SafeTeam Guardian - lone worker safety system
SafeTeam Guardian is an NHS specific, lone worker solution offering world first operational improvement benefits. The solution deploys en masse, over the air to existing NHS smartphones, rapidly improving lone worker safety and compliance.
- NHS specific, designed with and for mobile healthcare practitioners
- Real time location of smartphone
- Alert direct delivery - no external Alarm Receiving Centre
- Custom Standard Operation Procedure (SOP) delivery with alert
- No additional hardware required - works with existing NHS smartphone
- En masse deployment over the air, easy user management
- Innovative reporting - patient contact duration, frequency, integration
- Releases capacity - milage claim automation
- Proven in NHS, suited to NHS environment
- Real time situational awareness, better decisions, better operations
- Brings alarm handling in-house, no false alarm charges
- Improves compliance with your Standard Operating Procedure
- Low deploy/maintain cost, High adoption, easy to manage
- Ensures effective uptake and use
- Evidencing activity and patient contact made easier
- Allows better use of limited resources
£10 per user per month
- Free trial available
5 1 6 6 7 9 4 7 3 6 8 7 3 1 7
Glow New Media Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
Scheduled Maintenance as documented
|Email or online ticketing support||Email or online ticketing|
|Support response times||We provide helpdesk support during office hours 09:30 - 17:30, Monday to Friday under our basic service.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support: We provide helpdesk support during office hours 09:30 - 17:30, Monday to Friday under our basic service. This is second line support, with most issues able to be handled by customer trained admin who will provide first line.
We do provide technical account management for named contacts.
Onboarding / Config.
We offer free of charge onboarding, up to 30 calendar days resourcing (excluding custom development). Additional resource is available at standard day rate - £750 ex VAT.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Onboarding is simple and Free Of Charge (up to 30 calendar days), with a dedicated account manager to support you. We’ll train your trainers and help you get set up and configured so that the service runs smoothly from day one. Documentation and help is built into the product.|
|End-of-contract data extraction||Should users request data export, we will provide managed data export serviced at published rates.|
SafeTeam Guardian is provided as Software as a Service.
Charges are based on number of users and should a customer wish to end contract, it's easy for them to remove the app software from phones, centrally using their MDM. Alternatively, they can remove user accounts from the web control system or ask us to do that.
If required, we can provide customer data and destroy data.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The Mobile APP has a fundamentally different purpose and use case to the browser management interface. This is intentional.|
|Description of service interface||Service is provided through the web management system. This is browser based, easy to use and has inbuilt help.|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||Informal accessibility testing. Limited core functions are available.|
|Description of customisation||
No customisation is required or provided for standard mobile app user.
For managers only:
Customisation of Standard Operating Procedure is available during on-boarding. Custom setup of locations, radius and preference are available and supported.
|Independence of resources||
Most users use an installed Mobile App. This is specifically designed to use local resources, distributing computational load.
Where information is transmitted to the server layer, bandwidth requirements are low.
The system is isolated so resources are not shared.
The hosting environment is scalable and currently provided by healthcare trusted hosting environment specialists AIMES.
|Service usage metrics||Yes|
Extensive reports are available to management users including but not limited to:
Users Active last 2 hours
Users Active Last 30 Days
Last seen Date / Time
Onduty times, durations
Where time is spent
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Our current cloud partner, AIMES meet the NHS criteria for information security and governance. AIMES (Organisation Code 8J121) complete the Department of Health’s Information Governance Toolkit on an annual basis and our version 14 .1 submission for 2017/2018 has been reviewed and classed as meeting the NHS criteria for information security and governance (Level 3).|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Your data is yours. We will return your data to you and delete it, should you require, within 30 days of your request. We reserve the right to charge for our time in servicing such a request, at published rates and may exclude our proprietary or derived data. We reserve the right to delete your data after 30 days of cancellation.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Uptime Target: We will provide 99.5% uptime for the service, excluding any planned maintenance.
Refunds: If we fail to meet the uptime target, we may provide a refund, on a pro rata basis, should you request.
|Approach to resilience||This information is available on request.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
We use role based authentication, restricting higher level features and controls to a limited number of senior users.
We require strong passwords:
RequiredLength = 8,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials|
|Information security policies and processes||
Our security policy covers various aspects including
- Joiners, leavers process
- Asset management
- Access Control
- Data processing
- Data storage
- Network security
- Communication Security
- Risk log
Our staff report directly to our directors.
We periodically audit our compliance with these policies annually. Where possible we supplement our audits with automated software.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Changes to software are tracked in our version control system, Microsoft Azure Devops.
All tickets are logged and tracked within our digital systems.
Project management and task lists are recorded in the project tracking software (currently Jira from Atlassian).
The security impact of changes is discussed at design, development and deployment stages. If appropriate security impact is discussed at board level
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We have an in house software development team. Security patches to software can be deployed rapidly as we use continuous integration and one click deployment through Microsoft Azure Dev Opps.
Our server infrastructure runs operating systems supported by Microsoft and is regularly patched.
We use software to assess threats to our infrastructure (currently Nexpose Community Edition). We also audit compliance to our security policy.
Potential threats are either resolved immediately or logged and prioritized in our risk log.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Only staff that require access to sensitive data are provided with access.
We routinely carry out security awareness sessions with all our staff.
Security breaches (or near misses) are logged in our incident log. They are escalated to director level or to the ICO if required.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents are recorded in our incident log.
Incidents are reviewed periodically (or more quickly if escalated) and then assessed by our team. Learning points are recorded and decimated.
Our incident log is available on request.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£10 per user per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||We offer a limited, 30 day evaluation without charge.|