Benefex Limited


Engaged employees rely on having great experiences at work, every day. We focus on crafting and delivering these experiences so that your people can be engaged, motivated, and inspired at work. OneHub does this for you, all in one, easy-to-use platform.


  • Employee Benefits
  • Employee Support
  • Real Time Data Analytics
  • Employee Communications
  • Employee Recognition
  • Mobile Enabled
  • Employee Engagement
  • Employee Wellbeing
  • Employee Experience Technology
  • Pensions Auto Enrolment


  • Delivers Peer to Peer Employee Recognition
  • Access From A Mobile device
  • Improves Employee Communications
  • Enhances The Employee Experience
  • Improves Employee Wellbeing
  • Full People Analytics
  • Reduces Benefits Administration


£25000.00 per instance per year

Service documents


G-Cloud 11

Service ID

7 5 3 2 1 5 3 1 5 7 4 2 3 7 9


Benefex Limited

Gethin Nadin

07785 627276

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to We integrate with most popular Payroll and HR systems
Cloud deployment model Private cloud
Service constraints No
System requirements Internet access (at work/at home or mobile based)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Target is within 48 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We have built the system in such a way as to be easy to understand and intuitive from a user perspective. With a user centred design method like Amazon and Facebook, our system does not require any training to learn. Typically, in assisting our clients' and their employees to utilise our technology we will deliver an extensive communications campaign to break down any barriers (perceived or real) to accessing and using the platform.
One of our largest clients, with a very varied and mixed demographic is Marks & Spencer. With over 70,000 employees, not a single day’s end user training was required. This also included a large population of pension age staff who had very little (if any at all) experience of using computers. We are able to offer helpdesk support to all employees available via phone and support ticketing. Your support team will be on hand to resolve any live queries from employees.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We agree a launch date with the employer and set up a suite of communications to encourage first time logins. We can also facilitate awareness days and training sessions. However, the portal is very easy to use and little to no training is required to start using the services. Any training is delivered online or via Webex.
Service documentation No
End-of-contract data extraction We’d be happy to include an exit plan to be put in motion in the event of your contract termination.

We would suggest;

Benefex shall, in accordance with the agreed Implementation Plan, prepare a draft Exit Management Plan setting out the obligations of each party on the termination of this Agreement and submit to the Client for their comment and approval. The parties shall use their respective reasonable endeavours to agree a final draft of the Exit Management Plan (such agreement not to be unreasonably withheld or delayed). As part of this process, the Client may provide Benefex with comments on the draft Exit Management Plan and Benefex shall incorporate into such draft Exit Management Plan such changes or amendments arising from those comments as the parties shall agree. The parties shall review the Exit Management Plan at least once per Year and incorporate any amendments that the parties may agree within the Exit Management Plan.
End-of-contract process Please see previous answer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The solution is mobile optimised, meaning the same information is displayed in an easier experience for a mobile phone/smaller screen. Our Reward and Recognition modules are delivered online and via an IOS/Android app.
Service interface No
What users can and can't do using the API As OneHub continues to become an ever more vital platform for our clients, we want to simplify the data exchange method wherever possible building develop the methods of being able to exchange data develop as well. As part of this we launched full read and write Application Programming Interfaces (APIs). Clients can send employee data to us as frequently as daily up to monthly.

API's allow data to be shown on the OneHub from third parties. For example, benefit selections. Users cant set up or make changes to or using the API.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Employers can apply creative design to the platform and also customise some text, upload documentation.


Independence of resources Baselines have been drawn up to provide projections of support for up to 1 million+ users with current Production specifications. A redundant 100Mb external connection, with Gigabit internal connections throughout provide enough bandwidth to support high levels of concurrent sessions. Depending on the users connection, 2seconds is and has been easily achievable given historic tolerance stats. The hardware in each server has ample room to scale up for quick performance gains. Load balancers allow us to spread the traffic across our web farm to increase web server count if required. SQL is clustered with the ability to increase server count


Service usage metrics Yes
Metrics types All data is available in real time. Within our live analytics dashboards you can segment by gender, age, location. Additional demographic segmentation can be done within our communication tools. There is a specific area of the dashboard that shows the exact status of each employee during an annual enrolment period. i.e. those that haven’t accessed the system, those that have accessed the system but not performed any action, those that have put benefits in their basket but not submitted and those that have submitted at least one benefit.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. The UK Government believes that implementing these measures can significantly reduce an organisation's vulnerability. Benefex Use Cyber Security Essentials in conjunction with ISO 27001 framework to ensure the Benefex IT Infrastructure maintains a secure stance in reducing the overall risk to client information.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Employers can run reports and export data as CSV files.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network Benefex use Endpoint Protector 4. This is used to block all media ports, any attempts to connect a device and / or move data will be reported to information security. Any email that has an attachment will be reported. Logs are reviewed at least monthly to ensure nothing untoward has been missed. Benefex also use Microsoft ATA for threat notification.

Availability and resilience

Availability and resilience
Guaranteed availability Our system uptime SLA is 99.5% and as mentioned in our earlier responses, this has been exceeded throughout 2016 and to date. In the unlikely event that contractual SLA’s are missed, then service credits that form part of the your contract will be enforced. Benefex uses a number of tools including a complex multi-layer monitoring and alerting model, SQL Monitor from Red Gate, which looks after the database along with New Relic. IPHostMonitor with its Web Transaction Monitor add-on provides a holistic view of system go/no go availability measured on the end-to-end exercising of the system created by these scripts. Pingdom is used to provide public status information to Benefex clients. It also produces SLA reports on system availability measured over different periods and windows of service within those periods.
New Relic has already been mentioned because of the comprehensive nature of its monitoring. The extra benefit many of these tools offer is the ability to integrate with PagerDuty out of the box or via indirect integration through email.
During system operation a number of internal metrics are analysed in order to gauge how well the system is able to withstand the load it is working under.
Approach to resilience Available on request.
Outage reporting Email alerts and account director notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels N/a
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus
ISO/IEC 27001 accreditation date 19/05/2016
What the ISO/IEC 27001 doesn’t cover Certificate available on request
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 22301
  • Cyber Essentials
  • 22301: 2012

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes A full Benefex Information Security document is available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A full Benefex Change Control Process document is available on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Benefex conduct multiple penetration tests per annum; two for the web application for both external and internal access to ensure users cannot enhance privileges. Where necessary additional tests will be carried out too. We also conduct two infrastructure tests across the whole IT infrastructure. One of the tests is conducted for Cyber Essentials Plus. The last web application found one medium vulnerability and two low. All vulnerabilities are remeidated in accordance with our penetration test procedures.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Benefex monitor the complete infrastructure, email notifications are receeived by IT and Security relating to issues and user activity relating to email content, data transfers etc. Benefex use Amicus ITS to monitor and manage the netwrok end points, they report as as required and provide a regular montly report. Benefex have an incident mamagement and reporting procedure that all employees are required to read and acknowledge. Full documentation is available on request.
Incident management type Supplier-defined controls
Incident management approach Benefex monitor the complete infrastructure, email notifications are received by IT and Security relating to issues and user activity relating to email content, data transfers etc. Benefex use Amicus ITS to monitor and manage the network end points, they report as as required and provide a regular monthly report. Benefex have an incident management and reporting procedure that all employees are required to read and acknowledge. Full documentation is available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £25000.00 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑