Certified
ISO 27001
ISO/IEC 27001:2022
Information Security Management System. CyberRank operates a documented ISMS with quarterly risk assessments and annual external audits.
16 frameworks · audited annually
Globally certified. Audit-ready by default.
CyberRank is independently audited across ISO, SOC, PCI-DSS, and the regional privacy and resilience frameworks regulators care about — and we ship templates for every one of them so you can hold your vendors to the same bar.
- 6
- ISO standards
- 3
- SOC reports
- 7
- Regional regs
Audits & certifications
A compliance wall you can actually verify.
We work with independent external auditors and regional regulators to maintain certifications across information security, privacy, business continuity, and sector-specific resilience frameworks. Every audit report below is either publicly available or shareable under NDA on request.
ISO / IEC standards
Information security & operational management
Certified
ISO 27017
ISO/IEC 27017:2015
Cloud-specific security controls covering tenant isolation, virtual environment hardening, and shared-responsibility boundaries.
Certified
ISO 27018
ISO/IEC 27018:2019
PII protection in public cloud. Establishes responsibilities for processing personal data on behalf of customers.
Certified
ISO 27701
ISO/IEC 27701:2019
Privacy Information Management System extending ISO 27001 with privacy-specific controls aligned to GDPR principles.
Certified
ISO 22301
ISO 22301:2019
Business Continuity Management. CyberRank maintains tested recovery plans for platform, data, and customer-facing services.
Certified
ISO 9001
ISO 9001:2015
Quality Management System ensuring consistent delivery, continuous improvement, and structured customer feedback loops.
Service organisation reports
Independent attestation of our controls
Audited
SOC 1 · Type II
AICPA SSAE 18
Audited internal controls over financial reporting — relevant for customers who include CyberRank in their own SOX scope.
Audited
SOC 2 · Type II
Trust Services Criteria
Annual independent audit of security, availability, processing integrity, confidentiality, and privacy. Report available under NDA.
Audited
SOC 3
Public attestation
Publicly downloadable summary of our SOC 2 audit — share with stakeholders without requesting an NDA.
Cloud & data-security frameworks
Sector-recognised technical baselines
Certified
CSA STAR
Cloud Controls Matrix v4
Cloud Security Alliance STAR registry entry covering CCM v4 — public evidence of our cloud security posture.
Compliant
PCI DSS v4.0
Payment Card Industry
CyberRank does not store cardholder data directly — payment processing is delegated to PCI-DSS certified processors.
Regional & sectoral regulations
Privacy, financial resilience, and critical-sector frameworks
Compliant
GDPR
EU 2016/679
Standard Contractual Clauses, data-residency options, and a documented DPA available to every customer in the EEA and UK.
Compliant
HIPAA
US 45 CFR Part 160 / 164
Business Associate Agreement available for healthcare customers; controls aligned to the HIPAA Security and Privacy Rules.
Compliant
DORA
EU 2022/2554
Digital Operational Resilience Act. CyberRank ships register-of-information templates and critical-TPP classification workflows.
Compliant
NIS2
EU 2022/2555
Network and Information Security Directive 2. Supply-chain controls, incident reporting timelines, and management oversight.
Compliant
NIST CSF 2.0
US National Institute of Standards
Govern-Identify-Protect-Detect-Respond-Recover. Built-in mapping for organisations using NIST as their primary framework.
Need something specific?
Custom framework, sector questionnaire, or auditor walkthrough?
Our compliance team will share evidence under NDA, walk your auditor through controls, or help you build a custom assessment template that maps to your industry’s regulator. No sales calls required.
Documentation