// Trust & Security Report

    HireVue, Inc. logo

    HireVue, Inc.

    AI-powered hiring platform: Skills Validation (Virtual Job Tryouts, assessments), Intelligent Interviewing (video interviewing, HV4), Talent Engagement, and Workflow Automation, delivered via the Video Intelligence Platform (VIP) and Text-to-Outcome (T2O) solutions

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    HireVue undergoes an annual SOC 2 Type 2 audit covering all Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

    Verify on hirevue.com
    SOC 3
    HELD

    SOC 3 report listed as an available trust document alongside SOC 2 Type 2 on the Hirevue Trust Center.

    Verify on trust.hirevue.com
    ISO/IEC 27001:2022
    HELD

    certified to ISO/IEC 27001:2022 for Information Security Management ... These certifications apply to both their VIP and T2O solutions.

    Verify on hirevue.com
    ISO/IEC 27701:2019 (Privacy Information Management)
    HELD

    ISO/IEC 27701:2019 for Privacy Information Management, with these certifications applying to both their VIP and T2O solutions.

    Verify on hirevue.com
    FedRAMP (Moderate)
    HELD

    FedRAMP—The only FedRAMP-authorised hiring solution for the public sector—ensuring the highest security and compliance standards.

    Verify on hirevue.com
    GDPR (posture / compliance summary)
    HELD

    GDPR Summary listed as a compliance document on the Hirevue Trust Center; Privacy Notice describes EU/UK data subject rights, international transfer mechanisms and lawful bases under GDPR.

    Verify on legal.hirevue.com
    EU-US Data Privacy Framework (incl. UK Extension, Swiss-US DPF)
    HELD

    EU-US DPF ... Swiss-US DPF ... UK Extension to EU-US DPF listed among Hirevue Trust Center certifications; Privacy Notice references the Data Privacy Framework for international transfers.

    Verify on trust.hirevue.com
    > Show 4 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA attestation or BAA program on the trust center, security page, or legal center. HireVue is a hiring/recruiting platform, not a healthcare product, so HIPAA is out of scope for its core service.

    source: trust.hirevue.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of a PCI DSS attestation on the trust center or security page; payment data collection (per the Privacy Notice) appears limited to billing and is not a core product function.

    source: trust.hirevue.com
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification on the trust center. HireVue instead documents AI governance via its own AI Ethical Principles and HV4/T2O Explainability Statements rather than a third-party AI management certification.

    source: legal.hirevue.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of a CSA STAR registry entry or CAIQ publication beyond an internal reference to "CAIQ" as a trust-center artifact; not independently confirmed as a published CSA STAR listing.

    source: trust.hirevue.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Not stated

    HireVue's assessment algorithms are built by HireVue data scientists and I/O psychologists using HireVue's own historical, validated assessment data on a per-role basis (per the AI Ethical Principles document), not generic web-scraped or third-party data. It is not explicitly and publicly documented on the trust center or privacy pages whether an individual customer's ongoing candidate interview data is fed back into training future models, so this is recorded as unconfirmed rather than assumed. Candidates are given notice that AI is used and can opt out in favor of 100% human review, per HireVue's public AI Explainability Statement materials.

    // Security controls

    SOC 2 Type 2 audit scope

    Annual SOC 2 Type 2 audit covering Security, Availability, Processing Integrity, Confidentiality, and Privacy Trust Services Criteria.

    hirevue.com

    Cloud infrastructure

    Hosted on Amazon Web Services (AWS); specific region/residency detail not published in captured pages.

    trust.hirevue.com

    Federal authorization

    FedRAMP Moderate authorization (Class C), first granted 5/10/2019, with ongoing Continuous Monitoring; listed on the official FedRAMP Marketplace.

    fedramp.gov

    Legal / contractual security artifacts

    Master Services Agreement, Data Processing Addendum, Warrant Canary, Approved Subprocessors list, and an Information Security Trust Portal are all published in HireVue's Legal Center.

    legal.hirevue.com

    AI governance documentation

    Publishes AI Ethical Principles and per-product (HV4, T2O) Explainability Statements describing model development, bias testing, and candidate opt-out to human review.

    legal.hirevue.com

    // Products & data scope

    Skills Validation (Virtual Job Tryouts / assessments)Pre-hire assessment

    data: Candidate assessment responses, game-based task performance, demographic data used for adverse-impact/bias testing.

    Per-role, purpose-built scoring models developed by HireVue's I/O psychology and data science teams; falls under HV4/T2O Explainability Statements.

    Intelligent Interviewing (Video Interviewing, HV4)Video interview platform

    data: Candidate video/audio recordings, interview responses, AI-assisted scoring metadata.

    Candidates receive notice of AI use and may opt for 100% human review instead of AI scoring, per HireVue's AI Explainability Statement.

    Talent EngagementCandidate communication automation

    data: Candidate contact and engagement/communication data.

    24/7 automated candidate engagement; lower sensitivity data scope than assessment/video products.

    Workflow Automation / SchedulingRecruiting operations

    data: Scheduling, calendar, and ATS-integration data (identity/contact data, not assessment content).

    Integrates with customer ATS systems; described as reducing manual recruiter workflow.

    // What to watch

    • Do not conflate with HireRight (a separate background-check company with a similarly named trust center); this assessment is scoped strictly to hirevue.com / HireVue, Inc.
    • Whether an individual customer's candidate/interview data is used to retrain HireVue's AI models over time is not explicitly and publicly stated; recorded as unconfirmed (null) rather than assumed either way.
    • The trust center's own wording 'FedRAMP Certified Class C' is nonstandard trust-center phrasing; the FedRAMP.gov Marketplace registry independently confirms Moderate-impact authorization, so the underlying claim is verified even though the vendor's label is unusual.
    • CSA STAR / CAIQ appears only as a document label on the trust center portal; could not independently confirm a published CSA STAR Registry listing, so graded held=false pending stronger evidence.

    // At a glance

    Pricing model

    Enterprise B2B contract/subscription (custom quote via demo request); no self-serve public pricing published.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on HireVue, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.hirevue.com

    > Browse all vendor trust reports