Comment on page

Compliance Resources and Certifications

On this page, we provide you with resources around compliance of Rocket.Chat with industry standards, regulations and best practices. Also our certifications are listed here. Contact our specialists for further information under

Compliance certifications

ISO 27001 certification

Scope: Hosted Offering, App Store, Software Development
Rocket.Chat is ISO 27001 certified. ISO 27001 is an internationally recognized standard for information security management systems. Our organization is audited on an annual basis by an independent third-party auditor to verify the design and operational effectiveness of the management system.
  • Certificate:
Certificate 2023.pdf
ISO 27001 certificate 2023
Certificate 2020.pdf
ISO 27001 certificate 2020
  • Name: ISO 27001 Information Security Management Systems
  • Statement of applicability (link)
    • contains a list of controls and whether they are applicable or not
  • Certifying body: QMS Certification Services
  • Original certification date: June 2020
  • Validity: June 2023 - June 2026
  • Use cases for Rocket.Chat users: due diligence, security review, regulatory compliance, internal audit, supply chain audit.


Scope: Hosted Offering
Rocket.Chat holds a SOC 2 Type I attestation report and received an unqualified opinion attestation, according to the auditor, our controls were suitable designed and provide reasonable assurance Rocket.Chat can meet its service commitments and system requirements.
This report is a point-in-time review intended to offer assurance that the internal controls are effectively designed and implemented. It offers a glimpse of the control environment, highlighting control adequacy.
  • Report type: Type I
  • Trust Service Criteria: Security, Confidentiality and Availability
  • Issued by: Prescient Assurance LLC (registered CPA firm)
  • Date: 25 October 2023
  • Validity: October, 2024
  • Letter of Attestation: see attachment below. Technologies Corp._Letter of Attestation SOC 2 Type 1.pdf
  • SOC2 Type 1 report: the disclosure to customers and prospects require an NDA to be signed prior making it available.

If you are a Rocketeer provinding the report:

  1. 1.
    Check if the propect or customer has an NDA in place.
  • Prospects: make sure there is a signed NDA in CRM - If you need guidance about NDAs, please check this page OR
  • Active customers with signed customers terms: jump to step 2.
  1. 2.
    notify aline.nunes and mayara.santos and provide the email address the report needs to be sent to.

If you are a Customer/Prospect:

  1. 1.
    Contact your account manager or send an email request to [email protected].
Last modified 21d ago
Deprecation for cloud services and apps is now extended to November 20, 2023. Rocket.Chat versions receive support for six months after release.