// Trust & Security Report
HireVue, Inc.
AI-powered hiring platform: Skills Validation (Virtual Job Tryouts, assessments), Intelligent Interviewing (video interviewing, HV4), Talent Engagement, and Workflow Automation, delivered via the Video Intelligence Platform (VIP) and Text-to-Outcome (T2O) solutions
Certifications held
7
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on hirevue.com“HireVue undergoes an annual SOC 2 Type 2 audit covering all Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.”
Verify on trust.hirevue.com“SOC 3 report listed as an available trust document alongside SOC 2 Type 2 on the Hirevue Trust Center.”
Verify on hirevue.com“certified to ISO/IEC 27001:2022 for Information Security Management ... These certifications apply to both their VIP and T2O solutions.”
Verify on hirevue.com“ISO/IEC 27701:2019 for Privacy Information Management, with these certifications applying to both their VIP and T2O solutions.”
Verify on hirevue.com“FedRAMP—The only FedRAMP-authorised hiring solution for the public sector—ensuring the highest security and compliance standards.”
Verify on legal.hirevue.com“GDPR Summary listed as a compliance document on the Hirevue Trust Center; Privacy Notice describes EU/UK data subject rights, international transfer mechanisms and lawful bases under GDPR.”
Verify on trust.hirevue.com“EU-US DPF ... Swiss-US DPF ... UK Extension to EU-US DPF listed among Hirevue Trust Center certifications; Privacy Notice references the Data Privacy Framework for international transfers.”
> Show 4 unconfirmed / not-held certifications
source: trust.hirevue.comNo public evidence of a HIPAA attestation or BAA program on the trust center, security page, or legal center. HireVue is a hiring/recruiting platform, not a healthcare product, so HIPAA is out of scope for its core service.
source: trust.hirevue.comNo public evidence of a PCI DSS attestation on the trust center or security page; payment data collection (per the Privacy Notice) appears limited to billing and is not a core product function.
source: legal.hirevue.comNo public evidence of ISO/IEC 42001 certification on the trust center. HireVue instead documents AI governance via its own AI Ethical Principles and HV4/T2O Explainability Statements rather than a third-party AI management certification.
source: trust.hirevue.comNo public evidence of a CSA STAR registry entry or CAIQ publication beyond an internal reference to "CAIQ" as a trust-center artifact; not independently confirmed as a published CSA STAR listing.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Not stated
HireVue's assessment algorithms are built by HireVue data scientists and I/O psychologists using HireVue's own historical, validated assessment data on a per-role basis (per the AI Ethical Principles document), not generic web-scraped or third-party data. It is not explicitly and publicly documented on the trust center or privacy pages whether an individual customer's ongoing candidate interview data is fed back into training future models, so this is recorded as unconfirmed rather than assumed. Candidates are given notice that AI is used and can opt out in favor of 100% human review, per HireVue's public AI Explainability Statement materials.
// Security controls
SOC 2 Type 2 audit scope
Annual SOC 2 Type 2 audit covering Security, Availability, Processing Integrity, Confidentiality, and Privacy Trust Services Criteria.
hirevue.comCloud infrastructure
Hosted on Amazon Web Services (AWS); specific region/residency detail not published in captured pages.
trust.hirevue.comFederal authorization
FedRAMP Moderate authorization (Class C), first granted 5/10/2019, with ongoing Continuous Monitoring; listed on the official FedRAMP Marketplace.
fedramp.govLegal / contractual security artifacts
Master Services Agreement, Data Processing Addendum, Warrant Canary, Approved Subprocessors list, and an Information Security Trust Portal are all published in HireVue's Legal Center.
legal.hirevue.comAI governance documentation
Publishes AI Ethical Principles and per-product (HV4, T2O) Explainability Statements describing model development, bias testing, and candidate opt-out to human review.
legal.hirevue.com// Products & data scope
data: Candidate assessment responses, game-based task performance, demographic data used for adverse-impact/bias testing.
Per-role, purpose-built scoring models developed by HireVue's I/O psychology and data science teams; falls under HV4/T2O Explainability Statements.
data: Candidate video/audio recordings, interview responses, AI-assisted scoring metadata.
Candidates receive notice of AI use and may opt for 100% human review instead of AI scoring, per HireVue's AI Explainability Statement.
data: Candidate contact and engagement/communication data.
24/7 automated candidate engagement; lower sensitivity data scope than assessment/video products.
data: Scheduling, calendar, and ATS-integration data (identity/contact data, not assessment content).
Integrates with customer ATS systems; described as reducing manual recruiter workflow.
// What to watch
- Do not conflate with HireRight (a separate background-check company with a similarly named trust center); this assessment is scoped strictly to hirevue.com / HireVue, Inc.
- Whether an individual customer's candidate/interview data is used to retrain HireVue's AI models over time is not explicitly and publicly stated; recorded as unconfirmed (null) rather than assumed either way.
- The trust center's own wording 'FedRAMP Certified Class C' is nonstandard trust-center phrasing; the FedRAMP.gov Marketplace registry independently confirms Moderate-impact authorization, so the underlying claim is verified even though the vendor's label is unusual.
- CSA STAR / CAIQ appears only as a document label on the trust center portal; could not independently confirm a published CSA STAR Registry listing, so graded held=false pending stronger evidence.
// At a glance
Pricing model
Enterprise B2B contract/subscription (custom quote via demo request); no self-serve public pricing published.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on HireVue, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.hirevue.com