MegaNexus Ltd

NEO Client Access Portal

The Client Access Portal is a NEO application designed to provide a range of resources to support vulnerable people with rehabilitation, job-searching or learning. The application includes a range of resources such as CV building, learning functions, job-searching or rehabilitation options. It can operate independently or alongside other NEO applications.


  • Secure, web-based self service portal
  • User-friendly interface for job-seeking and training opportunities
  • Ability to search for learning opportunities by area or industry
  • Apply direct and manage applications
  • Ability to save work and CV to client's account
  • Optional management interface to control content


  • Portal can provide access to resources from multiple providers
  • Supports entire journey for training, job-searching and resettlement
  • End-user's work aspirations can be matched with opportunities
  • Access to online training courses to boost education and engagement


£120 to £200 per user per year

Service documents

G-Cloud 9


MegaNexus Ltd

Richard West

020 7843 4343

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Dependent on configuration. Infrastructure is configurable with legacy and existing software.
Cloud deployment model Hybrid cloud
Service constraints Secure products are self-contained. Users have constrained access dependent on configuration.
System requirements Internet connection

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The online support desk is responsible for
handling all first-, second- and third-line requests from customers.
The support desk is staffed between 0800 and 1830
Monday to Friday, excluding English Bank Holidays.
Support is provided via phone and email communication to the support desk at
Self-service materials such as detailed user
guides and quick reference guides that are relevant
for each system user type are provided upon request.
Email and telephone support is structured to maximise efficiency.
An incident that has a significant impact of the customer's
business operations where no workaround exists.
S2=Major. An incident where a workaround is
available to enable staff to carry out key business activities.
An incident where the product or application does
not perform certain functions or exhibits some
unnatural behaviour but the functionality as a
whole is not impacted. S4=Low. A minor incident
where there is minor impact to the functionality
but where there is still a valid incident that should be corrected.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided upon initial installation. Further training is available as per configuration and contract.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats User defined
End-of-contract data extraction All off-boarding data is subject to security accreditation. Removal/extraction of data is performed as per initial contract.
End-of-contract process As per off-boarding in initial contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None.
Accessibility standards WCAG 2.0 AAA
Accessibility testing N/A.
What users can and can't do using the API API
Using the API
API usage is configured as per security accreditation,
and is defined upon implementation of contract.
In normal circumstances, all API control is the
responsibility of MegaNexus Ltd, and any changes to the
transfer of information must be part of an agreed
Change Request.
API documentation No
API sandbox or test environment Yes
Customisation available No


Independence of resources The MegaNexus solution is fully hosted and does not require local data storage in order to operate. It is scalable and is able to deal with a high concurrency. Therefore it does not have adverse performance on Partner infrastructures or client devices.


Service usage metrics Yes
Metrics types User-defined through real-time dashboards.


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach As per security accreditation, this is performed by MegaNexus upon request.
Data export formats Other
Other data export formats User defined
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Historically, our systems offer 99.9% availability. This equates to around 4 hours down time per year.
Approach to resilience The system is dispersed across two geographically distinct data centres, with automatic fail-over via global DNS. Data is replicated between sites via a site-to-site VPN. All devices are configured in pairs under active-active
Outage reporting Protective monitoring complies with GPG13;
database logging and alerting;
outages reported online and through social media

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Permission-based hierarchy, dependent on configuration.
Management interfaces reside within dedicated management
VLAN accessible by administrators only.
Access restriction testing frequency At least once a year
Management access authentication Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKICM
ISO/IEC 27001 accreditation date 11/07/2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001 standard

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All configuration dependent on contract.
Change Requests are scoped and processed by allocated
Project Manager and agreed with client as to timelines,
costings and outcomes
Vulnerability management type Supplier-defined controls
Vulnerability management approach As per MOJ accreditation,
we are required to perform annual IT-health check with
vulnerabilities remediated within 3-6 months.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Conforms to CPG13 guidelines.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident management is incorporated
within ISO27001 accreditation

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £120 to £200 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑