Home > Press Releases > July 11, 2019

HackerOne Achieves ISO 27001 Certification

July 11, 2019

New Certification Demonstrates HackerOne’s Commitment to the Highest Standards of Information Security and Data Protection

SAN FRANCISCO -- July 11, 2019 -- HackerOne, the global leader in hacker-powered security, today announced that it has achieved ISO/IEC 27001:2013 certification, the most widely recognized international standard outlining best practices for information security management systems.

The ISO 27001 certification demonstrates that HackerOne has met rigorous international standards in ensuring the security and integrity of the HackerOne platform. To attain the certification, HackerOne’s security compliance was validated by external auditor Coalfire ISO after a rigorous third-party assessment of its information security management system and related business processes. Coalfire ISO is accredited by the ANSI-ASQ National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS).

“Achieving ISO 27001 certification is a significant and incredibly important accomplishment,” said Reed Loden, Director of Security at HackerOne. “Security is our business, and it is a responsibility that we take seriously. This certification underscores our commitment to ensuring that our customer, partner, and researcher data is treated with the utmost respect in terms of security and privacy. We will continue to uphold our security controls and practices to the highest of standards.”

ISO/IEC 27001:2013 is an Information Security Management System (ISMS) standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO/IEC 27001:2013 standard is the most widely recognized among the ISO 27000 standard series for information security. The standard ensures that organizations have established methodologies and a framework of business and IT processes to help identify, manage, and reduce risks. More information about this standard can be found at https://www.iso.org/isoiec-27001-information-security.html.

Certification details are publicly available in the Coalfire ISO Certificate Directory and also on HackerOne’s site here. In 2018, HackerOne completed its first annual Service Organization Control (SOC) 2 Type II audit covering the security and confidentiality trust service principles created by the American Institute of Certified Public Accountants (AICPA). HackerOne achieved FedRAMP In-Process status for Tailored Low Impact SaaS in early 2019.