Security and Compliance

The security of our clients, our candidates, and our tests is a top priority at Criteria. Learn why more than 4,500 organizations trust Criteria to help them maximize their talent success.

lock and data cloud

Trust Center

shield icon

Information Security

We protect your data through an in-depth cybersecurity strategy.

Learn More

compliance icon

Compliance

Criteria is ISO27001:2013 certified and compliant with all major global regulations.

Learn More

privacy icon

Privacy

Criteria is committed to customer and candidate privacy. 

Learn More

legal icon

Legal

Fairness and transparency are core to how we conduct business with our customers. 

Learn More


Information Security

The security of our clients, our candidates, and our tests is a top priority at Criteria. To ensure this, we focus on maintaining and investing in the latest advancements in secure technology. We aim to make the Criteria platform as secure as possible – without sacrificing performance or detracting from the user experience.

Our security program is based on resiliency and limited trust principles. In other words, we: 

  • Use federated services for managing user access and rights 
  • Use a Secure Software Development Life Cycle (SDLC) aligned with OWASP and usage of DAST and SAST for our code reviews 
  • Don’t allow BYOD (bring your own device) 
  • Conduct a comprehensive staff security training program.  

To provide our customers with the level of security they expect, we have adopted ISO27001:2013 as our information security management system. With this system in place, you can trust that we will protect your data with the utmost security, above and beyond a compliance initiative.  
 

End-to-End Security

The Criteria platform is hosted entirely on Amazon Web Services (AWS), which boasts robust built-in privacy features and provides end-to-end security. To learn more about AWS security and its features, head to https://aws.amazon.com/security/. AWS is certified SOC 2 Type 2, meaning that they are regularly audited and tested to meet these high security standards.

Criteria customer data is hosted by AWS in secure data centers around the globe. AWS maintains an impressive number of reports, certifications, and third-party assessments to preserve their state-of-the-art data center security.  

aws cloud

Data Security

Your data is housed in tightly-controlled data centers around the world, leveraging both technological security and physical controls to prevent unauthorized access and keep your information safe and secure at all times.  
 

Application Security

The Criteria data ecosystem is continuously monitored to maintain a high standard of security, availability, and performance that you can rely on. We have automated security testing and use third party penetration testing to stay ahead of potential threats to your data.  

All data at Criteria is encrypted at rest using AES-256 encryption and the latest TLS encryption for data in flight. 

orange check

Encryption at Rest

blue check

Two-factor Authentication

grey check

Single Sign-On (SSO)

Technology You Can Trust  

We are committed to modern technology, and are always seeking to match the latest and greatest advancements in tech. This commitment allows Criteria’s platform to be highly scalable, stable, and secure.
 

Scalability 

The cloud-based nature of our platform makes it possible to increase platform capacity as needed. We employ auto-scaling best practices along with significant investment in serverless technologies to remain on the bleeding edge. This elastic expansion ensures that our servers will never hit capacity and can scale to meet ever-increasing demand.  

Since our infrastructure expands dynamically as needed, we are able to support your data needs, regardless of their size or complexity.
 

Image
chart


Stability 

The Criteria platform is highly scalable in a highly secure way. We utilize end-to-end encryption, where information is encrypted both at rest and in transit to ensure its protection.  

Our infinite scalability enables our stability. Since our infrastructure dynamically updates and scales to meet demand, our application is reliable and redundant under stress, meaning that it won’t crash or fail to meet your needs.  
 

Security  

We take security seriously. Our stability, scalability, and commitment to implementing cutting edge security practices protect your data. Along with our vast technical controls, every Criteria employee is trained and held to the same rigorous security practices to prevent data breaches and keep your information safe.  

Test Security  

Our commitment to security extends beyond how we maintain our platform – we keep our tests just as secure. We use dynamic testing to mitigate the risk of cheating, employ adaptive testing techniques, and can flag inconsistencies in responses.  

Visit Criteria’s Test Security page to learn more.  

score report


Need more information?

If you'd like to see more detailed information, believe you have found a vulnerability, or have any other security concern, please reach out to us at security@criteriacorp.com.
 

Compliance


Criteria is compliant with the following regulations:

gdpr

European Union General Data Protection Regulations 

ccpa

California Consumer Privacy Act 

app

Australian Privacy Principles 

ambns

Australian Mandatory Breach Notification Scheme 

Read Criteria’s full Data Processing Addendum to learn how we process and handle your data.  

iso
ISO Certification

Criteria is ISO27001:2013 certified as of December 6, 2021. Certification applies to our Los Angeles and Brisbane offices: 

Criteria Corp. (Los Angeles) 
750 N. San Vicente Blvd. Suite 1500 E. Tower, West Hollywood, CA 90069 
Criteria Corp. (Brisbane) 
Level 18, 333 Ann Street, Brisbane, QLD 4000

View Criteria's ISO Certificate for more information. 

Privacy 

Criteria embraces privacy from the ground up by building our products to adhere to design principles that better enable us to protect your data. Our approach to personally identifiable information is to collect only the minimal amount to provide our service.

We implement the following privacy principles 

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

You can read our privacy policy here.

Get Started for Free!

Test drive our user-friendly assessment platform Start a Free Trial