SOC 2 Compliance at
HireNext
HireNext is compliant with SOC 2, proving that our information security, availability, confidentiality, and privacy controls comply with applicable standards as set by American Institute of Certified Public Accountants (AICPA)
Table of Contents
What Is SOC 2?
SOC 2 (System and Organization Controls 2) is an auditing framework created by the Association of International Certified Professional Accountants (AICPA), which measures how well a service organization manages customer data, based on five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
There are two kinds of SOC 2 reports.
Checks if controls are effectively designed at a particular point in time
Measures whether controls are functioning effectively over time (normally 6–12 months). More rigorous and trusted.
Trust Service Criteria
HireNext’s SOC 2 audit covers all five Trust Service Criteria:
Protects against unauthorized access, use, or modification of the system. This is a mandatory requirement in all SOC 2 audits.
The system is ready to be operated and used as promised or contracted Includes uptime, performance, and disaster recovery
Confidential information is protected as committed or agreed. Focuses on data classification and access controls.
Personal information is collected, used, retained, disclosed, and disposed of in accordance with its privacy notice.
System processing is complete, valid, accurate, timely, and authorized to meet the system needs of the entity.
Security Controls
At HireNext, we implement defense-in-depth security controls across all layers of our platform:
Availability
HireNext ensures its high availability through redundant infrastructure, automatic failover, and its proactive monitoring:
- 99.9% Uptime SLA for all production services
- Multi-region infrastructure with automatic failover
- Daily automated backups with tested restoration procedures
- Disaster Recovery Plan (DRP) with clear RTO and RPO objectives
- Real-time status page at status.hirenext.io
- Scheduled maintenance windows communicated in advance
Confidentiality
At HireNext, we consider every single data containing customer information to be strictly confidential and have controls in place to ensure the security of your data:
- Data classification policy defining handling requirements for all classification types.
- Customer data is isolated with strict access controls, ensuring it is not accessible across tenants
- All employees and contractors are required to sign NDAs.
- Secure data disposal procedures for decommissioned hardware and terminated accounts.
- Customer data may only be used to train AI models with explicit consent.
Privacy
HireNext's privacy controls are compliant with both SOC 2 requirements and applicable privacy regulations, including GDPR.
- Privacy notice explicitly informs how data is collected, used and retained
- Implementing consent mechanisms for marketing and non-mandatory data processing
- Data Subject request handling process with defined timelines for response
- Privacy impact assessments for new features that handle personal data
- Manage sub-processors with privacy provisions in contracts
Audit Scope & Timeline
Currently, HireNext is undergoing a SOC 2 Type II audit. The audit covers our core platform infrastructure, data processing systems, and organizational controls.
If you are an enterprise customer who would like to see the SOC 2 report, we will share it with you under NDA. Contact [email protected]. [email protected].
Request SOC 2 Report
Enterprise customers and prospective customers may request access to our SOC 2 report. All requests are subject to NDA execution.
Questions about our security posture?
Our security team is here to address inquiries around SOC 2 compliance, controls, and audit status.
Contact Security Team