# Certifications We maintain several industry certifications to make sure your business stays compliant and your customers' data remains protected. ## PCI DSS Level 1 certification We're audited every year by a Qualified Security Assessor (QSA) and certified as a [PCI DSS](/pay/security/compliance-and-security-overview.md#understanding-pci-dss) Level 1 service provider — that's the highest level of compliance in the payments industry. This certification covers our entire infrastructure, our payment processing platform, tokenization services, and secure portal access. For you, this means that: * We renew our certification every year to stay current with the latest standards. * We maintain PCI DSS v4.1 compliance (the most current version). * Our [PCI certification documentation](https://hyp.co.il/pci-certificates/) is publicly available. Note that while this certificate confirms our status, it doesn't replace the formal Attestation of Compliance (AOC). * You can request the formal AOC documents at any time. ## ISO 27001 for information security management We follow the ISO/IEC 27001 framework for information security management. This covers both the organizational and technical rules we use to protect your data and our infrastructure. ## ISO 27701 for privacy information management We also hold the ISO/IEC 27701 certification, which adds specific privacy management requirements to ISO 27001. This shows our commitment to protecting personal data and sticking to privacy regulations like GDPR. ## SOC 2 compliance We're also working toward SOC 2 certification to provide even more assurance about our security, availability, and confidentiality controls. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developers.hyp.co.il/pay/security/certifications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.