MegaNexus Ltd

FAB

FAB (Flexible Assessment Builder) is a secure, collaborative Cloud-based (SaaS) platform that enables construction and secure distribution of bespoke assessments, surveys and questionnaires in a variety of different formats and scales.

Features

• Collects and evaluates information through configurable assessments, questionnaires and surveys.
• Can include current assessments and screening tools within the application
• Enables creation, storage and editing thousands of assessments.
• Caters for a range of types of questionnaires and surveys.
• Administers digital assessments to users during personal development journey.
• Assessments are distributed by user, location or region as selected.
• Stores results against user’s plan, can share results with user.
• Enables different (response-dependent) input types, scales and formats.
• Interoperability connects with other systems (Including other Meganexus applications)

Benefits

• Allows the user to self-serve and saves key worker time.
• Eliminates paper-based activities for administering (e.g. LDD or anxiety) measures.
• Content and assessments tailored to individual user needs.
• Enables quick and easy creation of bespoke assessments
• A GDS and WCAG-compliant, accessible and inclusive platform
• An interactive interface for case workers to track user progress.
• Online and offline versions are available.
• Provides live outcomes into reporting dashboards
• Allows creation, administration and editing of unlimited number of assessments

£2,175.00 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@meganexus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

977039628625819

Contact

Daniel Brown
020 7843 4343
solutions@meganexus.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Internet connectivity
  • Modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: -Meganexus agrees upon exact Support Levels during contract signing. However our standard support levels are typically:; Urgent issues - Response time of 1 hour, Resolution time of 1 day; High priority issues - Response time of 4 hours, Resolution time of 2 days; Normal priority issues - Response time of 2 days, Resolution within the next software upgrade cycle; Low priority issues - Response time of 5 days, Resolution depending on the availability of Meganexus support team.; ; - The support costs are included in the license costs.; Additional costs for onsite support are detailed in the pricing document, rate card.; -Meganexus will provide a technical account manager to oversee service delivery.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We have a dedicated onboarding team that supports users through the transition to our solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Once the contract is completed, all user data is extracted and downloaded to a secure drive. The drive is then handed directly to the client once the license has expired. Once the data has been transferred to the secure drive, all data is deleted.
• End-of-contract process: All off-boarding services and any associated costs are agreed on initial contract. Any complex or third-party services will be discussed with additional costs according to the standard professional services rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile and desktop services are similar in features and functionalities, the platform is fully responsive across all mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: A support portal that allows application users requiring support to raise and track queries raised. This portal additionally has a self-service feature.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Not Applicable
• API: Yes
• What users can and can't do using the API: Microservices Architecture - our solution is comprised of multiple APIs which can be utilised to retrieve and publish data depending on the business need.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The Flexible Assessment Builder (FAB) application can be customised for all Assessments, Forms, Questionnaires, Surveys and Quizzes with different input types (which can be response dependent), scales and formats. Branding including logos, colours, layout, workflows, reporting, etc can be tailored to organisation needs. Users have access to a wide range of configuration tools in the application. Permissions in the application are based on Role-Based Access Controls. Client administrators can be given elevated rights to create the customisations needed.

Scaling

• Independence of resources: Meganexus applications operate on a hyper-scale platform and an architecture/implementation that allows us to auto-scale and contract in line with changing business demands.

Analytics

• Service usage metrics: Yes
• Metrics types: Includes but not restricted to Traffic Analysis (status of all tickets), Average Ticket Response times, Customer Satisfaction ratings, SLA (Met Vs Breached), Created Vs Resolved, Average Resolution time
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The reporting module provides an option to export data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Access to endpoints and applications is controlled by whitelisted known IP addresses.

Availability and resilience

• Guaranteed availability: Meganexus commits to 99% availability for the FAB application.; ; Our SLAs are as follow:; Urgent Issue: renders core functionality inoperative. No workaround exists. Problem impacts service to Licensee’s customers ; Response/Resolution time- 1 hour/1 day; ; High Issue: renders part of the core functionality inoperative but does not stop the remaining Software Modules' functioning. Issue impacts service to Licensee’s customers ; Response/Resolution time- 4 hours/ 2 days; ; Medium: An issue which has little impact on productivity, for which a workaround exists; ; Problem/Fault, User Education, Documentation, Query, Training, Product Enhancement Request; ; Response/Resolution time- 2 days/Next Software Upgrade; ; Low issue: Cosmetic issues, Manual/instruction/training problems, Enhancement requests, Training requests; ; Problem/Fault: User Education, Documentation, Query, Training, Product Enhancement Request; Response/Resolution time-5 days/At Meganexus' discretion; ; Refund policies are available on a case-by-case basis.
• Approach to resilience: Geographically resilient deployment with data being replicated between 2 geographically separate onshore sites and available for recovery in the event of an outage or that data is required to be restored from a backup. We use the replicated data as our source for restore, with resilience of components in each data centre.
• Outage reporting: Both email messages to customers and notifications on the application front page.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Whitelisted IP addresses and 2-factor Authentication for escalated privileges.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Certification Group
• ISO/IEC 27001 accreditation date: 20/04/2022
• What the ISO/IEC 27001 doesn’t cover: Data centre physical controls which are covered by our third party data centre management.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow the processes defined within our ISO 27001 Information Security Management System (ISMS). Our implementation team develops, defines and refines ongoing tasks through an identified security baseline, applying the agreed risk management process, and implementing the risk treatment plan to ensure that controls applied are effective. We measure, monitor, and review these policies and controls on a month-by-month basis. ; ; Our support technicians report to the Head of Customer Success who reports to the Chief Technology Officer who in turn reports to the CEO.; ; Adherence to policies is ensured by evidencing actions driven by the process, reviewing procedures at least annually and again evidencing this to the ISO auditor.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Configuration and Change Management process is designed to facilitate the introduction of changes quickly and with minimal disruption to live services, ensure that changes adhere to agreed service levels/contractual agreements and do not introduce additional risk of disruption, error or security. A Request for Change (RFC) is required for any modification. All changes must be approved by the Change Advisory Board (CAB).; The CAB approval process serves as a risk analysis activity, ensuring any risk associated by the Change has been accepted by the appropriate stakeholders.; ; All changes are maintained in the RFC tracker.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All vulnerabilities are prioritised through risk assessment, monitored through notifications and assessed and actioned through change management or incident response procedures.; Available patches are risk-assessed and vulnerability control decisions are audited.; The ISO Steering Group receives regular reports on the vulnerabilities, any additional controls in place and outstanding issues.; Compliant with ISO27001, annual IT-health checks enable remediation within 3-6 months. Additional vulnerability assessments are informed by any changes to our security framework.; ; We are advised of threats/vulnerabilities through a range of distinct channels including The National Cyber Security Centre, Vendor Channels(e.g. Microsoft), Government customers such as Ministry of Justice.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring controls are based around the legacy GPG13 guidelines (deter). Alarms are automatically raised to our service team on suspicious behaviour. Any suspicious behaviour is treated as a priority 1 incident and will be dealt with within 4 hours. We have analysis tools that are constantly scanning our solutions to identify curious patterns of behaviour that may identify potential compromises and alert system administrators accordingly.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents raised by users or detected by Meganexus support professionals are categorised and assigned to the appropriate team. Incidents involving security, high-significance or business-critical systems are immediately addressed by the CTO and technical teams. ; We investigate the cause and resolution of the incident and restore the service while providing notifications to the client.; ; Solutions for common events are documented in the Known Error Database and available to support teams.; ; Incidents are reported through emails, the service portal or phone.; ; All incident details are recorded in the service portal.; ; Incident reports requested by the client are extracted from the service portal.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  1) Meganexus has established recycling points in its London office.; 2) Meganexus is committed to reducing printing/paper usage and discourages employees from printing documents wherever possible; 3) Meganexus encourages its employees to participate in the "Cycle to work" scheme to reduce carbon emissions.
• Covid-19 recovery:

  Covid-19 recovery

  Meganexus is committed to 1)Support 4 local start-up businesses with area of professional skills in IT / Software development.; 2) Senior Staff will support voluntary and community organisations. We will be available for them if they need speakers at events or advise them in the best of our area of expertise (software development) ; 3) We will provide 6 hours of meeting room/event space for use by community and voluntary organisations.
• Tackling economic inequality:

  Tackling economic inequality

  1) Meganexus provides 2 work placements per year focusing on ex-offenders and young people leaving the looked after system. ; 2) Levelling up- All Meganexus employees are paid a minimum of LLW regardless of where they live in the country.
• Equal opportunity:

  Equal opportunity

  1) Meganexus supports Ban the Box – for ex-offenders 2) It pays the London Minimum wage for all UK new employees regardless of where they live or work (Levelling up)
• Wellbeing:

  Wellbeing

  Meganexus promotes the well-being of its employees by providing:; 1) Gym membership for employees working in the Tavistock office; 2) Employee support service; 3) Encouraging fitness activities like the; Cycle to work scheme; 4) Providing free health check-ups annually

Pricing

• Price: £2,175.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@meganexus.com. Tell them what format you need. It will help if you say what assistive technology you use.