Skip to main content

Help us improve the Digital Marketplace - send your feedback

MegaNexus Ltd

COMPLY

COMPLY is a contract compliance and performance management
software solution for government bodies and public sector
organisations needing to manage multiple service providers and
contracts.
COMPLY promotes proactive management of provider/contract
performance through insightful data dashboards and customer configurable reporting.
COMPLY has previously been instantiated as 'Curious' for the MoJ.

Features

  • Facilitates management of contract providers' performance with detailed contextual data.
  • Scheduling functionality, for example, timetabling regular ongoing service delivery.
  • Multiple user-types can access and contribute to the system.
  • Monitor delivery against contractual KPIs & SLAs.
  • Enables performance management of service delivery.
  • Operates on “people data” outputs and records and tracks outcomes.
  • Reports and Dashboards configured to contract needs.

Benefits

  • Compliance management underpinned by aggregated data on individual-level outcomes.
  • Vast time savings compared to multi-document, paper-based solutions.
  • Centralised application gives a single view of contract performance.
  • Management of contract compliance for multi-agency and multi-site contracts.
  • Provides contextual information to better understand provider's quality of service.

Pricing

£172 a user a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@meganexus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 8 5 8 9 3 6 9 6 8 9 8 9 2 6

Contact

MegaNexus Ltd Daniel Brown
Telephone: 020 7843 4343
Email: solutions@meganexus.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Internet connectivity
  • Modern browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Meganexus agrees upon exact Support Levels during contract signing. However our standard support levels are typically: Urgent issues - Response time of 1 hour, Resolution time of 1 day. High priority issues - Response time of 4 hours, Resolution time of 2 days. Normal priority issues - Response time of 2 days, Resolution within the next software upgrade cycle. Low priority issues - Response time of 5 days, Resolution depending on the availability of Meganexus support team. The support costs are included in the license costs. Additional costs for onsite support are detailed in the pricing document, rate card. Meganexus will provide a technical account manager to oversee service delivery.
Support available to third parties
No

Onboarding and offboarding

Getting started
We have a dedicated onboarding team that supports users through the transition to our solution.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Video
End-of-contract data extraction
Once the contract is completed, all user data is extracted and downloaded to a secure drive. The drive is then handed directly to the client once the license has expired. Once the data has been transferred to the secure drive, all data is deleted.
End-of-contract process
All off-boarding services and any associated costs are agreed on initial contract. Any complex or third-party services will be discussed with additional costs according to the standard professional services rate card.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile and desktop services are similar in features and functionalities, the platform is fully responsive across all mobile devices.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
A support portal that allows application users requiring support to raise and track queries raised. This portal additionally has a self-service feature.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Not Applicable
API
Yes
What users can and can't do using the API
Microservices Architecture - our solution is comprised of multiple APIs which can be utilised to retrieve and publish data depending on the business need.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The COMPLY application can be customised across the modules such as data capture, reporting, workflows, scheduling and cost allocation and location. Branding including logos, colours, layout, etc can be tailored to organisation needs.
Following initial agreement Meganexus can, if required, add or customise further features in the COMPLY tool through professional services.

Scaling

Independence of resources
Meganexus applications operate on a hyper-scale platform and an architecture/implementation that allows us to auto-scale and contract in line with changing business demands.

Analytics

Service usage metrics
Yes
Metrics types
Includes but not restricted to Traffic Analysis (status of all tickets), Average Ticket Response times, Customer Satisfaction ratings, SLA (Met Vs Breached), Created Vs Resolved, Average Resolution time
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The reporting module provides an option to export data.
Data export formats
  • CSV
  • Other
Other data export formats
Excel
Data import formats
  • CSV
  • Other
Other data import formats
Excel

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Access to endpoints and applications is controlled by whitelisted known IP addresses.

Availability and resilience

Guaranteed availability
Meganexus commits to 99% availability for the COMPLY application.

Our SLAs are as follows:
Urgent Issue: renders core functionality inoperative. No workaround exists. Problem impacts service to Licensee’s customers.
Response/Resolution time- 1 hour/1 day.

High Issue: renders part of the core functionality inoperative but does not stop the remaining Software Modules' functioning. Issue impacts service to Licensee’s customers.
Response/Resolution time- 4 hours/ 2 days.

Medium: An issue which has little impact on productivity, for which a workaround exists.

Problem/Fault, User Education, Documentation, Query, Training, Product Enhancement Request.

Response/Resolution time- 2 days/Next Software Upgrade.

Low issue: Cosmetic issues, Manual/instruction/training problems, Enhancement requests, Training requests.

Problem/Fault: User Education, Documentation, Query, Training, Product Enhancement Request.
Response/Resolution time-5 days/At Meganexus' discretion.

Refund policies are available on a case-by-case basis.
Approach to resilience
Geographically resilient deployment with data being replicated between 2 geographically separate onshore sites and available for recovery in the event of an outage or that data is required to be restored from a backup. We use the replicated data as our source for restore, with resilience of components in each data centre.
Outage reporting
Both email messages to customers and notifications on the application front page.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Whitelisted IP addresses and 2-factor Authentication for escalated privileges.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Certification Group
ISO/IEC 27001 accreditation date
30/06/2023
What the ISO/IEC 27001 doesn’t cover
Data centre physical controls which are covered by our third party data centre management.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the processes defined within our ISO 27001 Information Security Management System (ISMS). Our implementation team develops, defines and refines ongoing tasks through an identified security baseline, applying the agreed risk management process, and implementing the risk treatment plan to ensure that controls applied are effective. We measure, monitor, and review these policies and controls on a month-by-month basis. Our support technicians report to the COO and CTO who in turn report to the CEO. Adherence to policies is ensured by evidencing actions driven by the process, reviewing procedures at least annually and again evidencing this to the ISO auditor.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Configuration and Change Management process is designed to facilitate the introduction of changes quickly and with minimal disruption to live services, ensure that changes adhere to agreed service levels/contractual agreements and do not introduce additional risk of disruption, error or security. A Request for Change (RFC) is required for any modification. All changes must be approved by the Change Advisory Board (CAB). The CAB approval process serves as a risk analysis activity, ensuring any risk associated by the Change has been accepted by the appropriate stakeholders. All changes are maintained in the RFC tracker.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All vulnerabilities are prioritised through risk assessment, monitored through notifications and assessed and actioned through change management or incident response procedures. Available patches are risk-assessed and vulnerability control decisions are audited. The ISO Steering Group receives regular reports on the vulnerabilities, any additional controls in place and outstanding issues. Compliant with ISO27001, annual IT-health checks enable remediation within 3-6 months. Additional vulnerability assessments are informed by any changes to our security framework. We are advised of threats/vulnerabilities through a range of distinct channels including The National Cyber Security Centre, Vendor Channels(e.g. Microsoft), Government customers such as Ministry of Justice.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring controls are based around the legacy GPG13 guidelines (deter). Alarms are automatically raised to our service team on suspicious behaviour. Any suspicious behaviour is treated as a priority 1 incident and will be dealt with within 4 hours. We have analysis tools that are constantly scanning our solutions to identify curious patterns of behaviour that may identify potential compromises and alert system administrators accordingly.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents raised by users or detected by Meganexus support professionals are categorised and assigned to the appropriate team. Incidents involving security, high-significance or business-critical systems are immediately addressed by the CTO and technical teams. We investigate the cause and resolution of the incident and restore the service while providing notifications to the client. Solutions for common events are documented in the Known Error Database and available to support teams. Incidents are reported through emails, the service portal or phone. All incident details are recorded in the service portal. Incident reports requested by the client are extracted from the service portal.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We aim to carry out the following measures to minimise the organisation’s carbon footprint as far as possible: Our cloud hosting partner Microsoft is constantly working to reduce reliance on data centres. We have set up recycling points in the office. We commit to a 5% reduction in printing/paper usage. We encourage a cycle-to-work scheme, thus committing to a reduction in the use of fossil fuels.

Covid-19 recovery

We support 4 local start-up businesses with areas of professional skills, specifically, IT / Software development. Senior Staff to support voluntary and community organisations. We will be available for them if they need speakers at events or advise them in our area of expertise (software development). We provide 6 hours of meeting room/event space for use by community and voluntary organisations.

Tackling economic inequality

We commit to 2 work placements per year focusing on service users with lived experience and young people leaving the looked-after system. Levelling up, all employees are paid a minimum of LLW (Low-Level Wage) regardless of where they live in the country.

Equal opportunity

We implement the following steps towards ensuring equal opportunities for all sections of the community: We support “Ban the Box” (to give individuals with lived experience), a fair chance to obtain employment. Levelling up, we pay the London Minimum wage for all UK new employees regardless of where they live or work.

Wellbeing

Meganexus carries out the below steps towards the health and well-being of its employees: We provide gym membership for employees working in the Tavistock office. We have an employee support service in place to provide counselling services. We encourage employee fitness through our cycle-to-work scheme. We arrange free health check-ups for our employees annually.

Pricing

Price
£172 a user a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@meganexus.com. Tell them what format you need. It will help if you say what assistive technology you use.