50 Fastest Growing Companies of the Year 2022

Hyperproof Compliance Operations Platform Built to Scale


Today’s security assurance, risk, and compliance professionals face an environment that is more challenging than ever before. There’s a new cyber-attack in the USA every 11 seconds, and attackers take advantage of every security flaw they can find in a company. This leads organizations to send security questionnaires to businesses they work with — in order to prove their and their customer’s data is being handled properly and securely. These questionnaires are time-intensive to fill out, so many organizations choose to pursue security and data privacy frameworks like SOC 2, ISO 27001, or PCI DSS — which help them prove to organizations that they handle data properly through reports and certifications from independent auditors. However, pursuing these standards also requires a great deal of work and time.

At the same time, there has been a shift for increased regulatory scrutiny from countries and states alike. The passage of GDPR and CCPA has ushered in a new era for data privacy rights, and this is proving to continue today with the latest state laws like CPRA (California), CPA (Colorado), and VCDPA (Virginia). While these new laws are significant for citizens, it makes jobs in security assurance more difficult.

The compliance teams today are overworked. They often work from spreadsheets and emails to keep track of the requirements they must fulfill. Throughout the course of a year, it can be difficult for them to make sure that they are fulfilling their requirements and staying protected when they are not being audited. Also, compliance and security teams cannot grow fast enough to confidently secure the business and support the growing number of compliance frameworks their markets demand. As they move from audit to audit, frantically gathering the evidence requested by auditors, they have little time to efficiently build compliance into the daily operation of the business.

Hyperproof flips the script on this scene, allowing companies to create a common set of controls in support of all frameworks and seamlessly implement automated evidence collection and testing into the business operations. This not only enables the consolidation and simplification of audits but ensures that a business is meeting its obligations of security and trust.

The company helps compliance professionals and operators in line of businesses establish, manage, and validate the controls that are needed to maintain the level of assurance demanded by organizations’ customers, partners, investors, governments, and regulatory bodies. “We’ve built our compliance operations software to help organizations get the visibility, efficiency, and consistency needed to stay on top of all security assurance and compliance work on a continuous basis,” said Craig Unger, Founder and CEO of Hyperproof.

Today, Hyperproof is the only laser-focused platform on Compliance Operations to support the people in the trenches who are overwhelmed with compliance/assurance demands from their organization’s customers and regulatory bodies. Its control-centric architecture with automated evidence collection and control testing simplifies the task of ensuring that the most critical controls are operating effectively at all times. It also eliminates much of the manual work that traditionally has to happen for an organization to prove that they are complying with the requirements set by regimes including ISO, AICPA (SOC2), NIST, HIPAA, PCI, FedRamp, Sarbanes-Oxley, and others.


“Hyperproof’s out-of-the-box SOC 2 template was structured in a way that immediately reduced the complexity involved in preparing for the audit,” said Johan Olivier, Director of Compliance at Qorus. Unlike others in the space, the evidence collected in Hyperproof’s platform to demonstrate compliance to one framework (e.g., SOC2) can easily be leveraged to satisfy overlapping requirements in another framework, saving hours of time. Hyperproof supports an efficient and collaborative audit and assessment experience for companies’ compliance professionals, internal auditors, operators in lines of businesses, and outside attestation firms.

“With Hyperproof, we no longer need to remind ourselves to do specific compliance tasks. The system flags items that are about to expire, helping me keep up with my reviews of controls and evidence. With Hyperproof as the system of record for all of my work, I am ready for a regulatory body or a customer to come in and do a spot audit at any time,” Carl Lombardi, VP of Operations, Prime 8 Consulting.

Compliance Redefined

With an eye on growth, the Seattle, WA-based company is going to further accelerate its product innovation to bring simple, elegant, and complete solutions to its customers and partners. “For our next initiatives in 2022, we will add new automation for testing and monitoring controls, expand our integration offerings, build-out team collaboration features, and level up reporting capabilities,” shared Craig Unger, Founder and CEO of Hyperproof.

Hyperproof also plans to make its platform more extensible so that third parties can create useful apps tailored to specific compliance and assurance use cases on top of the company’s platform. All of these investment areas are geared towards helping Hyperproof’s customers save valuable time, understand what’s most important to work on in a given moment, and deploy their resources on the highest value projects (vs. administrative work), and embed compliance more seamlessly into their day-to-day operations. The company has also recently released an Environmental Social Governance software solution to better support organizations managing their businesses sustainably while meeting an increased requirement for reporting.

About the Leader

Craig Unger, Founder and CEO

Prior to founding Hyperproof, Craig Unger founded Azuqua and was a leader at Microsoft where he led the development of Microsoft Dynamics, Access, and Excel. He has 26 years of experience building software used around the world. Craig loves technology and he is addicted to designing software that delights and disrupts.

“Its control-centric architecture with automated evidence collection and control testing simplifies the task of ensuring that the most critical controls are operating effectively at all times.”