Skip to main content

Release Notes - 2025-MAR-20

Added

Smart Content is now available for all users!

  • Let Hyperproof do the work for you—quickly create a program and link its controls to pre-populated labels and risks.

  • Smart Content is currently available for the following frameworks: ISO 27001, StateRAMP, and the Hyperproof Common Controls Framework (CCF).

  • With this feature release, the option to create your own custom program has been moved from the Select a template window to the Programs page. Click the arrow next to the New button, then select Create custom program.

    create-custom-program.png

  • You can still upload your own controls manually with the option to link labels and risks. Note that this may cause some minor mismatching between controls, labels, and risks. It's extremely important that you review your program after creation to ensure that it meets the needs of your organization.

  • See Creating a program with Smart Content for more information.

Improved

Policy

  • Added support for the reassignment of deactivated users.

  • Grid improvements including version details.

  • Added support for policy document upload as part of version creation.

  • Additional approvals improvements, bug fixes, and more!

Labels

User management (Settings > People)

Vendors and questionnaires

Self-service reporting

Groups

  • Added support for '@mentioning' groups in the Activity Feed. All group members receive a notification based on their own individual notification preferences.

  • See @mention groups of users in the Ideas portal.

Freshness / Controls

  • New behavior for freshness on archived/unarchived controls.

  • If freshness is set on a control, and that control is archived, the freshness status changes to 'None' and all associated information is removed. Further, unarchiving a control does not restore the control's original freshness settings.

Automated control testing

  • You can now create Hypersyncs on a label and test the proof created by the Hypersyncs on a control. This supports easier management of Hypersyncs using labels while allowing tests to be written on controls whose requirements typically drive the test logic. Previously, Hyperproof only supported testing Hypersyncs that "lived" in the same control or label as the test.

  • See Ability to set up Hypersyncs one time and link them to controls in the Ideas portal.

  • See Automated control testing for more information.

Hypersyncs and integrations

  • New! Hypersync for Kandji. Proof types include: List of Users, List of Device Details, and List of Devices.

  • Updated! Hypersync for Tenable. Added two new fields to the 'External Vulnerabilities' proof type: First Found, Last Found, and Vulnerability Age. Also added two new filters to the proof type: Severity and Scan.

  • Updated! Hypersync for Orca. Added new filters for the following proof types: 'List of Alerts' (new filters for Cloud Provider, Status, Severity, Type, and Tags) and 'List of Assets' (new filters for Cloud Provider and Tags).

  • Updated! Hypersync for Azure. Added new proof type, List of Databases, to Azure Database for PostgreSQL Flexible Server, Azure Database for MySQL Server, and SQL Server.

Program frameworks

  • Updated! DORA updated to include RTS on ICT.

    • DORA has now been updated to include Regulatory Technical Standards on Information and Communication Technology—more generally known as RTS on ICT. This update adds nearly 500 new requirements derived from EU regulatory technical standards. It provides an incredibly useful tool set for organizations who must comply with DORA to understand the specific regulatory requirements related to DORA. Included documents: 2024/1774, 2024/1772, 2025/301, 2024/1773, 2024/1505, 2024/1502, 2024/2956, JC 2024 34, JC 2024 29, and JC 2024 53, JC 2024 36, and JC 2024 35.

    • See DORA RTS on ICTRTS on ICT in the Ideas portal.

  • Updated! APRA CPS updated to include CPS 230.

    • Previously just CPS 234, the APRA CPS program has been updated to include CPS 230. Developed by the Internal Compliance and Risk Management Department, CPS 230 and CPS 234 applies to APRA-regulated financial institutions in Australia—including banks, insurers, and superannuation funds. It integrates operational risk management with information security controls through established governance, risk assessment, harmonized policies, and continuous monitoring. This framework facilitates the mitigation of operational and cyber risks while safeguarding information assets in an evolving risk landscape.

    • Additional controls (as restatements of requirements) have been added as templates

    • Updated crosswalks

    • Includes an update map for organizations currently using CPS 234

  • The following frameworks are now available in Hyperproof EU and Hyperproof Gov:

    • Secure Controls Framework 2024

    • NIST 800-53 Full with SSP Reporting

    • ISO 26262

    • EU AI Act

Addressed issues

  • Fixed an issue where task integrations didn't appear in the task list after being created. (Case # 00009291, 00009233, 00009251, 00009318, 00009186, 00009293, 00009224, 00009325)

  • Fixed an issue in the Proof module that caused the search function not to work if a user set up a filter, then tried to narrow the search by adding a keyword. (Case # 00009339)

  • Fixed an issue where a user could not rearrange the order of linked controls in their ISO 27001 program. (Case # 00009272)

  • Fixed an issue with the Hypersync for Azure that caused resource groups not to populate. (Case # 00009534)

  • Fixed an issue that caused tasks to error out. (Case # 00009658, 00009487)

  • Fixed an issue that caused rate limit errors on the Hypersync for Okta. (Case # 00009553)

  • Fixed an issue that caused an error when trying to connect the Hypersync for Gusto. (Case # 00009524)

  • Fixed an issue that caused private proof to render as unreadable. (Case # 00009705)

  • Fixed an issue where, when viewing an audit request, the user had to click the X button twice to close the request. (Case # 00009712, 00009668, 00009626)

  • Fixed an issue with the SDK that caused samples and templates to fail on import. (Case # 00009673)

  • Fixed an issue that, when using a service account, caused notifications not to be sent when creating an issue via the API. (Case # 00009643)

  • Fixed an issue where, when deactivating an external auditor, other external auditors didn't appear in the Assign drop-down menu. (Case # 00009654)

  • Fixed an issue that caused an external auditor to not be able to accept an invitation to Hyperproof. (Case # 00009649)

  • Fixed an issue with the Hypersync for Google Workspace Platform that caused a 'Google hasn't verified this app' error. (Case # 00009745, 00009683)

  • Fixed an issue where a user didn't receive an email notification to alert them that a questionnaire had been assigned to them. (Case # 00009698)

  • Fixed an issue that caused the facepile on private proof to show inherited users with access even though those users no longer had access to the proof. (Case # 00009706)

  • Fixed an issue with the Hypersync for Microsoft Entra that caused the 'List of Users' proof type not to pull in data in the 'Last Login' column. (Case # 00009694)

  • Fixed an issue where deactivating a SysAdmin in the Access Reviews module and reassigning their work caused an error. (Case # 00009713)

  • Fixed an issue that caused contributors to receive an error message when submitting a task. (Case # 00009722, 00009721, 00009716)

  • Fixed an issue with automated control testing that caused an 'Access denied' error while viewing test results. (Case #00009692, 00009588)

  • Fixed an issue with the task integration for Jira that caused the Project field to not populate options in the drop-down menu. (Case # 00009743)

  • Fixed an issue with the Hypersync for Tenable that caused a user not to be able to the 'Export Vulnerabilities' proof. (Case # 00009739)

  • Fixed an issue that caused freshness on a label to not expire when it should've expired. (Case # 00009735)

  • Fixed an issue with custom fields where, when exporting a program, the custom field data was inputted into the incorrect field. (Case # 00009758)

  • Fixed an issue with evaluations where bulk updating the due date caused all selected evaluations to change assignee. (Case # 00009778)

In this section: