MeVitae

CV and Résumé Parsing

Helping organisations hire smarter, faster and fairer, by mitigating unconscious and algorithmic bias. MeVitae's most accurate parsing solution (integrates into Application Tracking Systems) to extract all candidate information, in real-time, to streamline HR processes and save time

Features

• Parsing of candidate CVs within 20+ ATS’
• Parses the extracted information into structured data fields
• Parsing of any document format including PDF, Docx, PNG, JPEG
• Real-time parsing within the ATS for seamlessness and simplicity
• Bias-mitigated parsing audited through an ICO approved framework
• Maps work experience details to appropriate fields

Benefits

• Integrates seamlessly with 20+ existing ATS
• Countless hours saved analysing candidate CVs
• Parsed content allowing for searching and filtering of candidates
• Minimizes errors and inaccuracies associated with manual data entry
• Speeds up the recruitment process by quickly capturing candidate information
• Scales to handle large volumes of resumes/CVs efficiently
• understand the context of information for better accuracy

£7,540 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at riham.satti@mevitae.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

179936931313859

Contact

Riham Satti
07796533839
riham.satti@mevitae.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: MeVitae is a third-party integration for over 20 Applicant Tracking and File Share Systems such as:; ; · Oracle Taleo Enterprise; ; · Oracle Taleo Business Edition; ; · Oracle Recruiting Cloud; ; · SmartRecruiters; ; · SAP Success Factors; ; · iCIMS; ; · Greenhouse; ; · Lever; ; · JazzHR; ; · Employ; ; · SharePoint; ; · Dropbox
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Internet connection
  • License to use MeVitae's software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During weekdays, MeVitae gets back within the same day on 95% of queries and within 24 hours on 100% of queries. On weekends MeVitae will respond within 36 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Pricing: 30% of contract value; - Dedicated support email to connect you to the Customer Success team. ​; - Support tracking to ensure that our SLA's are met. ​; - Online error management guides for your recruiters to handle troubleshooting and log feature requests. ​; - Customisation support if a change in redaction/additional redaction parameters are added. ​; - Additional training session a year for your recruiters and hiring managers.​
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The MeVitae team will integrate our services into client's ATS or will provide an API key.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can request to have their data extracted from the system via their account manager during and at the end of their contract.
• End-of-contract process: Access to the account will be removed

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: An API token is provided by the MeVitae Account Manager. ; ; API tokens can be renewed and managed via the MeVitae Dashboard.; ; The API is used to send documents and retrieve structured parsed content. Parsing configuration can be changed via the API as detailed in the API documentation.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: MeVitae hosts all of its web applications with horizontal autoscaling. This is enabled to ensure that increases in response time or CPU usage causes additional machines to be deployed in order to lessen the demand.; ; MeVitae does over 90% of its process with Kubernetes clusters, a new Kubernetes workload is independently assigned for every new candidate document. This means that users are not affected by each other.

Analytics

• Service usage metrics: Yes
• Metrics types: · Usage and volume metrics including number of documents and jobs processed; · Failure logs
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: MeVitae’s metric information can be exported via a CSV and PDF within the MeVitae Dashboard. The users’ Applicant Tracking System will be the platform for data export and import, for example, creation of jobs and candidates for MeVitae to import via the Applicant Tracking System API for parsing.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: MeVitae offers 99.74% availability of systems and conducts regular service reviews quarterly. Maintenance windows carried out on Sundays.
• Approach to resilience: MeVitae data centres are all within Europe and are hosted with CSA CCM v3.0.1 Level 2 and ISO/IEC 27001:2017 providers. MeVitae encrypts all data at rest with AES-256 and all data in transit with TLS 1.2.
• Outage reporting: Service reports outages shared via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: MeVitae restricts access via authenticating the user role on every operation using Azure B2C/Microsoft Entra, Identity Server 4, Open ID connect and OAuth 2.0.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 8/09/21
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 scope covers 'HR tech services aimed at mitigating biases within Application Tracking Systems for the recruitment; sector Worldwide'. Therefore of all MeVitae's services are covered under this certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MeVitae follows its Information Security Policy to ensure to protect the information assets that MeVitae handles, stores, exchanges, processes and has access to, and to ensure the ongoing maintenance of MeVitae’s confidentiality, integrity and availability.; ; MeVitae’s Information Security Policy contains sub-policies such as a Cryptographic Controls Policy for things such as encrypting data at rest and password requirements as well as a Protection of Personal Information Policy to ensure MeVitae meets data protection requirements. MeVitae’s Information Security Policy and sub-policies are available upon request.; ; MeVitae maintains the implementation of its security policies and processes through regular internal audits. Audit reports are produced from internal audits and findings are discussed at MeVitae’s monthly management reviews.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: MeVitae manages changes through its Change Control Procedure. Changes concerning infrastructure or personal data must go through MeVitae’s risk assessment procedure to identify the risk score, calculated from the value of the asset and consequences in relation to loss of confidentiality, integrity and availability. MeVitae applies control measures to every risk identified and determines if the risk is contained or not. Once risk assessments have been CTO must sign off before implementation.; ; MeVitae service components are continually monitored through a cloud security information and event management tool to alert MeVitae of any changes concerning security or health
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: MeVitae gets information about potential threats to its services through automated Azure cloud vulnerability scanners, quarterly internal penetration tests using Zed Attack Proxy and annual external penetration tests from CREST approved providers.; ; MeVitae assesses threats using the Open Web Application Security Project specification.; ; MeVitae applies security patches within 24 hours of identifying and assessing a threat
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: MeVitae monitors all service activity centrally within a security information and event management tool (Microsoft Sentinel). MeVitae will be notified immediately from Microsoft Sentinel of any comprises, malicious activity or intrusion detected.; ; In the case of a security incident MeVitae follows its Security Incident Management Procedure as well contractual obligations with customers for notifying parties (e.g., customers and law organisations) within 1 hour of incidents. Response and containment actions are taken by MeVitae immediately
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report security incidents to MeVitae via phone or email to their customer success manager. MeVitae also uses a security information and event management tool (Microsoft Sentinel) and intrusion detection system to detect security incidents in real-time.; ; MeVitae follows its Security Incident Management Procedure for all security incidents which outlines steps for containment, necessary authorities to contact and lessons learnt reviews.; ; MeVitae will notify customers of security incidents within 1 hour and provide incident reports within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Bias-mitigated parsing audited through an ICO approved framework, ensuring equal accuracy across diverse groups.; ; https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/4018998/mevitae-artificial-intelligence-ai-executive-summary-v1_0.pdf

Pricing

• Price: £7,540 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Up to 10 documents parsing via Sharepoint or Dropbox

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at riham.satti@mevitae.com. Tell them what format you need. It will help if you say what assistive technology you use.