How Stream Saved Hundreds of Hours and Had Zero Delays Getting SOC 2 and ISO 27001 Compliant With Secureframe

Stream is a creator of enterprise-grade cloud components that make it easier for software teams to add in-app chat and activity feeds to their products without reinventing the wheel. Their scalable APIs and SDKs come with all the building blocks to ship a custom white-label experience that rivals today’s leading social platforms.


“I would definitely recommend Secureframe. Secureframe was instrumental in helping us get SOC 2 and ISO 27001 certified. We always felt like we were talking to experts in the field. Compared to other competitors, choosing Secureframe is a no brainer."

Tommaso Barbugli, Co-Founder and CTO, Stream




  • Bogged down with long and repetitive security questionnaires when selling to enterprise.
  • Spending days and money with external consultants to meet compliance requirements.
  • Looking to get SOC 2 and ISO 27001 to meet customer expectations and find a competitive advantage.
  • Feeling stressed by the unknown and complex compliance process.
  • Searching for an expert partner to guide them through SOC 2 and ISO 27001 for the first time.


Secureframe provided Stream with:

  • Ability to achieve SOC 2 and ISO 27001 compliance in one easy-to-use platform.
  • Expert guidance and support to make SOC 2 and ISO 27001 compliance easy and seamless.
  • Robust software integrations that linked with existing tools and automatically gather evidence for SOC 2 and ISO 27001 requirements.
  • Introductions to leading pen testing partners and auditors from the beginning.
  • Dedicated customer success manager and compliance experts who were quick to provide answers and expertise.


  • Completed SOC 2 Type 1, SOC 2 Type II, ISO 27001 Stage 1 and ISO 27001 Stage 2 with zero issues or hassle.
  • Hundreds of hours of time and effort saved for Stream’s busy team.
  • Sales cycle accelerated by weeks and countless sales opportunities unlocked by being certified.
  • Improved security posture and more secure onboarding/offboarding of employees to maintain security


Needing SOC 2 and ISO 27001 to demonstrate security to enterprise customers, but stressed about first-time process

Stream, a creator of enterprise-grade activity feed and chat APIs, was rapidly growing and moving up market to larger enterprises. However, to sell into these larger companies, Stream had to go through long and repetitive security questionnaires that took days of manual effort, external consultants, and took team members away from their core work. 

To streamline the security process and speed up sales cycles, Stream decided to pursue both SOC 2 and ISO 27001 certification as they have customers both in and outside of the United States. 

However, once Stream decided to go down the certification route, they quickly realized the amount of manual work and evidence collection that would be required to get SOC 2 and ISO 27001 certified.  


“Traditionally, you’d get an external consultant. But they’d essentially turn everything into piles of documents that we had to go through, and we wanted to avoid more manual work,” says Tommaso Barbugli, Co-Founder and CTO of Stream.

That’s when Tommaso started to search for a solution that would integrate with their existing tech stack to automate the evidence collection process and avoid changing their processes and workflows. 

He wanted to make sure that whatever solution he chose had all the necessary integrations, could provide both SOC 2 and ISO 27001 compliance support, and walk his team through their first certification process. 


Secureframe’s robust integrations and hands-on expert support enables fast and seamless SOC 2 and ISO 27001 compliance

After someone from Tommaso’s network who he respected recommended Secureframe, he scheduled a demo to learn more about the platform. 


“The demo was great. They had an answer for all of our questions. It felt like Secureframe was an expert in the field and knew exactly how to get us certified. That really helped increase my confidence in moving forward with them.”

Tommaso liked that Secureframe offered both SOC 2 and ISO 27001 compliance, and that the platform had integrations with the tools Stream already used so they didn’t need to introduce any new changes to their workflow. It made the decision easy.

Given this was Stream’s first time, Stream needed a good deal of support, which Secureframe was happy to provide through their dedicated customer success manager and compliance manager. 


“We got a lot of support from the Secureframe team every step of the way. They connected us with our third party pen tester and if we had a question, they replied immediately. It removed a lot of pressure off me to have to figure everything out. Secureframe told me all the necessary steps to complete, and I could simply assign it to different team members and not worry about it.”

Using the platform, Secureframe created a checklist of all the necessary steps and documentation Stream needed, security checks that had to be carried out, and what sort of evidence needed to be gathered to pass the SOC 2 and ISO 27001 audit. Secureframe was able to automate a lot of the evidence collection process through its 100+ integrations.


“We just needed to connect our tools to the platform, and it streamlined the entire evidence collection process. That was a huge time saver with collecting data.”

Tommaso also appreciated the fact that Secureframe didn’t use agents to collect evidence, helping him feel more secure about the evidence collection process.

With Secureframe’s deep expertise, support and guidance, Stream obtained both their SOC 2 and ISO 27001 certification without any delays.


“Secureframe was really helpful in eliminating all possible problems with other vendors or the audit process. We had a goal in mind to get our SOC 2 and ISO 27001 certifications, and we achieved it. It would have definitely been more stressful without Secureframe.”


Hundreds of hours saved, SOC 2 and ISO 27001 compliance achieved without delays, and enterprise sales cycles accelerated

Stream saved hundreds of hours of manual work required by partnering with Secureframe to get their SOC 2 and ISO 27001 certifications. 


“Secureframe easily saved us hundreds of hours on evidence collection, implementing new HR policies, and polishing up our security infrastructure. I could focus on my core work and not worry about the compliance process.”

Despite how tedious the process of obtaining a SOC 2 and ISO 27001 certification can be, Stream found the process to be seamless and had zero problems or delays. They were able to get audit-ready within just a couple months compared to the 9 to 12 it can take when businesses choose to take on the process by themselves. Plus, because they had Secureframe by their side, the team felt confident that they would pass their audit without an issue. 


“We had pretty much no issues. We got the certificates we wanted without any delays, and I always felt like I had Secureframe’s support whenever I needed it.”

Tommaso also noticed that sales cycles were accelerated. 


“Before having the security certifications, we would take months going back and forth with our customers’ security teams. Now, it’s just weeks. Our customers feel more confident working with us, plus it’s a massive competitive advantage.”

Plus, as a growing company, Stream appreciated how the audit process helped them improve their overall security posture. 


“Security isn’t just a sales thing. It’s important for the company. That’s been a huge value add of going through this process. We’ve cleaned up our onboarding and offboarding processes, implemented company wide security training, and have robust policies in place that will scale with us.”

Given the support Stream received as well as how seamless the experience was with getting SOC 2 and ISO 27001 audit ready, Tommaso highly recommends Secureframe to anyone, especially those going through the audit process for the first time. 


“My experience has been great from the beginning until now. Secureframe was instrumental in helping us get SOC 2 and ISO 27001 certified.” 


“I would definitely recommend Secureframe. We always felt like we were talking to experts in the field and got great support. Compared to other competitors, choosing Secureframe is a no brainer. I would make the same choice again.”