We're now ISO 27001 certified

We're excited to announce that Screenshotbot has attained ISO 27001 certification. You can download our certificate and report from our Trust and Security Dashboard.

What's the benefit of certification?

I know our audience is mostly Mobile and Web developers, and you're probably wondering why a certification like this matters. Does it mean that Screenshotbot is now more secure?

Not really. I think security is a more comprehensive process. For example, our auditors did not read through our code. (But most of our code is open-source, so you can!)

But the audit process does force us to document—and for auditors to externally verify—many fundamental security practices that we have in place: things like encryption at rest, encryption in transit, firewalls, backups, disaster recovery tests, access reviews, PenTests and more.

If you're a mobile developer looking to bring Screenshotbot into your organization, you probably don't directly care about this. Typically, organizations have a security team whose job it is to approve external tools. This certification and report are designed for them: it provides them a standardized framework by which to interpret Screenshotbot's security posture and speeds up the security review.

What's the difference between ISO 27001 vs SOC 2?

To simplify this for our mobile and web audience: there's a lot of overlap between the two. Security engineers in the US are more familiar with SOC 2, and security engineers in Europe (and outside of the US in general) are more familiar with ISO 27001.

While ISO 27001 requires an annual audit, SOC 2 Type II is continuously auditing us (under a 12-month observation period). We think the combination of both frameworks should give your security team even more confidence in us.

Talk to us

If you've been on the fence about Screenshotbot, and think that our ISO 27001 certification can help you convince your team, give us a ping! Email me at arnold@screenshotbot.io or just schedule a call with me.