Compliance standards at Tyk

Security is super important to us, as we know it is for you, particularly in this fast-paced and ever-changing modern world. We ensure to be as secure as possible by setting clear and effective security and policy objectives, risk assessment and controls.

We’ve tried to keep the technical jargon and legal mumbo jumbo to a minimum yet be clear on how seriously we follow all the required rules and regulations. These certifications demonstrate our commitment to quality management systems and information security, and they show we aim to stay on par (at the very least!) with industry-defining compliance standards.

There’s a reason why we’re trusted with mission-critical systems in highly regulated industries worldwide. Tyk meets industry security standards, follows the most robust control criteria, and invests in a dedicated compliance function that consistently improves and innovates its processes. This is how we give our clients the confidence to build secure services and products.

ISO 27001

ISO27001 is an internationally recognised standard that stipulates managing information security within the business.

Compliance with this standard reduces the chances of security risks and breaches within the business environment, whether physical, supply chain, IT environment, internal or external.

Tyk is proud to be ISO27001 certified, with a compliant information security management system covering all security controls. The standard is embedded into how we work, allowing us to keep pace with any threats, changes, vulnerabilities and business impacts. 

ISO 9001

ISO9001 is an Internationally recognised quality management standard. This standard is a powerful improvement tool helping businesses to drive continuous improvement, streamline operations and assess and meet customer needs and overall customer satisfaction.

Tyk is certified to this standard, helping us to increase efficiency and productivity and consistently exceeding your needs and expectations. We always aim to maintain and improve quality fundamentals.

To support our commitment to maintaining the best software, providing effective customer support, and innovative thought leadership in the field of API management, we:

  • Develop solid operational processes to ensure quality results are delivered every time.
  • Deliver systems that improve the performance of the business and our product.
  • Comply with the requirements of the ISO 9001 standard and satisfy any other applicable requirements, including legislation and contractual requirements.
  • Create products and solutions that fit our client’s needs and deliver real value to all interacting with them.
  • Set, monitor and periodically review objectives focused on improving our quality performance.


SOC 2 is a voluntary standard setting out strict information security requirements. It was initially developed by The AICPA (the American Institute of CPAs), and it is now an internationally recognised standard with one of the most diligent and rigorous audits.

The certification is issued by independent auditors who assess current systems and processes. These are audited against the Trust Services Criteria; Security, Availability, Processing Integrity, Confidentiality and Privacy.

The SOC2 auditing procedure ensures that service providers are securely managing data, protecting the interests of the organisation and the privacy of clients and customers at all times.

We are serious about security here at Tyk and are committed to ensuring that we handle customer data securely. We are continually assessing our internal compliance, IT, and information security measures to ensure the effectiveness and reliability of our products.

Tyk’s compliance with SOC2 demonstrates just that! Our compliance with keeping your information protected within our platform means that we have met the strict standards required with the SOC2 audit and certification process.


The Health Insurance Portability and Accountability Act (HIPAA) is a federal law which includes a series of regulatory standards relating to the lawful use and disclosure of protected health information (PHI) in the United States (US).

Organisations that process PHI, whether it be an organisation providing treatment, payment or healthcare operations, are subject to HIPAA rules and actions that have physical security measures in place, network security, and processes to ensure the protection of the PHI.

Tyk is in production with healthcare providers and public sector patient services across the globe. We understand that the healthcare industry is diverse and complex, and we want to help your business to innovate and grow continually.

For those of our customers subject to HIPAA, we understand your obligations and we share your commitment to the same, as enshrined in our global Business Associate Agreement. If you would like to understand more about this, and our commitment to HIPAA, please contact a member of our team who will be able to assist you.


The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard mandatory for merchants and service providers that process, transmit or store payment card data. This standard helps businesses to protect their customers’ card data from theft and fraud.

PCI compliance is not a one-off event – it’s a continuous assessment and remediation process. Tyk is part of PCI compliance for many clients and their services globally. If you have any questions, contact the team, who will be happy to help you understand your PCI requirements and how we can help.


Tyk is committed to conducting its business following all applicable data protection laws and regulations and in line with the highest standards of ethical conduct. We maintain a compliant Information Security Management System to mitigate the risks associated with the processing of personal data and consistently apply the data protection principles as outlined in the GDPR and DPA 2018.

You can read our GDPR commitment statement here.