StreamShark Is Now Officially ISO 27001 Certified
Today, we’re proud to announce that StreamShark is officially certified as ISO 27001 compliant in regards to security and confidentiality. Obtaining this certification is an important step in our company’s journey, and a valuable independent assessment of our information security practices.
Why StreamShark’s ISO 27001 certification is important to you
When it comes to working with the cloud, security and confidentiality are absolutely essential and increasingly required by customers, regulators, examiners, and auditors. The certification by BSI confirms that StreamShark has employed security practices targeting people, process and technology to ensure its information security processes meet the level set by the ISO 27001 standard.
For our customers, the ISO 27001 certification provides the following:
- Independent confirmation that StreamShark’s security practices are aligned with a rigorous cloud service standard.
- Key piece of evidence on StreamShark as a critical service provider for your own vendor security and compliance process.
StreamShark’s partners and customers can be assured that our product design and development processes and the handling and management of all customer data are in accordance with the globally recognized ISO 27001 standard. It also means that we have proven to BSI, our external auditor that our system and processes are designed to keep our clients’ sensitive data secure. Further, we have proven our continued commitment to good security culture, processes, and technology. We will continue to invest in our security and compliance program to ensure that your data is as secure as possible.
About the ISO 27001 Standard
ISO/IEC 27001:2013 (also known as ISO 27001) is the international standard for information security. It is recognised worldwide and achieving this certification involves a three-stage external audit process (Stage 1, Stage 2 and Ongoing) conducted by ISO/IEC 27001 Lead Auditors.
StreamShark has been externally audited by BSI and is certified to the ISO/IEC27001 (ISO 27001) 2013 Information Security Management System standard. Passing the Stage 2 audit results in the ISMS being certified compliant with ISO/IEC 27001. Ongoing involves follow-up reviews or audits to confirm that StreamShark remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended.
StreamShark’s Information Security Management System
StreamShark has implemented an Information Security Management System (ISMS) aligned with the requirements of the international standard: ISO/IEC 27001:2013 (ISO 27001). Managing information security risks and opportunities is an integral function of our ISMS. Our ISMS Implementation is a systematic approach to implementing, operating, maintaining and improving information security management. Executive leadership as well as senior management have been involved in building our ISMS.
The ISMS governs the totality of information security activities: policy, procedures, technical security measures, HR security and physical security to ensure information security practice at StreamShark is well managed and effective. Our ISMS certification scope is:
The design, development, management, maintenance and support of StreamShark’s content encoding, storage and streaming services; as outlined in the Statement of Applicability v1.1 dated 8 June 2021.
In accordance with the ISO 27001 standard, we have implemented controls to manage and monitor security services in a number of areas:
- Information Security Policies
- Organization of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptographic Control
- Physical and Environmental Security
- Operations Management
- Communications Security
- Security acquisition, development, and maintenance
- Supplier relationships
- Information Security Incident Management
- Information Security aspects of business continuity management
Vulnerability disclosure and reward program
StreamShark maintains a private, invite-only bug bounty program, with the assistance of HackerOne. To learn more about obtaining an invitation to the private bug bounty program, please see HackerOne’s website on invitations.
What does this mean for StreamShark’s future?
Our commitment to security does not end here; information security is an ongoing process and all employees in StreamShark will keep working hard to maintain and exceed its security standards to protect both company and customer data. BSI will perform yearly audits to test our continuous compliance as we continue to grow and develop our business. If you have any questions you’d like to ask, please contact us.