SOC 2 Compliance

SOC 2 Compliance at
HireNext

HireNext is committed to SOC 2 compliance — demonstrating that our security, availability, confidentiality, and privacy controls meet the rigorous standards set by the American Institute of Certified Public Accountants (AICPA).

Last updated: February 20, 2026
SOC 2 Type II In Progress
1

What Is SOC 2?

SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates how a service organization manages customer data based on five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

There are two types of SOC 2 reports:

SOC 2 Type I

Evaluates whether controls are suitably designed at a specific point in time.

SOC 2 Type II ← HireNext

Evaluates whether controls are operating effectively over a period of time (typically 6–12 months). More rigorous and trusted.

2

Trust Service Criteria

HireNext's SOC 2 audit covers all five Trust Service Criteria:

Security (CC)Required

The system is protected against unauthorized access, use, or modification. This is the mandatory criteria for all SOC 2 audits.

Availability (A)Included

The system is available for operation and use as committed or agreed. Covers uptime, performance, and disaster recovery.

Confidentiality (C)Included

Information designated as confidential is protected as committed or agreed. Covers data classification and access controls.

Privacy (P)Included

Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.

Processing Integrity (PI)Included

System processing is complete, valid, accurate, timely, and authorized to meet the entity's objectives.

3

Security Controls

HireNext implements comprehensive security controls across all layers of our platform:

Encryption at Rest & Transit
AES-256 encryption for stored data; TLS 1.2+ for all data in transit.
Access Control
Role-based access control (RBAC), MFA enforcement, and least-privilege principles.
Vulnerability Management
Regular penetration testing, automated vulnerability scanning, and patch management.
Incident Response
Documented IR plan with defined roles, escalation paths, and post-incident reviews.
Change Management
Formal change control process for all production environment changes.
Vendor Risk Management
Third-party vendor security assessments and contractual security requirements.
Employee Security Training
Annual security awareness training and phishing simulation for all staff.
Monitoring & Logging
Centralized SIEM with 24/7 alerting for anomalous activity and security events.
4

Availability

HireNext maintains high availability through redundant infrastructure, automated failover, and proactive monitoring:

  • 99.9% Uptime SLA for all production services
  • Multi-region infrastructure with automatic failover
  • Daily automated backups with tested restoration procedures
  • Disaster Recovery Plan (DRP) with defined RTO and RPO targets
  • Real-time status page at status.hirenext.io
  • Scheduled maintenance windows communicated in advance
5

Confidentiality

HireNext treats all customer data as confidential and implements controls to ensure it remains protected:

  • Data classification policy with defined handling requirements per classification level
  • Strict access controls ensuring customer data is isolated and not accessible across tenants
  • Non-disclosure agreements (NDAs) with all employees and contractors
  • Secure data disposal procedures for decommissioned hardware and terminated accounts
  • Customer data is never used for training AI models without explicit consent
6

Privacy

HireNext's privacy controls align with both SOC 2 requirements and applicable privacy regulations including GDPR:

  • Privacy notice clearly communicates data collection, use, and retention practices
  • Consent mechanisms for marketing and non-essential data processing
  • Data subject request handling procedures with defined response timelines
  • Privacy impact assessments for new features involving personal data
  • Sub-processor management with contractual privacy obligations
7

Audit Scope & Timeline

HireNext is currently undergoing SOC 2 Type II audit. The audit covers our core platform infrastructure, data processing systems, and organizational controls.

AUDIT STATUS
SOC 2 Type ICompleted
SOC 2 Type II Observation PeriodIn Progress
SOC 2 Type II ReportQ3 2026

Enterprise customers may request access to our SOC 2 report under NDA. Contact security@hirenext.io.

8

Request SOC 2 Report

Enterprise customers and prospects can request access to our SOC 2 report. All requests are subject to NDA execution.

SOC 2 Report Request
security@hirenext.io
Security Questions
security@hirenext.io
Vendor Security Review
security@hirenext.io
Penetration Test Results
security@hirenext.io

Questions about our security posture?

Our security team is available to answer questions about SOC 2 compliance, controls, and audit status.

Contact Security Team