HYPR Achieves SOC2 Type 2 and ISO 27001 Compliance
Anton Gurov, CISO
3 Min. Read | January 11, 2022
We are excited to announce that HYPR has successfully completed SOC 2 Type 2 and ISO 27001 compliance and audit initiatives along with obtaining ISO 27017 and ISO 27018 compliance certifications.
What Is SOC 2 Certification?
SOC 2 is a comprehensive framework developed by the American Institute of Certified Public Accountants (AICPA), which defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. Certification is issued by outside auditors after assessing and testing an organization’s systems and processes in accordance with these defined principles.
What is ISO 27001?
ISO 27001 is a standard set by the International Organization for Standardization (ISO) that governs an organization’s information security management system (ISMS). An ISMS includes all policies and processes that relate to how an enterprise controls and manages sensitive data. ISO certification can only be issued by accredited bodies.
Why SOC 2 and ISO Certifications Matter
While SOC 2 and ISO compliance aren’t a regulatory requirement for SaaS and cloud computing vendors, their significance in securing your data cannot be overstated, affecting everything from corporate governance, through regulatory compliance and security architecture.
SOC 2 and ISO compliance play a critical role for organizations seeking assurance of their partners’ business and technology and should be one of the very first questions in assessing a new vendor.
SOC2 and ISO Compliance at HYPR
HYPR achieved SOC 2 and ISO compliance in record time thanks to our culture of security and commitment to compliance. A-LIGN, an independent certification body accredited by the ANSI National Accreditation Board (ANAB), issued HYPR’s certifications upon successful completion of our formal audit process.
These certifications are evidence that HYPR has met rigorous national and international standards in ensuring the confidentiality, integrity, and availability of customers’ information. Our ISO 27017 supplemental certification gives additional assurances to our customers as it relates to our cloud-based hosted services. Our ISO 27018 supplemental certification helps to demonstrate adherence to GDPR and CCPA PII data privacy obligations.
Security Is in Our DNA
HYPR’s goal is to help businesses large and small achieve the highest level of assurance through True Passwordless™ Multi-factor Authentication (MFA). We recognized early on that our customers not only need to satisfy their own specific compliance needs with an advanced Passwordless MFA solution, but are looking for a trusted partner and platform that is also fully compliant to these same standards. Our platform architecture, protocols and procedures were developed with security in mind from the get go. The process of gaining compliance has taken this to the next level. With these compliance certifications, our customers’ and partners’ auditors and vendor risk assessment teams get independent assurance that all HYPR policies and practices are geared toward protecting customer data.
HYPR’s Commitment to Compliance
Our multi-prong compliance efforts demonstrate that HYPR is committed to building even greater trust and confidence in our service delivery and controls over information and data. As a global company, meeting both ISO (international) and SOC2 (United States) standards are critical.
As stated in our initial SOC 2 announcement, these certifications are essential building blocks for our continuous investments into larger compliance and security efforts currently underway. We are hoping to share more exciting compliance news next year!
To learn more about how HYPR is dedicated to providing secure products and services, please view our compliance page.
Anton Gurov currently serves as HYPR's CISO, focusing on Security, Compliance and Operations. Anton’s industry background is in mobile payments, ad tech and cloud management, with direct experience in PCI-DSS/SOC2/ISO/GDPR/CSTAR compliance in private/hybrid and cloud-native organizations. His career contributions led to 3 successful startup exits totaling $1.1B+. Anton had exposure to NIST standards and controls while pursuing FedRAMP at VMware.