform and operational procedures:
Biannual web application penetration tests performed by third-party.
Regular vulnerability scans, including emerging threat scans.
Unit testing, code review & QA conducted on all changes made.
streamGo take network security incredibly seriously and adopt the following best practices:
Web Application Firewall (WAF)
Anti-DDOS (AWS Shield Advanced)
Intrusion Detection System (IDS)
Database access only permitted within VPC
SSH and API keys rotated regularly
Regular password changes to admin accounts of our platform and super-admin permissions limited to authorised personnel.
Annual infrastructure security audit performed by third-party
streamGo adopt international standards to protect your data and that of your attendees:
Encryption in transit – TLS v1.2
Encryption at rest – AES-256
We run regular patch management operations on all of our servers and staff laptops.
Staff are unable to install new software on their laptops without admin approval.
Avast Web Shield is installed on all staff devices.
Our platform is built to withstand heavy load and maintain an extremely high availability status. We use multiple regions and availability zones in AWS to maintain our platforms presence. We can support events of upto 100,000 attendees without issue.
Our platform uses global multi-CDNs with real time fall back to maintain content delivery at scale.
We have a fully functional Disaster Recovery and BCP plan that is tested regularly.
Our data and platform are in AWS data centers – more info on their security controls can be found here: AWS Cloud Security Controls
Our database is a single instance in an AWS London data centre – data is not spread across multiple servers and data is not stored in any other country/server
The server scales depending on capacity requirements
The server scales depending on capacity requirements
Employees follow our Information Security Policy
streamGo are not required to have a DPO under the GDPR regulations.
We fully comply with the GDPR policies and would report any breaches to the Information Commissioner’s Office.
All platform data is hosted and stored in the United Kingdom, London, AWS Data Center.
Want to know more or have any further questions?
We're always available to answer any questions you may have.
Get in touch