Security at Hypothesis

Hypothesis understands the importance of protecting the security of our users’ data. In order to do this we employ a variety of development approaches and security controls based on industry best practices. For higher education customers, we have documented these in our HECVAT response. We have also completed a Cloud Security Alliance CAIQ assessment, and document the SOC (Systems and Organization Controls) compliance for our systems. Finally, we regularly perform vulnerability testing of our software and network environment.

Our most recent reports:

• Hypothesis SOC Compliance
• Current Hypothesis HECVAT
• TX-RAMP
• Hypothesis Quarterly Software and Network Vulnerability Reports
• Cloud Security Alliance CAIQ assessment

The methods we use to protect the security of users’ data include:

• Following software development best practices to avoid common vulnerabilities
• Following cloud infrastructure best practices to prevent unauthorized access to data
• Static analysis of our code
• Automatic vulnerability monitoring for third-party dependencies
• Security awareness training for our staff
• Regular security assessments of our infrastructure
• Automated log analysis and security event alerting
• Third-party audits for vulnerabilities in our software
• Third-party penetration testing of our infrastructure

For more information on how we handle user data, see:

• Privacy Policy
• Terms of Service
• Abuse Policy