Security at Criteria

The security of our clients, our candidates, and our tests is a top priority at Criteria. To ensure this, we focus on maintaining and investing in the latest advancements in secure technology. We aim to make the Criteria platform as secure as possible – without sacrificing performance or detracting from the user experience.  

lock and data cloud

Compliance and Certifications

Criteria is ISO27001:2013 certified and compliant with:


European Union General Data Protection Regulations 


California Consumer Privacy Act 


Australian Privacy Principles 


Australian Mandatory Breach Notification Scheme 

ISO Certification

Criteria is ISO27001:2013 certified as of December 6, 2021. Certification applies to our Los Angeles and Brisbane offices: 
Criteria Corp. (Los Angeles) 
750 N. San Vicente Blvd. Suite 1500 E. Tower, West Hollywood, CA 90069 
Criteria Corp. (Brisbane) 
Level 18, 333 Ann Street, Brisbane, QLD 4000

Comprehensive Information Security  

To provide our customers with the level of security they expect, we have adopted ISO27001 as our information security management system. With this system in place, you can trust that we will protect your data with the utmost security.  

End-to-End Security

The Criteria platform is hosted entirely on Amazon Web Services (AWS), which boasts robust built-in privacy features and provides end-to-end security. To learn more about AWS security and its features, head to AWS is certified SOC 2 Type 2, meaning that they are regularly audited and tested to meet these high security standards.

Criteria customer data is hosted by AWS in secure data centers around the globe. AWS maintains an impressive number of reports, certifications, and third-party assessments to preserve their state-of-the-art data center security.

aws cloud

Data Security

Your data is housed in tightly-controlled data centers around the world, leveraging both technological security and physical controls to prevent unauthorized access and keep your information safe and secure at all times.  


Application Security

The Criteria data ecosystem is continuously monitored to maintain a high standard of security, availability, and performance that you can rely on. We have automated security testing and use third party penetration testing to stay ahead of potential threats to your data.  

All data at Criteria is encrypted at rest using AES-256 encryption.  

orange check

Encryption at Rest

blue check

Two-factor Authentication

grey check

Single Sign-On (SSO)

Technology You Can Trust  

We are committed to modern technology, and are always seeking to match the latest and greatest advancements in tech. This commitment allows our platform to be highly scalable, stable, and secure. 



The cloud-based nature of our platform makes it possible to increase platform capacity as needed. We employ auto-scaling best practices along with significant investment in serverless technologies to remain on the bleeding edge. This elastic expansion ensures that our servers will never hit capacity and can scale to meet ever-increasing demand. 

Since our infrastructure expands dynamically as needed, we are able to support your data needs, regardless of their size or complexity.



The Criteria platform is highly scalable in a highly secure way. We utilize end-to-end encryption, where information is encrypted both at rest and in transit to ensure its protection.  

Our infinite scalability enables our stability. Since our infrastructure dynamically updates and scales to meet demand, our application is reliable and redundant under stress, meaning that it won’t crash or fail to meet your needs.  



We take security seriously. Our stability, scalability, and commitment to implementing cutting edge security practices protect your data. Along with our vast technical controls, every Criteria employee is trained and held to the same rigorous security practices to prevent data breaches and keep your information safe.  

Criteria is GDPR, CCPA, and APP compliant, adhering to and enhancing consumer protection and privacy rights around the world.  

Read Criteria’s full Data Processing Addendum to learn how we process and handle your data.  

Test Security  

Our commitment to security extends beyond how we maintain our platform – we keep our tests just as secure. We use dynamic testing to mitigate the risk of cheating, employ adaptive testing techniques, and can flag inconsistencies in responses.  

Visit Criteria’s Test Security page to learn more.  

score report

Get Started for Free!

Test drive our user-friendly assessment platform Start a Free Trial

Questions about Criteria’s security practices or compliance?  

Information is a top priority at Criteria throughout our entire platform. If you have any questions about our practices, you can review our Cybersecurity FAQs, or contact us directly. 

If you believe you have found a vulnerability or another security concern, send an email to