HAS Technology Limited (t/a CM2000)

ARMED (Advanced Risk Modelling for Early Detection)

ARMED is our powerful technology-enabled care tool, designed to identify frailty and risk of falls up to thirty-two days earlier in the care cycle. ARMED combines predictive analytics with wearable technologies and care data to identify those who may be at risk of falling, so preventative support can be administered.

Features

  • Identifies those at risk of falling earlier than currently possible
  • Enables preventative support to be delivered
  • Triggered alerts for better self care and management
  • Reassures family members, who can see their loved one's data
  • Allows care organisations to focus resources on most needed areas
  • Empowers Service Users
  • Provides a valuable mechanism for risk escalation
  • Aims to reduce the risk of falls and hospital admissions
  • Provides your Workers with comprehensive reports and valuable insights
  • Data can be shared with other health colleagues

Benefits

  • 25:1 save to spend ratio, based on our pilots
  • Falls can be predicted up to 32 days in advance
  • Enables you to move towards preventative, not reactive, care delivery
  • Provides you with powerful reports and health insights
  • Share data insights with your Service Users' family members
  • Allows Service Users to better self-manage their health
  • Uses innovative wearable technologies, which Service Users love
  • One pilot showed a 100% falls reduction over six months
  • Allows you to intervene before a health decline takes place
  • Keeps Service Users living independently in their homes for longer.

Pricing

£30 per person per month

  • Free trial available

Service documents

G-Cloud 11

207668850843207

HAS Technology Limited (t/a CM2000)

Paige Richardson

0121 308 3010

paige.richardson@cm2000.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints ARMED uses a range of wearable technologies to identify those who may be at risk of falling, and as a minimum, Polar devices are required for valuable insights. These can be complemented by additional wearables, such as activity & sleep trackers, grip strength measurers, body composition scales, heart rate variability sensors, environmental sensors and more. A mobile device with Bluetooth functionality is also required to upload additional metric information. ARMED also needs an Internet connection for its reporting functionality to be accessed.
System requirements
  • Internet connection
  • A mobile device supporting Bluetooth
  • Polar devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support hours are extremely comprehensive and are from 8am to 8pm Mondays to Fridays and 9am to 5pm Saturdays, Sundays and Public Holidays. Support can be accessed via telephone, email or online Customer Portal. Outside of the listed hours, queries are logged by an out-of-office receptionist and responded to within office hours. We endeavour to provide same-day responses to our queries and a comprehensive Service Level Agreement can be provided on request.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our online customer portal supports many of the features described on the VPAT, or supports these features with some exceptions. For example, Service Desk functions are generally executable from a keyboard, although a small portion of Service Desk functionality must be controlled from a pop-up window, rather than the main Service Desk user interface. Functionalities controlled through a pop-up window are not executable from a keyboard. Moreover, the Service Desk does not disable screen reader Assistive Technology, screen magnification, high-contrast themes, voice-to-text Assistive Technology, voice navigation, or alternative input Assistive Technology. Non-textual user interface elements and non-decorative images that convey information are accompanied by on-screen textual descriptions or hidden descriptions that are accessible by screen reader Assistive Technology. The vast majority of on-screen descriptions can also be accessed by screen reader Assistive Technology, while a few textual descriptions of user interface elements, including icons included in the corporate offering chat window, cannot be accessed by screen reader Assistive Technology. More information on this can also be provided on request.
Web chat accessibility testing N/A - Our online Service Desk is a third-party product used for providing web support, and as such, we have not done any testing with assistive technology users. The information regarding the Service Desk's compatibility with Assistive Technology has been provided by the supplier of this product, who we believe has conducted extensive testing with assistive technology users.
Onsite support Yes, at extra cost
Support levels We provide product support via email, telephone and online customer portal from 8am to 8pm Monday to Friday, and 9am to 5pm Saturdays, Sundays and Public Holidays. Outside of these hours, queries are recorded by an out-of-office receptionist and responded to within office hours. We also employ a dedicated Technical Team who are on-call 24/7/365 to fix any technical problems with the solution without delay. This support is included within ARMED's maintenance fees, and is the universal support offering for our customers (though we might be able to offer a bespoke Service Level Agreement upon request).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide full training courses on accessing ARMED's data, and the use of the wearable technologies by the Service Users. All of our training courses are also complemented by comprehensive written course material. Training is delivered by our highly qualified and highly experienced Training Team.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract period, we are able to return all of our customers' data with a flat-file export. We will discuss the flat file export, as well as the migration of data, when agreeing a Transfer and Exit Strategy with the customer, which will be during contractual negotiations.
End-of-contract process At the end of the contract period, we will act as per our Transfer and Exit Strategy (which is to be agreed with the customer). This will be based on the customer's unique requirements and specific circumstances. The comprehensive Transfer and Exit Strategy will define what data is required, where data will be exported to, what format data exports will be needed in, whether the customer will be running multiple systems for a specified time, and more.

We would be more than happy to present, format and transmit the data free-of-charge for the customer, provided that we export the data out into flat files and do not need to restructure the data. However, if the customer were to require data in a specific format then this work may be deemed chargeable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The ARMED application utilises reports that have been produced using the Microsoft Power BI reporting solution. These can be accessed via both mobiles and desktop computers: the experience that the end user receives for reports is largely the same, irrespective of whether these are accessed via a mobile or desktop service.
Accessibility standards None or don’t know
Description of accessibility While we don't formally meet the WCAG standards, we follow a principal of inclusive design, in which we design our products for everyone. This means that our products have been designed for forgotten accessibility struggles, such as mental illness, working in bright environments, to the more well-known visual issues. As such, we put as much effort into making sure our products can be used with one hand and won’t cause anyone anxiety, as making sure that they be navigated with a screen reader. Our work in this area is in line with the recommendations of Home Office Digital.
Accessibility testing All of our products undergo extensive product testing, including testing by ourselves and beta testing with our customers, to ensure that our solutions are fit for purpose. This includes ensuring compatibility with Assistive Technology for users of this technology.
API Yes
What users can and can't do using the API The ARMED solution is an open source platform that receives data from various devices, using multiple API interfaces. However, these are standard APIs that are set up by ourselves and not the customer. We have built APIs to allow the solution to take advantage of additional quality data sets, such as environmental sensors, medication compliance devices, and more. The ARMED service will continually extend API capabilities through this open platform approach, and we are more than happy to help customers explore the ability to introduce other datasets that are relevant to challenges that they are facing, such as data from a range of IoT devices etc.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Buyers will have the ability to see a customised set of reporting outputs derived from the Microsoft Power BI solution (which forms part of the ARMED product). The ARMED service will provide a range of pre-built reports on user metrics, however, it is acknowledged that different customers will face different challenges and therefore the solution has been built in a manner to cope with the level of flexibility required.

Scaling

Scaling
Independence of resources To ensure there is no degradation in performance from other users, we deploy industry-standard monitoring tools (PRTG) to understand where capacity needs to be added to the system, operate ARMED at 50% under-capacity, support in excess of the anticipated volumes, undertake load testing to ensure capacity, procure additional hardware where required, and ensure our dedicated Technical Team receive system alerts on performance spikes and are on-call 24/7, to fix any technical issues without delay.

Analytics

Analytics
Service usage metrics Yes
Metrics types Through our online customer portal, the customer will have access to various service metrics, including their number of support tickets, information on our SLA adherence and more. We are also able to provide reports on additional service metrics upon request. The customer will be able to check the status of our products at any time using our product's Service Status Page.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers have the ability to export data in a variety of formats using ARMED's underlying reporting technology, Microsoft's PowerBI. The Microsoft Power BI solution has been specifically selected on the basis that it fully interacts with the rest of the Microsoft development stack and Office 365 products, providing the user the ability of accessing and extracting data through the use of any of these appropriate tools.
Data export formats
  • CSV
  • ODF
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our dedicated Infrastructure Team monitor the operation of the service around the clock, with a 24/7 network availability of 99.9% 24/7/365. All equipment is monitored by a network management system (NMS). The NMS monitors the server hardware, and notifies the relevant user / department of any failure, or expected failure. It also monitors the software of each server, including server health, availability, and other custom processes. In addition, a visual health check of all systems is displayed within our offices. An on-call team is responsible for the NMS and receives all alerts or notifications 24 / 7 / 365. If there is a technical problem with the service / system fault, a member of the Infrastructure Team will fix the problem without delay or charge. Ability to recover from outages is as per our Service Level Agreement - which can be provided on request.
Approach to resilience This information is available on request.
Outage reporting We have an online Status Page that our customers can access, which provides them with full information on the availability of our systems, and any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels To ensure only the customer's authorised individuals are able to access the management interface, we would look to authenticate the individual’s email domain, before providing product support services. We would also have the telephone number of the customer saved, but only Support and Training queries can be handled via telephone. Any data changes, or changes that would affect the customer's database, would need to come via email or our online customer portal. With regard to our online customer portal, valid login credentials are required to access this service.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institution
ISO/IEC 27001 accreditation date 31/01/2018
What the ISO/IEC 27001 doesn’t cover N/A. Our entire organisation, our processes and practices are governed by our ISO27001 certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We take a secure approach to managing our Cloud service, as per our ISO27001:2013 accreditation in Information Security. As per this accreditation, we deploy an ISO27001-accredited Information Security Management System, which is comprised of multiple policies that are designed to ensure the security of every aspect of the system. Policies included within our ISMS include: information security as a whole, access control, secure development, patch management, incident management, change management, information security training, removable media, data protection, equipment disposal, information classification, use of cryptographic controls, passwords and the use of mobile devices and teleworking. Some of our policies are available on request. We employ a Group Compliance Officer, who is responsible for the re-auditing of our ISO27001 accreditation, and whom has been embedding improved policies and procedures throughout the business, so that information security is maintained as per the high standards of our customers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As part of our Change Management Policy, we have a comprehensive Risk Assessment and Change Advisory Processes in place. For example, we have a Change Advisory Board for all releases, and an Emergency Change Advisory Board for any patches required, based on the severity and the urgency of the patch we are rolling out to our solutions.

The ECAB is also chaired by the organisation’s Group Technical Officer, who is imperative and instrumental to any changes that are made to our products / services, as well as any potential security impact these might have on our services.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As a minimum, we undertake annual external penetration tests of our systems by an independent, CREST accredited third party. Vulnerability scans and penetration tests are carried out against our entire external infrastructure. This is done using a grey box testing methodology, which consists of probing and enumerating the environment as if there were a malicious attacker, without any privileged information about the application or services provided. If and where any major vulnerability is exposed through penetration testing, we implement the recommended actions to improve system security.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have Intrusion Detection Systems to continually monitor traffic and raise alerts if required. We have also implemented SNORT and Antivirus within our DMZ to capture any suspicious traffic; in addition to this we are exploring integrating this with our Kemp Balancers to further capture malformed packets and suspicious activities. Thirdly, we have introduced a network monitoring system, which looks for ARP poisoning and worm activity between our VLANs, as well as records the traffic going across the network. Finally, we have also introduced a log capturing facility, which analyses logs against a test board list for unusual activity.
Incident management type Supplier-defined controls
Incident management approach With regard to security incidents, we operate a comprehensive Incident Management Policy. As per this policy, when an event (potential incident) is identified, our Incident Management Team must be notified immediately by our employees. Please note our customers can raise potential incidents to our Incident Management Team via a dedicated email address.

The Incident Management Team will be responsible for identifying as to whether the security incident is ‘major’ or ‘minor’. Please note that, where possible, our Incident Management Team will take immediate action to secure and contain the incident and reduce the risk of further breach or incident impact.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £30 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We are happy to provide trials of the ARMED service free-of-charge for a period of up to two weeks. However, the hardware devices that link up to the ARMED solution and provide data (such as the Polar wearable, for example), will be chargeable.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑