MeVitae

Blind Recruiting

Helping organisations hire smarter, faster and fairer, by mitigating unconscious and algorithmic bias. MeVitae’s offers a set of tools that plug directly into 20+ Application Tracking Systems and Human Capital Management Systems. Screen applicants without bias - automated document redaction.

Features

• Blind/anonymised redaction of candidate CVs/cover letters within 20+ ATS’
• Redaction of 20+ parameters including gender, ethnicity and university name
• Redaction of any document format, including PDF, Docx, PNG, JPEG
• Redaction of any documents whilst retaining its initial format
• Customisable level of redaction by requisition, geography or even department
• Redaction customisation by hiring process/permissions
• Real-time redaction within the ATS for seamlessness and simplicity

Benefits

• 95+% redaction accuracy while retaining document format
• Leading blind-recruiting solution, processing 600 documents in 6 seconds
• Demonstrated an 30% increase in gender and ethnicity diversity
• Reduces cognitive and algorithmic biases in hiring process
• A seamless 20+ ATS integration for fast adoption
• Demonstrated doubling of talent pool/increased diversity of applicant
• Demonstrated higher quality of candidates throughout the hiring process

£8,450 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at riham.satti@mevitae.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

277886570357501

Contact

Riham Satti
07796533839
riham.satti@mevitae.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: MeVitae is a third-party integration for 20+ Applicant Tracking and File Share Systems such as:; ; · Oracle Taleo Enterprise; ; · Oracle Taleo Business Edition; ; · Oracle Recruiting Cloud; ; · SmartRecruiters; ; · SAP Success Factors; ; · iCIMS; ; · Greenhouse; ; · Lever; ; · JazzHR; ; · Employ; ; · SharePoint; ; · Dropbox; ; · TeamTailor
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Internet connection
  • License to use MeVitae's software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During weekdays, MeVitae gets back within the same day on 95% of queries and within 24 hours on 100% of queries. On weekends MeVitae will respond within 36 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Pricing: 30% of contract value; - Dedicated support email to connect you to the Customer Success team. ​; - Support tracking to ensure that our SLA's are met. ​; - Online error management guides for your recruiters to handle troubleshooting and log feature requests. ​; - Customisation support if a change in redaction/additional redaction parameters are added. ​; - Additional training session a year for your recruiters and hiring managers.​
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The MeVitae team will integrate our services into client's ATS (implementation phase). ; ; Different digital user training sessions and cognitive bias training is offered. All training sessions are recorded, and recordings are provided to users along with comprehensive resource packs on how to use MeVitae.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can request to have their data extracted from the system via their account manager during and at the end of their contract.
• End-of-contract process: Access to the account will be removed

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: An API token is provided by the MeVitae Account Manager. API tokens can be renewed and managed via the MeVitae Dashboard. ; ; The API is used to send documents and retrieve redacted PDF documents. Redaction configuration can be changed via the API as detailed in the API documentation.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: MeVitae is highly customisable via the MeVitae dashboard and/or ATS. These include:; • Level of redaction (20+ parameters) to choose from including gender, ethnicity, university name and more; • Hiring stages that blind recruiting is run on ; • Hiring stages to reverse redaction for interviews; • Redaction timings; • Naming conventions for redacted candidates; • Redaction by geography, department or even requisition

Scaling

• Independence of resources: MeVitae hosts all of its web applications with horizontal autoscaling. This is enabled to ensure that increases in response time or CPU usage causes additional machines to be deployed in order to lessen the demand.; ; MeVitae does over 90% of its process with Kubernetes clusters, a new Kubernetes workload is independently assigned for every new candidate document. This means that users are not affected by each other.

Analytics

• Service usage metrics: Yes
• Metrics types: · Usage and volume metrics including number of documents and jobs processed; · Failure logs
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: MeVitae’s metric information can be exported via a CSV and PDF within the MeVitae Dashboard. The users’ Applicant Tracking System will be the platform for data export and import, for example, creation of jobs and candidates for MeVitae to import via the Applicant Tracking System API for redaction.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: MeVitae offers 99.74% availability of systems and conducts regular service reviews quarterly. Maintenance windows carried out on Sundays.
• Approach to resilience: MeVitae data centres are all within Europe and are hosted with CSA CCM v3.0.1 Level 2 and ISO/IEC 27001:2017 providers. MeVitae encrypts all data at rest with AES-256 and all data in transit with TLS 1.2.
• Outage reporting: Service reports outages shared via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: MeVitae restricts access via authenticating the user role on every operation using Azure B2C/Microsoft Entra, Identity Server 4, Open ID connect and OAuth 2.0.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 8/09/21
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 scope covers 'HR tech services aimed at mitigating biases within Application Tracking Systems for the recruitment; sector Worldwide'. Therefore of all MeVitae's services are covered under this certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MeVitae follows its Information Security Policy to ensure to protect the information assets that MeVitae handles, stores, exchanges, processes and has access to, and to ensure the ongoing maintenance of MeVitae’s confidentiality, integrity and availability.; ; MeVitae’s Information Security Policy contains sub-policies such as a Cryptographic Controls Policy for things such as encrypting data at rest and password requirements as well as a Protection of Personal Information Policy to ensure MeVitae meets data protection requirements. MeVitae’s Information Security Policy and sub-policies are available upon request.; ; MeVitae maintains the implementation of its security policies and processes through regular internal audits. Audit reports are produced from internal audits and findings are discussed at MeVitae’s monthly management reviews.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: MeVitae manages changes through its Change Control Procedure. Changes concerning infrastructure or personal data must go through MeVitae’s risk assessment procedure to identify the risk score, calculated from the value of the asset and consequences in relation to loss of confidentiality, integrity and availability. MeVitae applies control measures to every risk identified and determines if the risk is contained or not. Once risk assessments have been CTO must sign off before implementation.; ; MeVitae service components are continually monitored through a cloud security information and event management tool to alert MeVitae of any changes concerning security or health
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: MeVitae gets information about potential threats to its services through automated Azure cloud vulnerability scanners, quarterly internal penetration tests using Zed Attack Proxy and annual external penetration tests from CREST approved providers.; ; MeVitae assesses threats using the Open Web Application Security Project specification.; ; MeVitae applies security patches within 24 hours of identifying and assessing a threat
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: MeVitae monitors all service activity centrally within a security information and event management tool (Microsoft Sentinel). MeVitae will be notified immediately from Microsoft Sentinel of any comprises, malicious activity or intrusion detected.; ; In the case of a security incident MeVitae follows its Security Incident Management Procedure as well contractual obligations with customers for notifying parties (e.g., customers and law organisations) within 1 hour of incidents. Response and containment actions are taken by MeVitae immediately
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report security incidents to MeVitae via phone or email to their customer success manager. MeVitae also uses a security information and event management tool (Microsoft Sentinel) and intrusion detection system to detect security incidents in real-time.; ; MeVitae follows its Security Incident Management Procedure for all security incidents which outlines steps for containment, necessary authorities to contact and lessons learnt reviews.; ; MeVitae will notify customers of security incidents within 1 hour and provide incident reports within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MeVitae’s algorithms will run concurrently designed for maximum resource utilisation and efficiency and all computing will run on a ‘clean’ cloud (Google Cloud and Microsoft Azure) via renewable and sustainable energy. ; ; MeVitae are committed to combating carbon footprint, every member of staff works virtually (i.e working from home) which means no travel to a place of work (office) and no requirement for a residence of work. ; ; Each potential and current customer communications are virtual, allowing the user to experience the landscapes and culture without leaving the office or home. This training does not need to be undertaken in a specific place as the testing and results will be available online. There are environmental impacts on the saving fuel and energy.

  Covid-19 recovery

  MeVitae directly impacts the nation's Covid-19 recovery by dramatically increasing the chances of a person’s employment prospects by structuring how the person is depicted via their CV for a business's hiring workflow, which includes mitigating certain biases for recruiters and hiring managers alike, thus increasing the number of candidates who may be struggling to get back into employment after the Covid-19 pandemic. ; ; Covid-19 triggered a vast amount of remote working and unfortunately, redundancies. MeVitae encourages employers to not focus on time out of work, but the applicant's skill set and knowledge for the role in question. ; ; Including virtual meetings to protect those who may be currently shielding or self-isolating, allowing employees to join meetings anywhere in the world to reduce the chance of infection to others in the workspace. No in person demonstrations of MeVitae, reducing large gatherings in a confined environment and mitigating the spread of infection. Virtual meetings allow home working which reduces mental stress when dealing with or recovering from Covid-19 and allows companies to get back up to speed safely.

  Tackling economic inequality

  MeVitae are on a mission to combat global economic inequality. This equates to, diversity, engagement and retention of staff, enhancing a company's reputation and standing in the local community. Allowing early entrepreneurship, employee development within the company and bringing in new skills and mindsets, fresh out of education and education development whilst growing with the company. Ensuring no matter what background everyone gets the same unbiased and fair treatment throughout the hiring process. ; ; Education, positive outcomes we will see through diversification of the workforce to larger initiatives, e.g. encouraging more diverse candidates to STEM careers forming a pipeline for future diverse executives and leaders.

  Equal opportunity

  MeVitae pledges to help businesses recognise equal opportunity across all sectors. MeVitae strongly believes that everyone, regardless of gender, age, background, religion, disability and sexual orientation has the right to apply and be recognised as a fit for the role they apply for. Ensuring current employees have the same fair and unbiased recognition when applying for internal positions to further their education and career knowledge as this aligns with MeVitae values outlined in modern slavery statement ; ; To combat cognitive and algorithmic bias throughout the hiring process, educate what is and why humans all have bias hardwired into our brains, to help create a diverse workforce and culture within businesses across the globe and to provide an easy and fair solution to coincide with the businesses hiring structure. The MeVitae solution plugs into the hiring pipeline at the very start, this allows the applicants CV to only show certain information to the hiring team so no bias can take place with regards to name, gender etc.

  Wellbeing

  Businesses can strengthen their bottom line through cost reduction, whilst seeing significant improvements in staff and skills retention. The increase in diversity leads to a greater positive mindset for employees knowing that no matter an individual's background they are cared for and respected by their employer. A fairer and more diverse workplace make a happier workplace for all employees thus instilling trust within the community for all minority and ethnic groups that discrimination does not exist within the company culture.

Pricing

• Price: £8,450 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Up to 10 documents redacted via Sharepoint or Dropbox

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at riham.satti@mevitae.com. Tell them what format you need. It will help if you say what assistive technology you use.