Security is at the heart of everything we do.
We develop some amazing and innovative features for our platform, while ensuring your data is safe with internationally recognised security and processes.
ISO 27001 Certified
We’re ISO 27001 compliant with regular internal and external audits.
We use internationally recognised cryptography and algorithms.
Our platform access controls allow for different levels of access to data.
We regularly run vulnerability assessments and penetration tests.
Based on the 14 principles of Cloud Security, as determined by the National Cyber Security Centre, demonstrates how we configure and safely deploy our Cloud based event platform.
streamGo has been awarded ISO 27001 accreditation. All elements of the framework are implemented in the business.
We have commissioned an external, independent assessment of our GDPR credentials as a comprehensive evidence based audit.
We currently implement the following policies across our organisation which are reviewed quarterly internally and assessed annually as part of ISO 27001:
Informational Security Management System Scope
Information Security Policy
Change Control Procedure
Control of Documented Information Procedure
Software Development Procedure
Security Incident Management Procedure
Legal and Other Requirements Management Procedure
QISMS System Manager Actions Procedure
Internal Audit Prcedure
Business Context and Critical Requirements Management Procedure
Information Asset and Risk Management Procedure
Handling of Personal Information Processing Requests Prcedure
Disciplinary and Appeals Policy and Prcedure
Business Continuity Plan
We run multiple security controls across our platform and operational procedures:
Annual web application penetration tests performed by third-party.
Regular vulnerability scans, including emerging threat scans.
Unit testing, code review & QA conducted on all changes made.
streamGo take network security incredibly seriously and adopt the following best practices:
Web Application Firewall (WAF)
Anti-DDOS (AWS Shield Advanced)
Intrusion Detection System (IDS)
Database access only permitted within VPC
SSH and API keys rotated regularly
Regular password changes to admin accounts of our platform and super-admin permissions limited to authorised personnel.
streamGo adopt international standards to protect your data and that of your attendees:
Encryption in transit – TLS v1.2
Encryption at rest – AES-256
We run regular patch management operations on all of our servers and staff laptops.
Staff are unable to install new software on their laptops without admin approval.
Avast Web Shield is installed on all staff devices.
Our platform is built to withstand heavy load and maintain an extremely high availability status. We use multiple regions and availability zones in AWS to maintain our platforms presence. We can support events of upto 100,000 attendees without issue.
Our platform uses global multi-CDNs with real time fall back to maintain content delivery at scale.
We have a fully functional Disaster Recovery and BCP plan that is tested regularly.
Our data and platform are in AWS data centers – more info on their security controls can be found here: AWS Cloud Security Controls
Our database is a single instance in an AWS London data centre – data is not spread across multiple servers and data is not stored in any other country/server
The server scales depending on capacity requirements
Employees follow our Information Security Policy
streamGo are not required to have a DPO under the GDPR regulations.
We fully comply with the GDPR policies and would report any breaches to the Information Commissioner’s Office.
All platform data is hosted and stored in the United Kingdom, London, AWS Data Center.