HAS Technology Limited (t/a CM2000)

CallConfirmLive! - Electronic Call Monitoring and Scheduling

CallConfirmLive! is the market-leading, fully integrated monitoring, scheduling and financial arbitration solution used by Local Authorities and NHS Trusts across the UK. It is a fully integrated system, allowing you to see what is happening with your service in real-time, and make changes to your care provision as needed.


  • Real-time electronic call monitoring
  • Dynamic scheduling and rostering
  • Financial arbitration to help you pay your Providers
  • Payroll exports for Care Worker payments
  • Market-leading business intelligence
  • Comprehensive care management functionality
  • Roster optimisation engine and mileage wizard
  • Market-leading mobile monitoring app
  • Outcomes recording - helping you move towards payment on outcomes
  • Customisable forms and assessment functionality


  • See how your care service is performing in real-time
  • Dynamic scheduling - mirror long-term rotas and schedule on-the-fly
  • Automated Care Worker payroll and Provider invoicing
  • Report writer for powerful operational and management information reporting
  • Go paperless with our electronic forms and assessment functionality
  • Comprehensive Lone Worker and Service User safeguarding features
  • Fully automate your mileage claims
  • Optimisation engine - optimise your roster in < 10 minutes
  • Highly secure, market-leading mobile app for Care Workers
  • Comprehensive messaging functionality between the office and remote workers


£45 per licence per month

Service documents


G-Cloud 11

Service ID

2 3 5 7 9 2 7 7 8 2 8 3 9 5 8


HAS Technology Limited (t/a CM2000)

Paige Richardson

0121 308 3010


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Support hours are 8am to 8pm Monday to Friday, and 9am to 5pm Saturdays, Sundays and Public Holidays. Outside of these hours, support tickets can be logged by an out-of-office receptionist and will be responded to the next working day. Cloud maintenance windows are typically delivered overnight, from midnight until 5am, and are generally conducted on a monthly basis.
System requirements
  • An Internet connection
  • Installation of a Citrix Receiver, or use of HTML5 browsers
  • A manufacturer-supported Operating System

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support hours are extremely comprehensive and are from 8am to 8pm Mondays to Fridays and 9am to 5pm Saturdays, Sundays and Public Holidays. Support can be accessed via telephone, email or online Customer Portal. Outside of the listed hours, queries are logged by an out-of-office receptionist and responded to within office hours. We also endeavour to ensure all of our support queries are acknowledged within one working day. Our comprehensive Service Level Agreement can also be provided on request.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Our online customer portal supports many of the features described on the VPAT, or supports these features with some exceptions. For example, Service Desk functions are generally executable from a keyboard, although a small portion of Service Desk functionality must be controlled from a pop-up window, rather than the main Service Desk user interface. Functionalities controlled through a pop-up window are not executable from a keyboard. Moreover, the Service Desk does not disable screen reader Assistive Technology, screen magnification, high-contrast themes, voice-to-text Assistive Technology, voice navigation, or alternative input Assistive Technology. Non-textual user interface elements and non-decorative images that convey information are accompanied by on-screen textual descriptions or hidden descriptions that are accessible by screen reader Assistive Technology. The vast majority of on-screen descriptions can also be accessed by screen reader Assistive Technology, while a few textual descriptions of user interface elements, including icons included in the corporate offering chat window, cannot be accessed by screen reader Assistive Technology. More information on this can also be provided on request.
Web chat accessibility testing
N/A - Our online Service Desk is a third-party product used for providing web support, and as such, we have not done any testing with assistive technology users. The information regarding the Service Desk's compatibility with Assistive Technology has been provided by the supplier of this product, who we believe has conducted extensive testing with assistive technology users.
Onsite support
Yes, at extra cost
Support levels
We provide product support via email, telephone and online customer portal from 8am to 8pm Monday to Friday, and 9am to 5pm Saturdays, Sundays and Public Holidays. Outside of these hours, queries are recorded by an out-of-office receptionist and responded to within office hours. We also employ a dedicated Technical Team who are on-call 24/7/365 to fix any technical problems with the solution without delay. This support is included within CallConfirmLive!'s maintenance fees, and is the universal support offering for our customers (though we might be able to offer a bespoke Service Level Agreement upon request).
Support available to third parties

Onboarding and offboarding

Getting started
We provide a full range of training courses, course notes and product documentation, covering all aspects of administration and user modules. All of our training courses are also complemented by comprehensive written course material. Training is delivered by our highly qualified and highly experienced Trainers.
Service documentation
Documentation formats
End-of-contract data extraction
We will provide all of the customer's data, including derived data items held within the system, in a flat file format (such as CSV) to enable the customer’s data to be stored or archived. If the customer requires any additional support and input from the our staff as part of the contract termination, then we are happy to provide additional support / consultancy, though please note that if this is out of scope of our standard contract termination services, this may be deemed chargeable.
End-of-contract process
At the end of the contract period, we will create for the customer a bespoke Transfer and Exit Strategy, which will state the data that needs to be returned, the format it is required in, the destruction of any data, and what should happen to any back-up copies of that data. This will also specify how we will co-operate with any replacement supplier to ensure a seamless migration of systems, should this be needed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Care Workers can utilise our mobile monitoring app to log in and out of visits, and to check on any updates to their schedule in real-time. Our mobile monitoring app provides Care Workers with all the information they need to carry out their visits - and is fully integrated with CallConfirmLive! - the core system used by office staff to monitor and schedule visits. Please note that these are different applications, however, and our mobile application is designed for Care Worker use - not office staff.
Service interface
Description of service interface
All of our web and mobile applications can be administered by customer super users through the user interface. CallConfirmLive! has built-in controls that allows customers' super users to conduct admin and user management.
Accessibility standards
None or don’t know
Description of accessibility
While we don't formally meet the WCAG standards, we follow a principal of inclusive design, in which we design our products for everyone. This means that our products have been designed for forgotten accessibility struggles, such as mental illness, working in bright environments, to the more well-known visual issues. As such, we put as much effort into making sure our products can be used with one hand and won’t cause anyone anxiety, as making sure that they be navigated with a screen reader. Our work in this area is in line with the recommendations of Home Office Digital.
Accessibility testing
All of our products undergo extensive product testing, including testing by ourselves and beta testing with our customers, to ensure that our solutions are fit for purpose. This includes ensuring compatibility with Assistive Technology for users of this technology.
What users can and can't do using the API
As the market-leading ECM and scheduling supplier for this market, we have numerous APIs in place with other leading systems in the health and social care sectors, including Client Index Systems, other scheduling and monitoring systems, payroll systems and more. As such, we have created standard interfaces to all of these systems, which we would be more than happy to provide to our customers. Where our standard interface does not include data that a customer wishes to transfer, we are also happy to undertake bespoke development work, though please note that this may be deemed chargeable. As we provide a fully hosted and managed solution, we would set up the API on the customer's behalf, and make changes on the customer's behalf accordingly.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
CallConfirmLive! and its additional modules can be customised in various ways. CallConfirmLive! has a number of 'themes' that can be selected by users depending on their individual preferences. Columns within the system can also be rearranged as per the user's requirements and colour-coding used throughout the system can be customised also. Using our market-leading business intelligence tool, office staff will also be able to create completely custom reports and convert these into stunningly dynamic data visualisations (including infographics, heat maps, bar and line charts, and more). More information on our tools' extensive customisation options can be provided on request.


Independence of resources
To ensure there is no degradation in performance from other users, we deploy industry-standard monitoring tools (PRTG) to understand where capacity needs to be added to the system, operate CMBI at 50% under-capacity, support in excess of the anticipated volumes, undertake load testing to ensure capacity, procure additional hardware where required, and ensure our dedicated Technical Team receive system alerts on performance spikes and are on-call 24/7, to fix any technical issues without delay.


Service usage metrics
Metrics types
Through our online customer portal, the customer will have access to various service metrics, including their number of support tickets, information on our SLA adherence and more. We are also able to provide reports on additional service metrics upon request. The customer will be able to check the status of our products at any time using our product's Service Status Page.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported from the system in a number of ways: either as a standard export from CallConfirmLive!, as a data export from our extremely powerful business intelligence tool, or we can happily provide a 'data dump' to the customer at any time upon request to our Support Team.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
  • Text file
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our dedicated Infrastructure Team monitor the operation of the service around the clock, with a 24/7 network availability of 99.9% 24/7/365. All equipment is monitored by a network management system (NMS). The NMS monitors the server hardware, and notifies the relevant user / department of any failure, or expected failure. It also monitors the software of each server, including server health, availability, and other custom processes. In addition, a visual health check of all systems is displayed within our offices. An on-call team is responsible for the NMS and receives all alerts or notifications 24 / 7 / 365. If there is a technical problem with the service / system fault, a member of the Infrastructure Team will fix the problem without delay or charge. Ability to recover from outages is as per our Service Level Agreement - which can be provided on request.
Approach to resilience
This information is available on request.
Outage reporting
We have an online Status Page that our customers can access, which provides them with full information on the availability of our systems, and any outages.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
To ensure only the customer's authorised individuals are able to access the management interface, we would look to authenticate the individual’s email domain, before providing product support services. We would also have the telephone number of the customer saved, but only Support and Training queries can be handled via telephone. Any data changes, or changes that would affect the customer's database, would need to come via email or our online customer portal. With regard to our online customer portal, valid login credentials are required to access this service.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Standards Institution
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
N/A. Our entire organisation, our processes and practices are governed by our ISO27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We take a secure approach to managing our Cloud service, as per our ISO27001:2013 accreditation in Information Security. As per this accreditation, we deploy an ISO27001-accredited Information Security Management System, which is comprised of multiple policies that are designed to ensure the security of every aspect of the system. Policies included within our ISMS include: information security as a whole, access control, secure development, patch management, incident management, change management, information security training, removable media, data protection, equipment disposal, information classification, use of cryptographic controls, passwords and the use of mobile devices and teleworking. Some of our policies are available on request. We employ a Group Compliance Officer, who is responsible for the re-auditing of our ISO27001 accreditation, and whom has been embedding improved policies and procedures throughout the business, so that information security is maintained as per the high standards of our customers.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
As part of our Change Management Policy, we have a comprehensive Risk Assessment and Change Advisory Processes in place. For example, we have a Change Advisory Board for all releases, and an Emergency Change Advisory Board for any patches required, based on the severity and the urgency of the patch we are rolling out to our solutions. The ECAB is also chaired by the organisation’s Group Technical Officer, who is imperative and instrumental to any changes that are made to our products / services, as well as any potential security impact these might have on our services.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As a minimum, we undertake annual external penetration tests of our systems by an independent, CREST accredited third party. Vulnerability scans and penetration tests are carried out against our entire external infrastructure. This is done using a grey box testing methodology, which consists of probing and enumerating the environment as if there were a malicious attacker, without any privileged information about the application or services provided. If and where any major vulnerability is exposed through penetration testing, we implement the recommended actions to improve system security.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have Intrusion Detection Systems to continually monitor traffic and raise alerts if required. We have also implemented SNORT and Antivirus within our DMZ to capture any suspicious traffic; in addition to this we are exploring integrating this with our Kemp Balancers to further capture malformed packets and suspicious activities. Thirdly, we have introduced a network monitoring system, which looks for ARP poisoning and worm activity between our VLANs, as well as records the traffic going across the network. Finally, we have also introduced a log capturing facility, which analyses logs against a test board list for unusual activity.
Incident management type
Supplier-defined controls
Incident management approach
With regard to security incidents, we operate a comprehensive Incident Management Policy. As per this policy, when an event (potential incident) is identified, our Incident Management Team must be notified immediately by our employees. Please note our customers can raise potential incidents to our Incident Management Team via a dedicated email address. The Incident Management Team will be responsible for identifying as to whether the security incident is ‘major’ or ‘minor’. Please note that, where possible, our Incident Management Team will take immediate action to secure and contain the incident and reduce the risk of further breach or incident impact.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£45 per licence per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑