MyTAG Ltd

MyTAG Secure iD

Secure-iD removes identity card fraud and can immediately identify counterfeited cards. Cardholder information can be amended, renewed, revoked, in realtime. Cardholder data can be audited anywhere, anytime, at any location with any mobile-device to authenticate cardholder data, identify identity fraud and allow cardholders to self-certify Covid-19 status' with realtime escalation.

Features

  • Immediate identification of ID counterfeiting
  • Realtime iD card updates - amend, renew, revoke
  • Authentication using any mobile device/pc/laptop
  • Flexible Cloud hosting options - AWS or on-premise
  • No need to renew cards in circulation
  • Add/remove secure documents
  • All authentication features accessible in realtime
  • Records GPS of audit location, time and date stamp
  • Proprietary Card management system available if required
  • Can integrate into Client card management system if required

Benefits

  • Completely removes the ID counterfeiting risk
  • Removes the need to renew cards
  • Save costs of card reissue due to renewal, amendment
  • Real-time sync of Cardholder and Card Management system data
  • Sustainability. No need to reissue after amendment/renewal. Less plastic
  • On-site/field auditors can perform 100% effective ID checks in seconds.
  • Low-cost hardware solution as delivered through any MyTAG enabled smartphone
  • Cardholder documents can be added, amended in realtime
  • Documents can be password or PIN protected

Pricing

£0.75 to £1.00 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike@mytag.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 5 6 6 2 9 0 4 3 7 1 5 5 4 8

Contact

MyTAG Ltd Mike George
Telephone: 01752657077
Email: mike@mytag.io

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The MyTAG platform can be set-up as modular or as a series of integrated solutions chosen by the client. Solutions include asset management and compliance, proof of presence, health and safety compliance, lone worker safety, incident management/digital daily occurrence book, task management, key issuance/on-going audit, mass-communication, visitor management, mail-room.
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
NFC enabled Android/IOS Smartphone/Tablet

User support

Email or online ticketing support
Email or online ticketing
Support response times
2hrs Working hours 24 hours - out of standard working hours
User can manage status and priority of support tickets
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
No Cost Remote Tech Support - No Cost Field Tech Support, Field Training, Field Installation - £500 p/person p/day Distance-based Learning - System Training - £2000 p/mth Unlimited Users Technical Account Manager - No Cost Cloud Support Engineer available on request - No Cost
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training, online training, and user documentation (SOP's). MyTAG Academy (on-line training resource) is also available 24/7/365.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Either via CSV download or via API download
End-of-contract process
All end of contract data transfers are included in the system licence fee charges.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
NFC enabled mobile devices can read ID cards and associated tags - all other features are the same across mobile and desktop services
Service interface
Yes
Description of service interface
Web browser or API interfaces are available
Accessibility standards
None or don’t know
Description of accessibility
Administrators have full read/write access to fully set-up the service. Users have read-only access. Multiple access options via hierarchy. All access rights are customisable by hierarchies. API's can be set up to draw information from the MyTAG system or submit information to it. Either way, the end-users can have full access to make changes or it can be limited or restricted depending on the client's requirements. See below - Standard automation tools can be built to the client's specification
Accessibility testing
None
API
Yes
What users can and can't do using the API
API's can be set up to draw information from the MyTAG system or submit information to it. Either way, the end-users can have full access to make changes or it can be limited or restricted depending on the client's requirements. See below - Standard automation tools can be built to the client's specification
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All system modules can be amended to meet user needs and interfaces can be configured to meet user requirements. Users (as administrators) can configure our system modules to meet local requirements. Reporting modules allow for multiple levels of management oversight

Scaling

Independence of resources
We host and support API service delivery. Scheduled monitoring of service load oversight.

Analytics

Service usage metrics
Yes
Metrics types
Scheduled reporting of system usage, time/date/asset and user where applicable, exception reporting suite for all service non-conformances in real-time, end of day/weekly/monthly summaries
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via CSV files or API
Data export formats
  • CSV
  • Other
Other data export formats
API
Data import formats
  • CSV
  • Other
Other data import formats
API

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 99.99% uptime and refunds are contracted in on a client by client basis
Approach to resilience
Our LIVE database has a "point-in-time" recovery up 5 minutes ago, going back for 8 days. We also capture daily snapshots going back 30 days. Our datacentre resiliency relies on AWS's perimeter, infrastructure, data and environmental layers
Outage reporting
We report outages to internal/external users via email

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Support channels are administered through telephone, email and/or MyTAG management team.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
15/03/2019 - Expires 14/03/2023
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information security is within the purview of the Managing Director who is supported by the Company Secretary, Chief Technology Officer and Operations Director who together form the ISO 27001 management committee. The ISO 27001 information security framework is reviewed quarterly by the committee with annual internal audits of information security policies and associated statements of applicability. MyTAG's ISO 27001 accreditation is also externally audited annually.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes, features, or issues, are documented and tracked and resolved via our ticketing system, JIRA.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We run a threat detection service that continuously monitors for malicious activity and unauthorised behaviour to protect your our infrastructure and associated accounts
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We deploy AWS's Guard Duty service to monitor and alert us on potential issues and threats which we respond to immediately
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our Incident Management processes are defined in our Information Security Management System. Escalation procedures are audited annually and event reporting is escalated to the ISO 27001 committee for review at the quarterly ISMS meeting.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.75 to £1.00 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Access to all system functionality for a maximum period of 90 days

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mike@mytag.io. Tell them what format you need. It will help if you say what assistive technology you use.