Rocket.Chat Handbook

πŸ”Security

Purpose

The purpose of the Security team is to define which risks the company is exposed to and mitigate them to a business-acceptable level.

We need to make sure the security best practices are being applied and guarantee the security of our applications and find and respond to new vulnerabilities and incidents, ensuring the confidentiality, integrity, and availability of our services.

Members and functions

Top OKRs, relevant for Security function, built by stakeholder input

  1. Company Scale - Scale and build a strong (Security) Team, (while: Securing other teamsΒ΄ growth)

  2. Revenue Stream - Grow the business, driving ARR

  3. Customer Centric - Productize internal services or processes, applying a CC-attitude

  4. Enterprise Product - Establish industry leadership as B2B comms platform

  5. Community Engagement - Increase dev relationships (incl. White hats)

Main Tasks

The objective of the security team is to help everyone to keep Rocket.Chat and our customers secure. We can only achieve that when we all work together!

Communication and Information

Discussion Channels

Mailing lists

Public

Reporting or communicating incidents and vulnerabilities

Policies

See Security Policies

Playbooks

Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.

Refer to Security Playbooks

PreviousAppendix: Workplace Violence PolicyNextRoles and Responsibilities

Last updated