HackerOne, the global leader in hacker-powered security, today announced that it has achieved ISO/IEC 27001:2013 certification, the most widely recognized international standard outlining best practices for information security management systems.
The ISO 27001 certification demonstrates that HackerOne has met rigorous international standards in ensuring the security and integrity of the HackerOne platform. To attain the certification, HackerOne’s security compliance was validated by external auditor Coalfire ISO after a rigorous third-party assessment of its information security management system and related business processes. Coalfire ISO is accredited by the ANSI-ASQ National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS).
“Achieving ISO 27001 certification is a significant and incredibly important accomplishment,” said Reed Loden, Director of Security at HackerOne. “Security is our business, and it is a responsibility that we take seriously. This certification underscores our commitment to ensuring that our customer, partner, and researcher data is treated with the utmost respect in terms of security and privacy. We will continue to uphold our security controls and practices to the highest of standards.”
ISO/IEC 27001:2013 is an Information Security Management System (ISMS) standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO/IEC 27001:2013 standard is the most widely recognized among the ISO 27000 standard series for information security. The standard ensures that organizations have established methodologies and a framework of business and IT processes to help identify, manage, and reduce risks. More information about this standard can be found at https://www.iso.org/isoiec-27001-information-security.html.
Certification details are publicly available in the Coalfire ISO Certificate Directory and also on HackerOne’s site here. In 2018, HackerOne completed its first annual Service Organization Control (SOC) 2 Type II audit covering the security and confidentiality trust service principles created by the American Institute of Certified Public Accountants (AICPA). HackerOne achieved FedRAMP In-Process status for Tailored Low Impact SaaS in early 2019.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,400 other organizations have partnered with HackerOne to find over 120,000 vulnerabilities and award over $58M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.