Mavim has customers and partners in highly regulated sectors like government, insurances, banking, etc. In order to ensure the integrity of persons related to Mavim the products we have stringent screening in place for critical positions, and regular measures in place for all remaining positions.
As part of our ISO and for good business conduct we maintain an “evidence of competence” policy. This means for all positions in Mavim we maintain an up-to-date list of required certifications and diplomas. Required certifications and diplomas could be mandatory for the job at hand, but also are related to required certifications for our partnerships (e.g. Microsoft). All employees have to be in possession of up-to-date certifications in our Evidence of competence matrix as a minimum. Annual security training is standard.
When we are recruiting for any position this Evidence of competence matrix is our first line of defense. We check the evidence of the certification and diplomas before we proceed.
For every employee we conduct a regular background check. We undertake reference checks and do an investigation on social media to ensure we do not find any (potential) compromising information. We map the resume on career website content and look for obvious gaps. Whenever we encounter such gap, we stop the recruitment process. Whenever we have a link through our network we also check with these contacts.
For certain positions (consultants and service desk employees) we have additional requirements. Positions who have access to confidential customer data have to Obtain a VOG (verklaring omtrent goed gedag). Literally translated “declaration of good behavior”. You obtain that certificate at the police. If there are any hits on the VOG we stop the recruitment process. These have to be re-done annually.
For our highest level of confidential customers we employ employees who are the only ones with access to any of those customers information. For these employees we conduct a government screening (antecedenten onderzoek). This is a similar screening that is carried out for people who want to work at the police, secret service, certain governmental and military positions. This is a screening of approximately 1 month where the person its self (internationally, e.g. Interpol) is screened as well as their direct surrounding contact. E.g. spouse, ex-spouse, children, close friends, etc. this investigation is carried out every 2 to 3 years.
For management team and HR recruits we work with an agency who performs a professional background check and assessment.
As part of our recruitment process we have the potential employee agree and sign our Mavim Code of Conduct (where also breach handling is agreed) and our standard employment contract where we include a confidentiality and non-competition clause. Upon joining all employees must pass the mandatory security awareness training. The security awareness training is updated annually and must be passed each year by all employees.
Breaches of these topics are fed into our disciplinary process. Consequences in case of default are official warnings (max 1) and resignation. Whenever we encounter a security breach we inform our customers in line with European and Dutch regulation.
Cloud ISV partner
As we work closely with InterCept, our ISV partner we have rigorous requirements for their employees and integrity. As part of our standard partner contract we require full NDA, confidentiality and non-competition clauses, as well as VOG’s of all employees who work on the Mavim account. InterCept is MSP partner of Microsoft which means they have strict screening and operations controls in place and are audited by Microsoft annually. They are also ISO 27001 certified.