Every Nanorisk engagement is managed through the Security Portal — the central hub for engagement management, communication, and reporting. From scoping through to delivery and beyond, everything is accessible, documented, and auditable in one secure platform, eliminating the need for sensitive information to be exchanged over email. The portal is included with every engagement at no additional cost.
When you log in, the Overview Dashboard provides an immediate, consolidated view of your organisation's security position across all active Nanorisk services — including your security score, module status, risk heatmap, threat intelligence, and activity timeline.
The Asset Management module maintains a full inventory of your digital assets — the servers, applications, APIs, cloud services, and infrastructure that form the scope of your assessments. Every vulnerability and finding is linked directly to the affected asset.
Every penetration testing engagement is managed through the portal from initial scoping through to final delivery. Track progress, review documents, access findings, and communicate securely — all from a single project view.
We provide a step-by-step roadmap for each penetration testing project so you can see at any time what stage you're at and what's coming next. The portal tracks progress through each phase — from scoping and authorisation through to delivery and retesting.
The authorisation form and quote are provided both on the portal and as a downloadable document. All signing is completed digitally via the portal unless otherwise requested — no printing, scanning, or emailing sensitive contracts.
All findings are viewable in real time on the portal. Each finding includes severity classification, CVSS scoring, affected assets, evidence, remediation guidance, and effort estimation.
All reporting is viewable directly within the portal, with the option to download as PDF or Word. The same applies for retesting reports. We also provide formal attestation letters for every assessment, available in both PDF and Word formats.
Executive summary, technical findings with evidence, CVSS scores, remediation guidance, and threat intelligence — all accessible via the portal or downloadable.
Following remediation, retesting validates that fixes are effective. Outcomes are delivered as a separate report through the portal.
Formal letters of attestation are provided for every assessment as PDF or Word documents, supporting your compliance and governance requirements.
The portal is designed with the same rigour applied to the assessments delivered through it.
All accounts support TOTP-based 2FA with backup codes. Session management lets you view active sessions and terminate access from any device.
Granular access controls ensure each user sees only what they are authorised to see. Per-project permissions control access to sensitive documents.
Comprehensive activity logging of all portal interactions supporting accountability, oversight, and compliance requirements.
All sensitive information exchange happens through encrypted channels within the portal — never over email.
Secure storage and lifecycle management of all engagement documentation, NDAs, and artefacts with retention policy enforcement.
View login history, active sessions with IP and device information, and terminate sessions remotely. Password strength enforcement and change tracking.
If you would like to discuss an assessment or see how the Security Portal supports your organisation's security programme, please get in touch.