Security and Compliance

HYPR is dedicated to providing secure products and services to secure the entire identity lifecycle security with comprehensive Identity Assurance.

HYPR security and compliance

Compliance and Certifications

Our external certifications provide independent assurance of HYPR’s commitment to industry standards for security procedures and controls.


SOC 2 Type 2

HYPR has certified its systems to SOC 2 Type II through an AICPA-accredited independent auditor who has assessed the operational and security processes of our service and our company.

Please use this link to download a copy of the HYPR redacted SOC2 report. Customers and prospects can request a full report on controls from their account management or sales contact.

ISO-27001 badge

ISO 27001

A-LIGN, an ANAB accredited auditor, has certified that HYPR meets the standards for ISO 27001. This validates that HYPR has met rigorous international standards in ensuring the confidentiality, integrity, and availability of customers’ information.

Please use this link to download a copy of the HYPR ISO certification.

ISO-27017 badge

ISO 27017

HYPR is certified for ISO 27017, which provides additional specific information security controls for cloud service providers to reduce security risk in a cloud-based environment.

Please use this link to download a copy of the HYPR ISO certification.

ISO-27018 badge

ISO 27018

HYPR is certified for ISO 27018, which is an additional set of guidelines to ensure data privacy and protect personally identifiable information (PII) in cloud computing.

Please use this link to download a copy of the HYPR ISO certification.

FIDO certified badge

Fast Identity Online (FIDO)

HYPR sits on the FIDO Alliance Board of Directors alongside industry leaders such as Microsoft, Google, Samsung to drive the Alliance’s mission to eliminate passwords. HYPR is certified for FIDO2, FIDO UAF,  FIDO U2F, and FIDO Server.

To learn more about FIDO, click here.


ADA Compliance

HYPR ensures strict adherence to WCAG 2.1 and ADA requirements for its products and helps customers comply with their industry and regulatory requirements. HYPR works with industry-leading third-party assessors to independently test HYPR's compliance with ADA. For more information please see our Accessibility Statement.


TruSight is the best practices third-party assessment service created by leading banks for the collective benefit of all financial institutions and their suppliers, partners, and other third-parties. TruSight has conducted a robust assessment of HYPR's core products and services.

Please use this link to download confirmation letter of the HYPR TruSight assessment.


GAAP Audited

Our financial statements are audited by WithumSmith + Brown, PC, in accordance with U.S. GAAP standards.


Shared Assessments

HYPR has completed a full Standardized Information Gathering (SIG) Questionnaire to help customers and prospects complete their security, risk and compliance evaluations of HYPR company and solutions. Please request a copy of a questionnaire from your account manager or sales contact.


Cloud Security Alliance

HYPR has completed an industry-accepted way to document security controls that exist in HYPR SaaS services. It provides a set of questions a service consumer and service auditor may wish to ask of a service provider to ascertain their compliance to the Cloud Controls Matrix.

Please use this link to download a copy of the HYPR CAIQ report.


Mobile Application Security Assessment (MASA)

HYPR has completed the Mobile Application Security Assessment (MASA) through App Defense Alliance (ADA). This independent security review validates that HYPR’s mobile application meets the OWASP Mobile Application Security Verification Standard. Learn more about MASA.

Please use this link to download a copy of the HYPR MASA report.



CyberGRX provides an independent third-party validated cyber risk assessment of HYPR’s security posture. This assessment details HYPR’s compliance with 200+ controls related to industry standards and the security protocols built into our infrastructure. It has been independently validated and integrates HYPR’s responses with analytics, threat intelligence, and risk models. 

Please use your CyberGRX portal to make a request to access the assessment.


The HYPR platform and its component solutions continuously undergo extensive security, threat and risk evaluations by leading security partners, contracted by HYPR and our customers, and have done so since inception. HYPR’s dedicated application security team maintains an active bug bounty program with HackerOne, and is a qualified CVE Numbering Authority (CNA).

Bug bounty program details can be found here.



Companies That Have Pentested HYPR

Companies that pentested HYPR include hackerone, AON, NOWSecure

Information Security FAQ

This Security FAQ provides an overview on HYPR’s approach to security including performance, standards, data privacy, compliance and more.


Meet Compliance Requirements

HYPR helps customers worldwide address compliance requirements for data privacy and MFA security with the highest level of assurance.

GDPR logo


HYPR provides a strong foundation for GDPR data privacy compliance by enabling organizations with the ability to securely handle and protect personally identifiable information (PII) such as biometric data.

To learn more, click here.

PSD2 logo


HYPR helps organizations meet PSD2 compliance by providing Strong Customer Authentication (SCA), a MFA requirement for all online transactions in the EU.

To learn more, click here.

NIST logo

NIST 800-63B

HYPR adheres to NIST SP 800-63-3 Authenticator Assurance Level 3 (AAL3) requirements. HYPR platform components also make use of FIPS 140-2 validated cryptographic algorithms and leverages FIPS-Certified Trusted Platform Modules across Microsoft, Apple, and Android systems.

To learn more, click here.



HYPR helps organizations meet access requirements set forth by the New York Department of Financial Services security regulations.

To learn more, click here.

Security Standards Council logo


HYPR enables customers to use True Passwordless MFA as a supporting multi-factor solution to address the Payment Card Industry Data Security Standard (PCI DSS) developed to increase controls around cardholder data, and to reduce payment fraud.

To learn more, click here.

Exchange Commission logo

Sarbanes–Oxley (SOX)

HYPR provides tools for organizations to ensure controls are in place to log and manage all user authentication data necessary for Sarbanes-Oxley compliance.

To learn more, click here.



HYPR helps healthcare organizations meet strong authentication recommendations provided by the Health Insurance Portability and Accountability Act (HIPAA).

To learn more, click here.


California Consumer Privacy Act (CCPA)

HYPR provides a strong foundation for CCPA data privacy compliance by enabling organizations with the ability to securely handle and protect personally identifiable information (PII).

To learn more, click here.



SOC 2 is a set of compliance standards developed by the American Institute of Certified Public Accountants (AICPA) to ensure that organizations have the security controls to protect customer data in the cloud. HYPR's solution addresses the general MFA requirements around Privacy and Security SOC 2 trust principles.  More information about SOC is here.


ISO 27001

ISO/IEC 27001 is an international standard to manage information security program. HYPR solution is fully qualified to satisfy MFA requirements of ISO27001 controls with the goal of enhancing effectiveness of information protection for high risk applications and services. More information about ISO is here.

Want to Learn More?