Skip to main content

Release Notes - 2024-FEB-22


Roles and permissions: Limited Access User role

A new organization Limited Access User role provides customers with more flexibility for granting access to Hyperproof. For users with this role, Hyperproof only displays the objects that they are specifically granted access to via the object facepiles or have membership through the inheritance model.

For more information on inherited access, see Inherited access versus direct access

A few additional notes on the behavior:

  • Application start page - Like the User role:

    • The Overview page has been removed from the left-hand navigation.

    • The Work items page is the start page for the application.

  • Application navigation - Users with this role can navigate to all of the modules/pages enabled for the organization. Only the objects they have membership in are listed in each of these places.

  • Users with this role have permission to create work items (Tasks, Issues, etc) and upload proof.


There is a separate object-level Viewer role planned for Q1 as a companion to the Limited Access User role, with which you can grant view-only access to specific objects, instead of edit access via the object-level manager or contributor roles.

Custom logo in email notifications is in Managed Rollout (MRO)

Administrators can now choose to add a custom logo to Hyperproof-generated email notifications, including vendor emails. Configure your logo on the Settings > General page. Once uploaded, an administrator can send themselves a test notification to see how the logo looks in our emails. Custom logos can be turned off at any point if you no longer wish to have your logo included in notification emails.

Note that images are scaled such that 200px is the largest dimension but aspect ratios will remain the same. See the Custom Logos idea in the Ideas portal.  

Single sign-on authentication

We’ve expanded Hyperproofs single sign-on (SSO) capabilities to support the configuration of multiple identity providers (IDP), such as Okta, Microsoft Entra ID (formerly Azure AD), or JumpCloud, for one email domain.


  • When adding a custom field, you can now add up to 500 values for Single-select or Multiple-select field types.

  • Exporting proof calculates and displays the size of the proof selected up to a maximum of 1.5 GB.  When that maximum is reached, you must start a new export. (Case # 00007868, 00007871)

Analytics sunsetting

Hyperproof plans to retire the Analytics module on March 28, 2024. After this date, you cannot access or use the Analytics module. Note that the in-app dashboards are unaffected by this change. Analytics will be replaced soon with a Self-service reporting module based on a Snowflake data warehouse provided by Hyperproof. For more information, see the Analytics Module Sunsetting announcement.

Hyperproof API change in functionality

When uploading proof to a control, label, or task using the API, the API response contains the proof metadata, including the ownedBy field. This is the owner of the proof. The value returned is the entire user object instead of the owner ID. In the April 4, 2024 release (postponed one release), API calls that return proof metadata will only return the owner ID in the ownedBy field as is already noted in the API documentation.

Use the owner ID returned in the response to look up the User information in the Users API. API details are available at

Program frameworks

  • New framework: Australia ASD Essential 8 is now available. Includes crosswalks and controls.

  • New framework: ISO 20000 is now available as a framework. Does not include crosswalks or controls.

  • New framework: NIST 800-82 is now available as a framework. Does not include crosswalks or controls.

  • Updated framework: TISAX version 6 is now available. Includes crosswalks, framework upgrade map, and controls.

Addressed issues

Customer issues

  • Fixed an issue where repeating tasks failed to create a Jira issue because there was an incorrectly formatted Jira label name in the task template, such as a label name with spaces. (Case # 00007775)

  • Fixed an issue where the Tenable Access Groups proof type didn’t collect any data. (Case # 00007960)

  • Fixed an issue where some requirements assessments also appeared in audits. (Case # 00007843)

  • Fixed an issue with evaluation details where the Evaluating section couldn’t be expanded when the arrow was clicked. (Case # 00007846)

  • Fixed an issue where the confirmation message for unlinking a control from a request referred to a label instead of a request. (Case # 00007926)

  • Fixed an issue where the issue count on a control’s health widget under control details displayed 0 active issues while the grid view did display active issues. (Case # 00007788, 00008012)

  • Fixed an issue when exporting proof from the request list in an audit where confirmation messages for preparing and downloading the export file were no longer displaying.  (Case # 00007913)

  • Fixed an issue with the Import Wizard where it was not checking for duplicates, which caused the Risk import process to fail. (Case # 00007967)

  • Fixed an import issue where imported issues couldn’t be linked to a Risk Register. (Case # 00007783

  • )Fixed a problem importing issues where values for Impact and Effort Level were set to Unknown. (Case # 00007765)

  • Fixed an issue when attempting to import controls to update the assigned scopes, the Scopes column was blank. (Case # 00007919)

  • Fixed a problem where closing an Issue did not update the Closed On date. (Case # 00007918) See the Issues Closed date automates based on status Idea in the Ideas portal.

  • Fixed an issue where some integrated Jira tasks could not be opened in Hyperproof. (Case # 00007950)

  • Fixed an issue where some Wiz proof types could not be accessed. (Case # 00007951)

  • Enabled using an allowlist with the Splunk Hypersync when Splunk is accessed via a VPN. (Case # 00007963)

  • Fixed an issue where bulk edits to scope members were not saving. (Case # 00007842, 00007934)

  • Fixed an issue in the user interface when filtering for controls to evaluate in an assessment, expanding scopes, and selecting the associated checkboxes caused the control count at the bottom of the window to double. (Case # 00007970)