Trust & Compliance Center

Trust, in the open.

Everything a security, risk or procurement team needs to evaluate HyperNext, in one place. Certifications, security posture, data residency, the policies we publish, our subprocessors and our service levels. Where a document is available only under NDA, we say so and tell you how to request it.

Certifications

Engineered to global
benchmarks.

Every HyperNext facility is designed, built and operated to align with the standards that define the category. Certification audits are scheduled against each facility's commissioning timeline, so design-stage certification comes first and constructed-facility certification follows at commissioning.

Facility & reliability

Uptime Tier III & IV

Uptime Institute Tier III and Tier IV, design and constructed-facility certification. ANSI/TIA-942 telecommunications infrastructure. BICSI 002 data center design and implementation.

Information security

ISO 27001 family & SOC

ISO/IEC 27001 ISMS, 27017 cloud security controls and 27018 protection of personal data in public cloud. SOC 1 Type II and SOC 2 Type II for security, availability, processing integrity and confidentiality.

Quality, environment & safety

ISO 9001 / 14001 / 45001

ISO 9001 quality management, ISO 14001 environmental management and ISO 45001 occupational health and safety. LEED Platinum at the flagship campus, LEED Gold across the portfolio, IGBC Green at every Indian campus.

Data residency & sovereignty

Three layers,
tested separately.

Sovereignty is not one question. We answer all three: where data sits, whose law governs access to it, and who has operational control. The framework, with explicit tests for each layer, is documented in HN-RP-003.

LAYER 01

Where data sits

Hard India-only residency for Indian workloads, enforced in the platform, not promised in a clause. International campuses keep data in their own jurisdiction.

LAYER 02

Whose law governs access

Operated by HyperNext Data Center Limited, an Indian-incorporated, Indian-headquartered, Indian-taxed entity, CIN U63111TS2025PLC204792. No foreign-parent escalation path.

LAYER 03

Who has operational control

All site reliability and privileged-access staff are resident in India. Operational control of Indian infrastructure stays in Indian hands.

Security posture

Security, by design
and by default.

Management system

Risk-based ISMS

An ISO/IEC 27001-aligned information security management system, governed, measured and audited. Full detail in the Information Security Policy.

Operations

24x7 SOC and NOC

Security and network operations monitored around the clock, per tenant, on the HyperNext platform. 365 days of security logs retained and available to the tenant they belong to.

Physical

Tier IV facilities

Compartmentalised, concurrently maintainable facilities with layered physical access control, designed and operated to Uptime Tier IV.

Data

Encryption and audit

Encryption in transit and at rest, key management under tenant control where required, and a tamper-evident audit trail for privileged actions.

Published policies

Read the rules
we run by.

We publish our group policies in full. Read any of them, or request a signed, classification-marked PDF for your audit file.

SECURITY

Information Security

ISMS, access control, cryptography, incident response. Read policy.

PRIVACY

Data Protection

Personal data as fiduciary and processor, built around the DPDP Act 2023. Read policy.

GOVERNANCE

Governance & Ethics

Code of conduct, procurement, anti-bribery, whistleblowing. Read policy.

SERVICE

Acceptable Use

The rules that keep the platform lawful, secure and available. Read policy.

All policies ›

Subprocessors & supply chain

Who we work
behind the service.

HyperNext operates its own infrastructure directly. Where we engage a subprocessor that may process customer personal data, we maintain a current subprocessor list and make it available to customers under their Data Processing Agreement.

Our technology and equipment supply chain is published on the Partners page and includes NVIDIA, AMD and HPE for compute, IBM for sovereign cloud and enterprise platforms, and Schneider Electric, Eaton, Delta and Kirloskar Oil Engines for power. These are equipment and platform partners. They are listed for transparency and are distinct from subprocessors that handle customer personal data.

To request the current subprocessor list, or to be notified of changes to it, email governance@hypernxt.com under your Data Processing Agreement.

Service levels

Commitments you can
hold us to.

Service levels are set in your signed Service Level Agreement, not on a web page. What we publish here is the shape of the commitment. The binding numbers and credits are in your contract.

Availability

Written, per tenant

An availability commitment in writing for each tenant, measured on the HyperNext platform, with service credits if a target is missed.

Monitoring

Live and verifiable

Power, cooling, security and network watched around the clock from the NOC, with per-tenant reliability reporting you can audit.

Posture

Concurrently maintainable

2N power and cooling and compartmentalised fault domains, so maintenance does not require downtime.

Due diligence

Documents on request.

For audits and vendor risk reviews, the following are available to qualified customers and prospects under NDA: SOC reports, ISO certificates as they are issued, penetration-test summaries, the subprocessor list, and signed PDF copies of any published policy.

To start a security or vendor-risk review, or to request any of the above, email governance@hypernxt.com for compliance and policy documentation, or security@hypernxt.com for security and audit artefacts. Tell us which documents you need and the purpose, and we will respond within one working day.

Vendor risk & due diligence

Start a review.

Bring us your security questionnaire, your sovereignty requirements and your audit checklist. We answer in writing, and we put the evidence behind every answer.