MindMill (HR) Software Ltd

Psychometric Assessment Design & Delivery

Mindmill provide bespoke Assessments including Behavioural and Cognitive Psychometrics. Assessments are competency based, mapped to specific roles and Classified and Validated by the British Psychological Society. Assessment can be delivered as a managed service, via a client self service portal, Mindmill Applicant Tracking System or API integration with client environment.

Features

• Job Role Based Assessment Design
• Job Builder with Integrated Competency Framework
• Self Service Assessment Delivery Platform
• Managed Service Assessment Campaign Delivery
• Integrated Applicant Tracking System
• API integration with existing software solutions
• Workflow design and Automation
• Development and Recruitment Application
• Leadership Development and Work Style Profiling
• Mobile Integration and Delivery

Benefits

• Make better hires, first time
• Increase Recruitment Process efficiency
• Automate high volume screening
• Reduce application processing costs
• Reduce cost of bad hires
• Increased Productivity with better matched candidates
• Reduce churn, increase employee retention
• Inform Learning and Development requirements
• Predictive data for learning agility
• Generate People data & analytics

£750 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ryno.k@mindmill.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

692312360192168

Contact

Ryno Kleynhans
+44 (0) 845 0755 844
ryno.k@mindmill.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Mindmill can integrate with any Job Board, CRM, ERP, HRMS, ATS, eLearning Platform, etc. subject to API endpoints being accessible/made available.
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: None.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We endeavour to respond to all queries within 24 hours excluding weekends and public holidays. ; ; Support Response times as per SLA and service type.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: System Critical: Response within 4 hours, Resolution within 12 hours; Significant impact: Response within 8 hours, Resolution within 24 hours; Minor impact: Response within 24 hours, Resolution within 72 hours; Low priority: Response within 72 hours, Resolution By agreement.; ; All Support Costs are included in the service costs. ; ; Each client has an assigned Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Delivery process/workflow is designed together with the customer and implemented with necessary training, support and materials provided to users & administrators.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Mindmill conforms to client data & retention policies and comply according to the terms of the agreement entered into.
• End-of-contract process: Service and access to the platform will be discontinued. Data will be destroyed/archived/anonymised in accordance to the Data retention agreement made.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Some services are available on Mobile, however, full Psychometric Tests are by design not available on mobile as a Test Environment is encouraged.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We distinguish between a user interface and a service interface.; We have both a user interface and a REST API service interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Our services are available on web and mobile devices. Users can; Register and apply for vacancies as well as manage profiles, complete assessments or interact with consultants on our Careermaps development platform.
• Accessibility testing: Currently none. Our testing is centred around ease of use and user experience. Interface testing can be done upon commercial request.
• API: Yes
• What users can and can't do using the API: The service allows tenants to create assessment candidates and to retrieve assessment results and reports.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Mindmill develop, maintain and deploy all of our own technology. Our service is highly customisable from core functionality to user configuration.

Scaling

• Independence of resources: The Mindmill solution is hosted on MS Azure, designed with ease of scaling in mind, At any given time, Mindmill has usage capacity of 10x the current average system load.

Analytics

• Service usage metrics: Yes
• Metrics types: Mindmill can provide any usage/service metrics as required by the client.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: We can provide automated scripts, API interface or manual data dumps to customer requirement.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: All communications take place over encrypted channels - TLS 1.3 specifically
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: All cloud platforms are protected by a 99.9% availability guarantee. No refunds are offered for downtime.
• Approach to resilience: All components are designed in a resilient way. Web services are redundant with automatic failover to other services as required. All databases are virtually redundant across local and geographic areas with a 99.999% availability SLA"
• Outage reporting: Public dashboard (azure health). We ourselves get alerts via email of any issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are restricted based on Role Based Access Control (RBAC), both customer side and Mindmill. ; With clients, managers are assigned roles to administer their staff but no personal information is available.; For Mindmill, strong MFA is required and RBAC is in place across the service limiting what information is available. No personal data is accessible.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Mindmill have a comprehensive set of information security policies. This addresses major areas such as Access Control, Data Protection, Incident Response, Risk Management, Compliance, Backup/DR and 3rd party Risk Management. These are reviewed every 6 months (or more frequently as required). Reporting structure is via Information Security Manager and ultimately to COO and board level if required.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All code and infrastructure changes are strictly managed via a change control process which adheres to ITIL standards. ; If system downtime required, this is communicated and agreed in advance with clients.; All code changes are security/vulnerability code scanned in advance. Code changes are made via Secure DevOps processes with code approved by another reviewer before being deployed.; All code/infrastructure changes are made in a non Production environment before deploying to Production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We maintain an asset inventory of all hardware/software with notification from vendors and opensource providers on vulnerabilities/threats.; All patches are tested in non Production before deploying to Production.; Urgent patches are tested within 48hrs of release.; We use a vulnerability scanner across our estate which runs every 24hrs and identifies vulnerabilites which are prioritised for remediation.; We retain a small technology footprint minimising exposure to threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use a multi tier protective monitoring platform. All logging data is sent to a centralised SIEM platform which alerts for suspicious activity. In addition, proactive log analysis is undertaken twice per day.; Additionally Continuous Vulnerability Scanning is in place and alerts reviewed as identified.; User Analytics is also reviewed eg suspicious login activity.; ; If a compromise is identified, a documented process is followed. This may be disabling user, blocking an IP address, further log analysis. If required, customers are notified (never been required)
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Mindmill have an extensive documented incident management process with strict engagement and escalation as required.; Incidents are categorised and prioritised. Depending on severity, different internal and external escalation can be invoked.; Incidents are investigated and diagnosed before being remediation/resolved.; Incident reports can be provided with full root cause analysis and lessons learned (if required).; Users can report Incidents via email (account manager or dedicated email) or telephone.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  Utilising remote work and virtual meetings to reduce commute and travel. All servers are virtual on MS Azure, reducing the requirement of resource hungry on prem server farms.

  Covid-19 recovery

  Launched www.careermaps.co.uk to assist people who's employment was affected by Covid, helping them identify other sectors/interest to pursue a new career path.

Pricing

• Price: £750 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ryno.k@mindmill.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.