Magazine Store

50 Most Admired Companies of the Year 2021

Hyperproof Can Support Your Compliance Journey


As an organization grows, it generally faces growing compliance needs from regulators and customers and a greater need to manage risks through a formal approach. To help, Seattle-based Hyperproof can easily grow with an organization and accommodate growing security assurance and compliance demands. The company helps each organization adhere to any compliance framework, standard, or regulation they need to adhere to.

Hyperproof currently supports 40+ cybersecurity and data privacy compliance frameworks by providing quickstart templates within Hyperproof. Users can also quickly import a custom compliance framework into Hyperproof and manage it there. Each organization can also stand up risk registers in Hyperproof and see how risks are being mitigated by controls in

A core design principle for Hyperproof’s ace product is simplicity. The company designs software that’s easy to use, not just compliance professionals. This is important because, in a large organization, many (over 100 in some instances) stakeholders perform certain security and compliance tasks on occasion (a few times a year). They often have a very limited bandwidth to dedicate to compliance work and do not have time to learn new tools. Hyperproof has native integrations to many popular third-party communication and project management apps so stakeholders can participate in security/compliance tasks in the tools they already use. Using Hyperproof, compliance and security professionals can effectively drive accountability for risk management to business unit stakeholders, which is critical as an organization grows.

We interviewed Craig Unger, Founder and CEO of Hyperproof, recently to know more about the company. He told us about the company’s GRC solutions and why it stands out in the GRC space in detail. Read on for the excerpts from the interview.

Q. Could you tell us about your solutions? How do they help in today’s age?

Hyperproof provides cloud-based compliance operations software that is used by IT security professionals, security assurance professionals, and compliance and internal audit professionals. The software is designed with a “continuous compliance” approach in mind; it helps security and compliance pros automate security compliance work, collaborate effectively with stakeholders across their organization, and drive accountability for security further into business units, IT engineering, and product development teams.

Q. There are other major players in this segment. How do your services standout from the rest?

Unlike other GRC solutions, Hyperproof is 100% focused on helping organizations manage their risks and their compliance programs consistently day-in and day-out. We help organizations take an iterative, agile, and proactive approach to manage their risks so they become better protected in today’s fast-changing risk environment. We are building a product that’s easy for non-compliance professionals to use and works seamlessly with tools organizations already have. We do not want adopting a new tool to become a burden for our customers. Many of our competitors provide products that are complex, clunky, and not easy for non-compliance professionals to use.

Further, we do not believe in taking a “checklist”/box-ticking approach to security assurance. Some of our competitors are trying to lead startups to believe that they can hurry up and get through a security assessment such as SOC2 by following a template or checklist; that they should just be trying to “get it over with.” At Hyperproof, we believe that it’s important for each organization to take compliance seriously because it yields business and security benefits. We want each organization to treat security and risk management as organizational capabilities and make continuous improvements to how they identify and respond to risks. Our software is built to support an approach where risks and controls can be managed on an ongoing basis.

Additionally, we don’t think software alone is the answer. We know that organizations need a lot of help building and maturing their security and compliance programs. We partner with leading CPA firms and Managed Security/Compliance Service Providers (MSSPs) who are trying to help organizations improve their security posture and resilience. These partner firms leverage Hyperproof in their client engagements to gain efficiencies and help their clients build effective data protection compliance programs.

Q. Tell us in brief about your data management system and compliance.

As a compliance software company whose products house risk and compliance information from our customers, we view our ability to protect our customers’ data and their privacy as critical to our mission. Hyperproof has received SOC 2 Type 2 and HIPAA certifications. Hyperproof’s SOC 2 service commitments and system requirements were achieved based on the trust services criteria relevant to Security, Availability, and Confidentiality set forth in TSP Section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). For Hyperproof’s HIPAA certification, we implemented the controls that address the HIPAA Security Final Rule in regards to user entities’ ePHI data. We are also actively working to achieve ISO 27001 and FedRAMP Low Impact SaaS.

Q. Specialized security solutions available on the market often come with an expensive price tag. How do you maintain your affordability and profitability?

The Hyperproof Solution is very unique in that it scales from smaller organizations, such as startups, all the way up to the largest enterprises. The price point varies based on the features deployed across those customer sets, but the size and scale of the addressable market makes for a very attractive and profitable opportunity.

Hyperproof’s pricing is based on the number of compliance frameworks an organization adheres to and manages within Hyperproof. There is generally a linear relationship between organization size and the number of compliance frameworks they need to manage. This keeps the product affordable for all customers.

We also have multiple Product SKUs that are largely differentiated by how many third-party tools an organization wants to connect Hyperproof to (e.g. project management apps, communication apps, cloud-services) to enable automations and easy collaboration between compliance professionals and business stakeholders/IT professionals/engineers. This type of pricing structure also allows small organizations and those newer to compliance to start with a lower-cost product. And as they mature and seek to automate more compliance work, they can move to a higher-priced SKU that has more features.

Since our company is building software and running a SaaS-business where customers pay 12-, 24- or 36- months subscriptions, we experience economies of scale and a reduction in per-unit-cost as we gain new customers.

Q. Do you provide tailor-made services to clients based on their services?

No, we do not provide tailor-made services. However, Hyperproof gives all of our customers the ability to customize it to their own needs. For instance, we allow customers to upload a custom compliance framework into the Hyperproof platform by uploading a CSV.

Q. What does the future hold for your company and its customers? Are exciting things on the way?

Here at Hyperproof, we are planning to deliver some product enhancements in Q3, 2021 that customers are eager to take advantage of, including:

  • Capabilities to help users manage multiple compliance frameworks efficiently. Hyperproof will provide a guided experience that helps you identify all existing controls that can be leveraged to meet requirements in a new framework— so you don’t have to start the control mapping process from scratch
  • Capabilities to help users automate evidence collection and the reporting work they must do to meet certain compliance standards. For instance, we will build connectors between Hyperproof and multiple third-party services (e.g., CrowdStrike) so that a compliance manager can quickly review compliance evidence without manually logging into multiple tools. And the evidence would already be organized / categorized in a way that is easy to share with auditors. We will also release the ability for users to automatically generate SSP reports for FedRAMP – a comprehensive overview of one’s security program describing all the security controls used to secure a cloud environment
  • Automations to monitor all controls in an organization. Hyperproof will allow users to set automated tasks based on events happening in their Hyperproof instance – making control monitoring automated and much easier. This is important because many organizations today have a complex control environment with hundreds of controls and sub-controls covering different products; it’s simply not possible for compliance professionals to manually review and monitor each control.

We are also working with some of our professional services partners to develop new services in the next few months around becoming compliant and certified in particular compliance frameworks.

Q. Do you have any new services ready to be launched?

No. However, we just launched our Vendor Risk Management module in May 2021. This software allows users to maintain oversight over all of their vendors, manage vendor risk assessment questionnaires, score vendors from a risk perspective, and manage vendor remediation workflows.

The Visionary Leader

Craig Unger, Founder and CEO

As the CEO of Hyperproof, Craig strongly believes that the best way for a company to build effective software is for company employees to listen closely to its customers and build products that solve the customer’s major pain points. Under Craig’s leadership, listening to customers has become a core part of Hyperproof’s DNA.

Prior to founding Hyperproof, Craig founded Azuqua and was a leader at Microsoft where he led the development of Microsoft Dynamics, Access, and Excel. He has 28 years of experience building software used around the world. Craig loves technology and is addicted to designing software that delights and disrupts.

"The Hyperproof Solution is very unique in that it scales from smaller organizations, such as startups, all the way up to the largest enterprises.”