Rocket.Chat Handbook
Comment on page



The purpose of the Security team is to define which risks the company is exposed to and mitigate them to a business-acceptable level.
We need to make sure the security best practices are being applied and guarantee the security of our applications and find and respond to new vulnerabilities and incidents, ensuring the confidentiality, integrity, and availability of our services.

Members and functions

Top OKRs, relevant for Security function, built by stakeholder input

  1. 1.
    Company Scale - Scale and build a strong (Security) Team, (while: Securing other teams´ growth)
  2. 2.
    Revenue Stream - Grow the business, driving ARR
  3. 3.
    Customer Centric - Productize internal services or processes, applying a CC-attitude
  4. 4.
    Enterprise Product - Establish industry leadership as B2B comms platform
  5. 5.
    Community Engagement - Increase dev relationships (incl. White hats)

Main Tasks

The objective of the security team is to help everyone to keep Rocket.Chat and our customers secure. We can only achieve that when we all work together!

Communication and Information

Discussion Channels
  • RC security channel - day-to-day conversation, invite on request
  • RC important - company-wide announcements
  • RC-security-team - team-internal conversations, all team members are added during onboarding
Mailing lists



Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.
Refer to Security Playbooks