Digital interviewing is one of the hottest technologies on the market today, and is gaining rapid adoption across large enterprises where security is of the utmost importance. With the threat to open information and access on the cloud, candidates and company executives are skeptical about how proprietary information is handled, stored, and distributed to authorized collaborators. At HireVue we work with risk, security, legal and compliance executives at large organizations with some of the most stringent security measures in place. We secure the data captured in their digital interviews and enable functionality without putting candidate information in jeopardy. But it’s not easy.
There are a LOT of reasons why digital interviews must be secure. No candidate would want one of their interview answers accumulating views on YouTube. No employer would want problem-specific interview questions getting out in advance. All organizations care about data privacy and leaks of personal data. Even more important, you want to know that in the event of a disaster, your business can still operate.
So how can you know if your digital interviews are adequately protected? Here are 5 things to consider as you (or your IT security team) evaluate whether a digital interview solution meets common industry security requirements:
1- Does the service provider have an effective security policy?
An effective security policy includes established guidelines, formally assigned personnel, practiced procedures, technical and physical fortifications and ample contingency plans. All of this should be documented in summary form and available to you as part of the initial evaluation process.
2- Who can access an interview?
Data in the form of video and audio files, personal information, interview reviewer comments and scores should only be available to individuals on a “need-to-know” basis. A secure service will support roles such as admin or supervisor that can limit who can create other accounts and grant access to interviews. Specific access roles like evaluator, reviewer or candidate will limit access to only that content which is necessary for them to do their part of the interview.
3- How is my data protected?
Data should be protected anywhere in the cloud. This includes data in the database on the server, data as it transits from cloud server through the network to the user, at the user device and back to the server. Protections at multiple levels are required with defensive precautions like intrusion detection and virus protection at the perimeter and encryption of content while on the server and in transit to the user device. With video, additional protection can be imposed at the player level—video will only play on using an authentic player that is authorized for a specific interview video over a specific port or channel.
4- Where is the data hosted?
The range of service providers’ hosting facilities can run from a Linux box in the basement to enterprise-class multiple IT fortresses with a global footprint. Things to consider include physical access protections, redundant power and network connections, processing horsepower and, of course, backup and failover systems. Hosting providers will often adhere to industry-established IT service management practices and prove compliance to third party auditors. Verification is often available in the form of a SAS 70 (Statement on Auditing Standards) or SOC 1 (Service Organization Controls) report from an independent auditor.
5- What if a disaster happens?
If a natural or manmade disaster occurs, plans should be in place to restore service as soon as possible. A good disaster recovery or business continuity plan will outline multiple contingencies and detail restoration procedures, alternate locations, backup personnel, communication activities and assess business impact for each. Disaster recovery and business continuity plans should be tested at least annually with verification reports available to current and potential customers.
At HireVue we ensure that strict measures are in place to secure candidate and company information. Just because a digital solution makes your life easier, it doesn’t mean that it is more secure. We work closely with you to make secure information a reality, with each interview captured with our technology.