{"id":17632,"date":"2021-03-29T16:51:12","date_gmt":"2021-03-29T23:51:12","guid":{"rendered":"https:\/\/web.hypothes.is\/?page_id=17632"},"modified":"2024-09-06T05:57:17","modified_gmt":"2024-09-06T09:57:17","slug":"security","status":"publish","type":"page","link":"https:\/\/web.hypothes.is\/security\/","title":{"rendered":"Security at Hypothesis"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\"  style='background-color: rgba(255,255,255,0);background-position: center center;background-repeat: no-repeat;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;'><div class=\"fusion-builder-row fusion-row \"><div  class=\"fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-builder-column-0 fusion-one-full fusion-column-first fusion-column-last 1_1\"  style='margin-top:0px;margin-bottom:20px;'><div class=\"fusion-column-wrapper\" style=\"padding: 0px 0px 0px 0px;background-position:left top;background-repeat:no-repeat;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;\"   data-bg-url=\"\"><div class=\"fusion-text\"><p>Hypothesis understands the importance of protecting the security of our users\u2019 data. In order to do this we employ a variety of development approaches and security controls based on industry best practices. For higher education customers, we have documented these in our HECVAT response. We have also completed a Cloud Security Alliance CAIQ assessment, and document the SOC (Systems and Organization Controls) compliance for our systems. Finally, we regularly perform vulnerability testing of our software and network environment.<\/p>\n<p>Our most recent reports:<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/web.hypothes.is\/soc-compliance\/\">Hypothesis SOC Compliance<\/a><\/strong><\/li>\n<li><strong><a href=\"https:\/\/web.hypothes.is\/hecvat\/\">Current Hypothesis HECVAT<\/a><\/strong><\/li>\n<li><strong><a href=\"https:\/\/drive.google.com\/file\/d\/1m7IcqB19jWzX3OIK1Eem1kVf4t5jK_bs\/view\">TX-RAMP<\/a><\/strong><\/li>\n<li><strong><a href=\"https:\/\/web.hypothes.is\/vulnerability-reports\/\">Hypothesis Quarterly Software and Network Vulnerability Reports<\/a><\/strong><\/li>\n<li><strong><a href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1shXJo5FJyGFP4dGZVWIi0RPtnkIzO2IRv-dM4KJbMPM\/edit#gid=33242255\">Cloud Security Alliance CAIQ assessment<\/a><\/strong><\/li>\n<\/ul>\n<p>The methods we use to protect the security of users\u2019 data include:<\/p>\n<ul>\n<li aria-level=\"1\">Following software development best practices to avoid common vulnerabilities<\/li>\n<li aria-level=\"1\">Following cloud infrastructure best practices to prevent unauthorized access to data<\/li>\n<li aria-level=\"1\">Static analysis of our code<\/li>\n<li aria-level=\"1\">Automatic vulnerability monitoring for third-party dependencies<\/li>\n<li aria-level=\"1\">Security awareness training for our staff<\/li>\n<li aria-level=\"1\">Regular security assessments of our infrastructure<\/li>\n<li aria-level=\"1\">Automated log analysis and security event alerting<\/li>\n<li aria-level=\"1\">Third-party audits for vulnerabilities in our software<\/li>\n<li aria-level=\"1\">Third-party penetration testing of our infrastructure<\/li>\n<\/ul>\n<p>For more information on how we handle user data, see:<\/p>\n<ul>\n<li aria-level=\"1\"><a href=\"https:\/\/web.hypothes.is\/privacy\/\">Privacy Policy<\/a><\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/web.hypothes.is\/terms-of-service\/\">Terms of Service<\/a><\/li>\n<li aria-level=\"1\"><a href=\"https:\/\/web.hypothes.is\/abuse-policy\/\">Abuse Policy<\/a><\/li>\n<\/ul>\n<\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><style type=\"text\/css\">.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:after {color: #bd1c2b;}.fusion-fullwidth.fusion-builder-row-1 .pagination a.inactive:hover, .fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a {border-color: #bd1c2b;}.fusion-fullwidth.fusion-builder-row-1 .pagination .current {border-color: #bd1c2b; background-color: #bd1c2b;}.fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a, .fusion-fullwidth.fusion-builder-row-1 .fusion-date-and-formats .fusion-format-box, .fusion-fullwidth.fusion-builder-row-1 .fusion-popover, .fusion-fullwidth.fusion-builder-row-1 .tooltip-shortcode {color: #bd1c2b;}#main .fusion-fullwidth.fusion-builder-row-1 .post .blog-shortcode-post-title a:hover {color: #bd1c2b;}<\/style>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":51,"featured_media":0,"parent":0,"menu_order":169,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-17632","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/pages\/17632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/users\/51"}],"replies":[{"embeddable":true,"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/comments?post=17632"}],"version-history":[{"count":11,"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/pages\/17632\/revisions"}],"predecessor-version":[{"id":9004111222051415,"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/pages\/17632\/revisions\/9004111222051415"}],"wp:attachment":[{"href":"https:\/\/web.hypothes.is\/wp-json\/wp\/v2\/media?parent=17632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}