Skip to main content

Release Notes - 2026-MAR-11

Added

  • Risk Intake Surveys: Support for one-time passcodes

    Risk intake surveys require secure, auditable access. When a survey recipient opens a survey, if they don't have a Hyperproof login, they will be prompted to verify their identity using a one-time passcode sent to their email address. Access to the survey is granted only after verification is successful.

    Risk intake surveys now use a list of allowed email domains to limit survey access to users in your company or organization. To create a list of allowed email domains, open the Risk Intake Register, select the Details tab, and add the necessary email domains to the Allowed email domains field one at a time, pressing Enter after each one.

    Users with an existing Risk Intake Register will have an empty Allowed email domains field. In this case, Hyperproof prepopulates the Allowed email domains field with the most common email domain across Hyperproof users in your Hyperproof organization. In all cases, if a survey respondent's email domain doesn't match any entry in the Allowed email domains field, they are shown an Access Denied message and asked to contact an administrator. Administrators can add email domains to the list at any time.

  • ServiceNow Task Integration - Incidents Supported

    We’ve expanded our ServiceNow task integration to give you even more flexibility. You can now link Hyperproof tasks directly to ServiceNow Incidents, ensuring your remediation efforts and evidence collection stay perfectly in sync. Hyperproof tasks can be linked to the following ServiceNow record types:

    • Catalog Tasks

    • Incidents - New!

    • Incident Tasks

    • Problem Tasks

    While you can now link to these primary records, keep in mind that the integration does not automatically link child tasks or nested sub-tasks. You’ll need to link the specific record you want to track in Hyperproof individually.

Improved

  • New source type for issue imports

    When importing issues from the Work Items window, you can now include Assessments as a source type.

Hypersyncs and integrations

  • Updated! Hypersync for AWS

    • Added the ability to select multiple S3 buckets when configuring S3 proof types.

    • Added a filter for Asset Type to all EC2 and RDS proof types.

  • Hypersync timeouts have been increased from 30 minutes to 50 minutes to allow Hypersyncs to collect larger data sets.

  • Added! 81 Hypersyncs

    • Ticketing: Aha!, Basecamp, ClickUp, Dixa, Freshdesk, Freshservice, Front, Gladly, Gorgias, Help Scout, Hive, HubSpot Ticketing, Intercom, Ironclad, Kustomer, Linear, Rally, Re:amaze, Salesforce Service Cloud, Shortcut, SpotDraft, Teamwork, Trello, Wrike, Zendesk, Zoho BugTracker, Zoho Desk

    • CRM: Accelo, ActiveCampaign, Capsule, Close, Copper, HubSpot, Insightly, Keap, Microsoft Dynamics 365 Sales, Nutshell, Pipedrive, Pipeliner, Salesflare, SugarCRM, Teamleader, Vtiger

    • Applicant Tracking (ATS): ApplicantStack, Ashby, Breezy, CATS, Clockwork, Comeet, Cornerstone TalentLink, Crelate, EngageATS, Eploy, Flatchr, Fountain, Gem, Greenhouse, Harbour ATS, Homerun, iCIMS, Infinite BrassRing, JazzHR, JobAdder, JobDiva, JobScore, Jobvite, Join, Lever, Manatal, Occupop, Onlyfy, Recruiterflow, SmartRecruiters, Taleez, TalentLyft, TalentReef, Teamtailor, Tellent Recruitee, Traffit, Tribepad, Workable

Program frameworks

  • Hyperproof now has its own proprietary crosswalk that maps all requirements from all our programs across nearly 2,500 domains. New mappings are available in Hyperproof and appear as brand-new sets of related requirements between programs and in Jumpstart.

    • This new content set enables granular mappings between programs for every requirement in Hyperproof, so you spend less time adding and removing controls after Jumpstart.

    • It provides crosswalk capabilities across new domains, including Quality, Health, Privacy, Banking and Trading, GxP & Pharmacy, Gaming, Defense, Cloud Management, Physical Security, ESG, Accessibility, Aviation, Automotive, Services, and AI.

  • New frameworks (21)!

    Privacy

    • Australian Energy Sector Cyber Security Framework (AESCSF) v2 Core

    • Australia Privacy

    • BSI IT-Grundschutz (200-Series)

    • CISA Cross-Sector Cybersecurity Performance Goals Version 2.0

    • Digital Personal Data Protection Act (DPDPA) 2023 with DPDP Rules 2025 (India)

    • Dubai Electronic Security Center (DESC)

    • Japanese Act on the Protection of Personal Information (APPI)

    • Malaysia Personal Data Protection Act 2010

    • NIST 800-172 - Enhanced Security Requirements for Protecting CUI

    • United Kingdom General Data Protection Regulation (UK GDPR)

    Quality

    • FDA 21 CFR Parts 210, 211 (cGMP)

    • FDA 21 CFR Subchapter H - Medical Devices

    • ICH Q10 Pharmaceutical Quality System

    • PIC/S Guide to Good Manufacturing Practice for Medicinal Products Part I

    • SAE AS9100D: Quality Management Systems

    Compliance Management

    • GLI-33 - Standards for Event Wagering Systems

    • ISO 18788:2015 — Management system for private security operations

    • ISO 37301:2021, Compliance management systems

    • Security of Critical Infrastructure Act 2018 (SOCI Act)

    Infrastructure

    • Google Cloud Well-Architected Framework

    • Microsoft Azure Well-Architected Framework

  • Updated Frameworks (9)!

    Security

    • Australia ASD Essential Eight Maturity Model

    • Australia ISM for IRAP and ASD by ACSC, September 2025

    • FBI Criminal Justice Information Services (CJIS) Security Policy 6.0

    • GovRAMP rev. 5

    • Secure Controls Framework (SCF) - December 2025

    Infrastructure

    • ETSI EN 319 401 v3.1.1

    • ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection

    • PCI PIN Security Requirements and Testing Procedures v3.1

    Privacy

    • ISO 27701:2025 Information security... — Privacy information management systems

    FI

    • SWIFT Customer Security Controls Framework (CSCF) v2026

  • New! 20 additional Frameworks that support Smart Content

    • AICPA SOC 2

    • BSI

    • CIS Controls

    • CMMC SPRS Score

    • CSA Cloud Controls Matrix (CCM) v4.1

    • DORA (Digital Operational Resilience Act)

    • EU AI Act (June 2024)

    • GDPR (General Data Protection Regulation)

    • Hyperproof CCF

    • ISO 9001:2015

    • ISO 22301:2019

    • ISO 27017:2015

    • ISO 42001:2023 - Artificial intelligence management system

    • NIS2 Directive

    • NIST 800-171

    • NIST AI Risk Management Framework (RMF)

    • NIST Cybersecurity Framework (CSF) 2.0

    • NYDFS Part 500

    • SOX ICFR and ITGC - Sarbanes–Oxley Act

    • TISAX VDA ISA 6

Important update

As part of a technology upgrade, the Hyperproof Gov production IP addresses have been replaced as noted in the 2025-NOV-20 release notes.

This change affects any Hyperproof integration where the other system Hyperproof is connecting to has restrictions on the IP addresses allowed to access them. To avoid any connection disruptions caused by this change, we recommend you update any allowlists you might have to include the following IP addresses:

  • Main app: 4.155.77.155

  • Integration: 4.155.78.5

  • Downloads from Hyperproof: 4.155.8.97

Failure to update your allowlists with our new IP address could result in failed connections for:

  • Hypersyncs

  • LiveSyncs

  • Task integrations

  • Selecting proof from a cloud storage system

  • Connections between Hyperproof and any other third-party system that requires an entry in their allowlist

We strongly recommend making this update as soon as possible to prevent any service disruption.

Addressed issues

  • Fixed a time-out issue in the proof list when using the select all option. (Case # 00010096)

  • Fixed an issue where users experienced slow load times when working with controls or viewing the Controls health widget on the Overview page. (Case # 00010793)

  • Fixed an issue in audit request exports where the Priority column was missing when exporting data in XLSX format. (Case # 00011014)

  • Fixed an issue where scopes and hierarchical scopes were not updating correctly in the user interface or were being duplicated, leading to data inconsistencies. (Case # 00011223, 00011226, 00011249, 00011250)

  • Fixed an issue in the ServiceNow integration where manually syncing tasks resulted in an error. (Case # 0011267)

  • Fixed an issue where clicking a scope assignment link from the inherited access menu in the membership window on a task resulted in an unexpected error. (Case # 00011154, 00011473, 00011509)

  • Fixed an issue where Jumpstart coverage percentages were calculated incorrectly for certain frameworks, such as SOC 2 and UK Cyber Essentials. (Case # 00011362)

  • Fixed an issue where an error occurred when attempting to link one evaluation to another. (Case # 00011370)

  • Fixed an issue where enabling SCIM for Okta resulted in a bad request error, preventing successful user provisioning. (Case # 00011367, 00011451)

  • Fixed an issue where legitimate user traffic was incorrectly blocked by security rules, ensuring uninterrupted access. (Case # 00011386)

  • Fixed an issue where an unexpected error occurred if the user attempted to access a control with scopes that were linked to labels. (Case # 00011393)

  • Fixed an issue in the Hypersync for Paylocity where personal email addresses were collected instead of work email addresses. (Case # 00011416)

  • Fixed an issue collecting the Hypersync for Microsoft Intune List of Compliance Policies and Devices Without a Compliance Policy where unknown errors were generated. To collect these proof types: (Case # 00011434, 00011440)

    • Make sure that you have the Policy.Read.All Intune permission. To add this permission, update the Intune role assigned to the user credentials used by the Hypersync connection to include the View all device compliance policies permission.

    • In addition, you must reauthenticate the Microsoft Intune connection by updating your credentials for the connection on the Connected accounts window. See Fixing an unhealthy connection in Managing Hypersync connection health.

  • Fixed an issue where ServiceNow integrated tasks sent inconsistent notifications compared to other integrated task types. (Case # 00011423)

  • Fixed an issue where task approvals were not being generated when enabled on a task regardless of the role of the user. (Case # 00011530)

  • Fixed an issue where, in some cases, SSO login requirements were not correctly enforced for users who were not members of the governing organization.

In this section: