We are excited to share great news with you: Rocket.Chat has obtained the ISO 27001 certification!
As part of our ongoing efforts to always strive for excellence in everything we do, this is a testament to our commitment to security for all our users. Read more about what this means for you and what we are up to next.
What is ISO 27001?
ISO 27001 is an international standard for information security management systems. Organizations can follow its requirements to establish a system to manage information security. In short: we have established such a system to manage our risks and continuously improve our security posture. And we have engaged professional auditors (in our case: QMS) to verify that we meet the requirements of the standard.
ISO 27001 is a management system approach, so it applies to organizations rather than products. The scope of our ISO 27001 system includes:
What does this mean for you?
At Rocket.Chat, our mission is to provide you with a secure communication platform where you stay in control of your data.
ISO 27001 is useful for you in the following cases:
- You are already using Rocket.Chat and want to perform a regular due diligence: Please find our compliance resources in our documentation.
- You’re looking for a collaboration platform which puts an emphasis on security: by being awarded with the certification, Rocket.Chat joined the list of few companies with broad, third-party vetted assurances that we take your security seriously. Read more about our security posture here
- You are considering using Rocket.Chat but are not sure if it will meet your requirements: ISO 27001 is a widely accepted international, industry-neutral standard with a broad range. Our ISO 27001 certification is your assurance that we have implemented a very solid baseline of good security practices. And we regularly respond to additional customer requirements.
How did we obtain our certification?
In 2019 we started the process of putting in place our management system. Every single one of our employees was involved. In April of 2020, we began the auditing process. Our auditors from QMS Brasil performed interviews onsite and remotely with multiple team members.
We thank the team from QMS Brasil, which has been fantastic during the whole audit process - even when faced with the unforeseen events of COVID-19. The audit and its results gave us confidence in the way we are addressing security. We received additional recommendations, which we will put in place shortly to the benefit of our users.
ISO 27001 does not guarantee that a product will never have a vulnerability or bug anymore. 100% security does not exist in any software. However, you can count on our dedication to proactively find vulnerabilities and mitigate the ones we find or that are reported to us.
Where can you find the certification?
You can view and download the most recent copy in our documentation here. Along with related compliance resources.
What happens next?
ISO 27001 is more than documentation, it is our commitment to always improve in all aspects of security. We will continue this way for the benefit of our users. The certification will be audited and renewed annually and we will keep you posted on the results.
Since we are already registered with the Cloud Security Alliance, you can download for free a detailed Q&A about our security practices of our hosted offering. We also plan to add additional assurances and certifications soon.
This was our first step in security certifications and we want to go even further. Is there a particular certification, industry standard or best practice, which would help you in your decision for Rocket.Chat? Contact our security team directly via firstname.lastname@example.org and share your ideas with us!
And for any news on our security program, new product releases and more, make sure to subscribe to our newsletter below :)