Meta Cannect

First Response - Community Paramedic

Designed for Community Paramedics and Emergency Operations Centres, working with G.P.s to enable more effective communication and consultation, providing supplemental information using a smartphone (in addition to a phone conversation). Low data live video streaming and auto-translate messaging, allow collaborative working between healthcare professionals.


  • Hosted in the Cloud with storage options.
  • Provides; location, live video streaming & messaging with automic translation.
  • Uses common features of a smartphone, GPS, camera and messaging.
  • Data usage scales against signal availability (GPRS, 3G,4G).
  • Secure and encrypted connection.
  • Easy to use interface for caller and operator.
  • Can translate up to 50 languages in chat.
  • Web based delivery - no downloads.
  • Customisable reporting and playback for training.
  • Can be integrated into the customer's CAD system.


  • Secure, reliable and scalable solution.
  • Information to improve triage, resource allocation and ultimately patient outcomes.
  • Simple ubiquitous technology maximises the number of users.
  • Operates even in poor data coverage areas through scaling.
  • Data security and confidentiality to meet strict protocols.
  • Simple interface for use in stressful situations.
  • Autotranslation for clear communication with non English speaking callers.
  • Time saving and reliable, with maximum compatiability between devices.
  • Interface flexibility for call centre look and feel.
  • Use in a browser or integrate into Computer Aided Dispatch.


£420 to £920 per virtual machine per month

Service documents

G-Cloud 10


Meta Cannect

James Candy


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Existing Computer Aided Dispatch systems can locate a caller through a database of telephone numbers for fixed lines, but are unable to take advantage of the GPS in a caller's smartphone. Additionally services for language translation, text messaging emergencies for the deaf can be supplemented through First Response.
Cloud deployment model Public cloud
Service constraints Live video streaming currently not supported in IOS browser.
System requirements
  • Data and GPS enabled smartphone.
  • Internet access / connection.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We operate a priority based approach based on the customer's requirements.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Whilst we provide on site support we would see this an exceptional circumstance with access to our cloud software available remotely from the customer site using a support engineer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Initial workshops help to design the software to be compatiable with the existing workflow, training days are followed with floor walking and online videos in line with the customer's requirements.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction Data can either be stored in the cloud or regularly transferred to a customer on site facility. The customer's data is only temporarily hosted by us, as part of the business as usual process the data will be transferred to the customer's systems, so at the end of the contract no customer data will be stored by us.
End-of-contract process The end of the contract will have been either scheduled (with a cross over of services between the old and the new providers) or unscheduled due to a termination of the contract, which is provided for within the contract. Data belonging to the customer will be transferred as above within a maximum of 30 days after the end date of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile user interface has been optomised for the mobile experience, keeping a simple large interface, minimising the number of buttons and choices for the mobile user.
Accessibility standards None or don’t know
Description of accessibility The static elements of our user interface have been designed to be bold and are all provided with text labels such that colour is not the only method of communication.
Accessibility testing We have not yet had the opportunity to test our service with users of assistive technology. Where one of our customers has a user that requires assistive technology, we will work with them to understand what barriers if any are present in our service.
What users can and can't do using the API Our API can be used to integrate our service into the buyers existing applications / systems.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The interface is customisable, using windows that can be moved, resized or minimised. The look and feel can also be modified to meet the customer's workflow and user experience requirements including co-branding.


Independence of resources First Response uses Microsoft's Azure Cloud which provides automatic scaling.


Service usage metrics Yes
Metrics types Usage, reliability and uptime.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We provide a reporting interface to allows users to export their data, the data will be exported into PDF and where video data is provided into an MP4 file.
Data export formats Other
Other data export formats
  • PDF
  • MP4 for video
Data import formats Other
Other data import formats There's no intention to upload data, other than through usage.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We offer a guarantee of 99% reliability, taking into account scheduled downtime for system updates and other essential maintenance agreed in advance.
Downtime is defined as when the user can't access our service and is measured in minutes. Downtime does not include the failure of the customer's ICT infrastructure or failure of 3rd party software, hardware or services not under Meta Cannect's control.
Our monthly uptime percentage can be calculated using the following formula:
(User minutes - Downtime) / User minutes x 100.
If the uptime of the service falls below 99% in a month the following service credits will apply:
<99% 10% service credit
<95% 25% service credit
<90% 50% service credit
Service credit is defined as a discount on the next months cost of the First Response service.
Approach to resilience Our service is hosted within Microsoft Azure data centres, this provides our core environment with a guaranteed availability of 99.5%. We actively monitor the availability of the service and can respond to service disruption 24x7. We are able to tailor the resilience architecture to match the requirements or our customers.
Outage reporting In the event of a service outage, we will notify the customer via an email to a nominated address. Should a client require a different notification mechanism, we will work with them to find an appropriate solution.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Management interfaces are restricted to management user credentials.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are working to establish governance processes and policies in line with the CSA CSM 3.0.1 cloud controls matrix. Our goal is the reach CSA STAR level 1 within the next 12 months.
Information security policies and processes We are working to establish governance processes and policies in line with the CSA CSM 3.0.1 cloud controls matrix. Our goal is the reach CSA STAR level 1 within the next 12 months. All staff with access to customer data are security cleared to at least NPPV Level 2, and have information security clauses in their employment contract. As a small organisation all staff are accountable directly to the Managing Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We maintain a register of service components, software libraries and APIs. This register is used in conjunction with our system architecture documentation to understand the security impact of each component. Where the suppliers of these services issue updates, we review the release notes to understand the security implications of the changes. Following any changes or updates the system will be subject to our test process in a non-live environment prior to the live environment being updated.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We run a monthly vulnerability scan against our service, using an automatic vulnerability scanner. This scanner assesses and categorises the potential vulnerabilities. We prioritise the vulnerabilities in line with the guidelines published on the NCSC website. Depending on the severity of the vulnerability we will aim to provide a patch as soon as a fix is available, and has been tested against our test process. This is integrated with our change control policy. Our VAS scanner is regularly updated with the latest vulnerabilities. We also monitor technical news for information.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We maintain an audit log of all connections to our service. This log is regularly analysed to identify suspicious activity. The frequency of the analysis will be agreed with the client, along with criteria to asses suspicious activity. Once an incident has been identified, we will identify the severity and impact. This will then be managed via our incident management processes.
Incident management type Supplier-defined controls
Incident management approach We are in the process of developing our incident management processes to conform to the requirements in the CSA CCM 3.0.1. Users can report incidents by email to our support team. Where an incident has been reported, we will retrieve the relevant logs including from the service and OS to assist with the investigation. We provide incident reports via email, including the outcome of our investigation and supporting evidence such as logs.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £420 to £920 per virtual machine per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑