CoreStream GRC Earns SOC 2® Type 2 for Security and Availability: Setting the Standard for Data Protection
13 JanAt CoreStream GRC, we place the protection of our clients’ data at the very top of our priorities. That’s why we’re proud to announce that in January 2025, we’ve achieved SOC 2 Type 2 for Security and Availability. This milestone reflects 9 months of dedicated effort by our team to meet—and exceed—rigorous industry standards.
What is SOC 2?
SOC 2, short for Service Organization Control 2, is an internationally recognized framework designed to evaluate an organization’s ability to protect client data. Unlike one-time assessments or narrowly focused technical audits, SOC 2 evaluates how a company implements, manages, and sustains effective security and availability controls across its systems, processes, and services.
CoreStream GRC’s SOC 2 Type 2 report demonstrates that we’ve implemented best-in-class practices in areas such as:
- Information security and access control
- Business continuity and disaster recovery planning
- Risk management and vendor oversight
This report isn’t just a stamp of approval—it’s a reflection of our commitment to protecting our community’s data and ensuring uninterrupted service availability, even in the face of emerging cybersecurity challenges.
The report goes beyond traditional financial systems audits, extending its scope to include any systems, tools, or processes critical to delivering services. This makes SOC 2 especially relevant for organizations in SaaS, data hosting, and other sectors where client trust is non-negotiable.
At its core, a SOC 2 report highlights the controls in place that safeguard an organization’s systems and services—ensuring your clients and partners can rest easy knowing their data is in capable hands.
Confidence in CoreStream GRC’s security practices
Matthew Eddolls, who led this project and is responsible for security and infrastructure stated: “At CoreStream GRC, we’re committed to empowering our clients with the tools and confidence they need to manage their most critical risks. We used our platform to help manage the evidence collection for our accreditation in fact. By achieving SOC 2 Type 2, we’ve reinforced our promise to safeguard your data and provide uninterrupted service.”
“We understand the importance of transparency, which is why we’ll make our SOC 2 report available to current and potential clients upon the execution of a non-disclosure agreement (NDA). ”
Ready to learn more?
Your data’s security isn’t just a checkbox for us—it’s at the heart of what we do. If you’re interested in learning more about our security policies, or how the CoreStream GRC platform can support your business achieve SOC 2 or any other compliance regulation, we’d love to hear from you. Contact us today to get started.
About CoreStream GRC
The intuitive, flexible GRC platform that delivers efficiency and value – your way.
Driven by the belief that technology should be an enabler—not a barrier—we created the CoreStream GRC platform: a flexible, no-code solution that empowers organizations to design their perfect GRC system with our expert team. You tell us what you need, and we deliver it—quickly and without unnecessary complexity. Using pre-built, customizable features, it’s as intuitive and versatile as building with Lego bricks – the solutions are limitless.
With seamless scalability, an intuitive interface, and rapid implementation, CoreStream GRC turns GRC from an administrative burden into a powerful enabler for your business. Trusted by leading organizations like the BBC, Deloitte, NHS, PwC Middle East and Shell Energy, CoreStream GRC consistently delivers real, measurable value for all your risk, and compliance management needs.
FAQ
What is SOC 2 Type 2?
SOC 2 Type 2 is an internationally recognized report that evaluates an organization’s ability to protect client data. It assesses how well security and availability controls are implemented and sustained over time, ensuring robust data protection and reliable service delivery.
Why is SOC 2 important?
SOC 2 is critical because it provides clients with assurance that their data is handled securely and reliably. It helps organizations mitigate cybersecurity threats, maintain business continuity, and build trust with their clients and partners.
How does SOC 2 benefit CoreStream GRC’s clients?
By partnering with a SOC 2-recognized organization like CoreStream GRC, clients gain:
- Confidence in the security and reliability of their data.
- Reduced risk when outsourcing GRC functions.
- Assurance that CoreStream GRC follows industry best practices for data protection and availability.
Why should I choose a SOC 2-recognized vendor?
A SOC 2-aligned vendor demonstrates that it has undergone a rigorous audit and meets high standards for security and reliability. This reduces your organization’s risk and ensures your data is handled with the utmost care.
Can I access CoreStream GRC’s SOC 2 report?
Yes, CoreStream GRC makes its SOC 2 report available to current and prospective clients upon the execution of a non-disclosure agreement (NDA).
COMPANY
CoreStream Ltd
20 Grosvenor Pl,London,
SW1X 7HN
4th Floor,
New York,
NY 10017
Privacy Overview
| Cookie | Duration | Description |
|---|---|---|
| _GRECAPTCHA | 5 months 27 days | Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. |
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
| Cookie | Duration | Description |
|---|---|---|
| _clck | 1 year | Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID. |
| _clsk | 1 day | Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| _gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
| CLID | 1 year | Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited. |
| MR | 7 days | This cookie, set by Bing, is used to collect user information for analytics purposes. |
| SM | session | Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains. |
| vuid | 1 year 1 month 4 days | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. |
| Cookie | Duration | Description |
|---|---|---|
| ANONCHK | 10 minutes | The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well. |
| MUID | 1 year 24 days | Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations. |
| Cookie | Duration | Description |
|---|---|---|
| __cf_bm | 30 minutes | Cloudflare set the cookie to support Cloudflare Bot Management. |
| Cookie | Duration | Description |
|---|---|---|
| _gat | 1 minute | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. |
| _uetsid | 1 day | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
| _uetvid | 1 year 24 days | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
| SRM_B | 1 year 24 days | Used by Microsoft Advertising as a unique ID for visitors. |
