HYPR Achieves SOC2 Type 2 and ISO 27001 Compliance

Pen Anton Gurov, Director of Technical Operations

Clock 3 Min. Read | January 11, 2022

We are excited to announce that HYPR has successfully completed SOC 2 Type 2 and ISO 27001 compliance and audit initiatives along with obtaining ISO 27017 and ISO 27018 compliance certifications.

What Is SOC 2 Certification?

SOC 2 is a comprehensive framework developed by the American Institute of Certified Public Accountants (AICPA), which defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. Certification is issued by outside auditors after assessing and testing an organization’s systems and processes in accordance with these defined principles.

What is ISO 27001?

ISO 27001 is a standard set by the International Organization for Standardization (ISO) that governs an organization’s information security management system (ISMS). An ISMS includes all policies and processes that relate to how an enterprise controls and manages sensitive data. ISO certification can only be issued by accredited bodies.

Why SOC 2 and ISO Certifications Matter

While SOC 2 and ISO compliance aren’t a regulatory requirement for SaaS and cloud computing vendors, their significance in securing your data cannot be overstated, affecting everything from corporate governance, through regulatory compliance and security architecture.

SOC 2 and ISO compliance play a critical role for organizations seeking assurance of their partners’ business and technology and should be one of the very first questions in assessing a new vendor.

SOC2 and ISO Compliance at HYPR

HYPR achieved SOC 2 and ISO compliance in record time thanks to our culture of security and commitment to compliance. A-LIGN, an independent certification body accredited by the ANSI National Accreditation Board (ANAB), issued HYPR’s certifications upon successful completion of our formal audit process.

These certifications are evidence that HYPR has met rigorous national and international standards in ensuring the confidentiality, integrity, and availability of customers’ information. Our ISO 27017 supplemental certification gives additional assurances to our customers as it relates to our cloud-based hosted services. Our ISO 27018 supplemental certification helps to demonstrate adherence to GDPR and CCPA PII data privacy obligations.

Security Is in Our DNA

HYPR’s goal is to help businesses large and small achieve the highest level of assurance through True Passwordless Multi-factor Authentication (MFA). We recognized early on that our customers not only need to satisfy their own specific compliance needs with an advanced Passwordless MFA solution, but are looking for a trusted partner and platform that is also fully compliant to these same standards. Our platform architecture, protocols and procedures were developed with security in mind from the get go. The process of gaining compliance has taken this to the next level. With these compliance certifications, our customers’ and partners’ auditors and vendor risk assessment teams get independent assurance that all HYPR policies and practices are geared toward protecting customer data.

HYPR’s Commitment to Compliance

Our multi-prong compliance efforts demonstrate that HYPR is committed to building even greater trust and confidence in our service delivery and controls over information and data. As a global company, meeting both ISO (international) and SOC2 (United States) standards are critical.

As stated in our initial SOC 2 announcement, these certifications are essential building blocks for our continuous investments into larger compliance and security efforts currently underway. We are hoping to share more exciting compliance news next year!

To learn more about how HYPR is dedicated to providing secure products and services, please view our compliance page.


Anton Gurov

Director of Technical Operations

Anton Gurov is currently a Director of Technical Operation @ HYPR, focusing on Security, Compliance and Operations. Anton’s industry background is in mobile payments, ad tech and cloud management, with direct experience in PCI-DSS/SOC2/ISO/GDPR/CSTAR compliance in private/hybrid and cloud-native organizations. His career contributions led to 3 successful startup exits totaling $1.1B+. Anton had exposure to NIST standards and controls while pursuing FedRAMP at VMware.

Related Content

6 Best Practices to Secure Authentication for Energy and Utilities

The clear and present cyberthreat to energy and utility companies has taken center stage with the...

How to Prevent Account Takeover (ATO)

Account takeover (ATO) is when a malicious third party gains control of a user account and thus...

Multi-Factor Authentication in Financial Services

The financial services and banking industries are among cyberattackers' most highly valued targets....