Glow New Media Ltd

SafeTeam Guardian - lone worker safety system

SafeTeam Guardian is an NHS specific, lone worker solution offering world first operational improvement benefits. The solution deploys en masse, over the air to existing NHS smartphones, rapidly improving lone worker safety and compliance.

Features

  • NHS specific, designed with and for mobile healthcare practitioners
  • Real time location of smartphone
  • Alert direct delivery - no external Alarm Receiving Centre
  • Custom Standard Operation Procedure (SOP) delivery with alert
  • No additional hardware required - works with existing NHS smartphone
  • En masse deployment over the air, easy user management
  • Innovative reporting - patient contact duration, frequency, integration
  • Releases capacity - milage claim automation

Benefits

  • Proven in NHS, suited to NHS environment
  • Real time situational awareness, better decisions, better operations
  • Brings alarm handling in-house, no false alarm charges
  • Improves compliance with your Standard Operating Procedure
  • Low deploy/maintain cost, High adoption, easy to manage
  • Ensures effective uptake and use
  • Evidencing activity and patient contact made easier
  • Allows better use of limited resources

Pricing

£10 per user per month

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 1 6 6 7 9 4 7 3 6 8 7 3 1 7

Contact

Glow New Media Ltd

Philip Blything

+441517079770

phil@glow-internet.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints 99.5% Uptime
Scheduled Maintenance as documented
System requirements
  • Minimum hardware specification as documented
  • Minimum software specification as documented

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide helpdesk support during office hours 09:30 - 17:30, Monday to Friday under our basic service.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support: We provide helpdesk support during office hours 09:30 - 17:30, Monday to Friday under our basic service. This is second line support, with most issues able to be handled by customer trained admin who will provide first line.

We do provide technical account management for named contacts.

Onboarding / Config.
We offer free of charge onboarding, up to 30 calendar days resourcing (excluding custom development). Additional resource is available at standard day rate - £750 ex VAT.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding is simple and Free Of Charge (up to 30 calendar days), with a dedicated account manager to support you. We’ll train your trainers and help you get set up and configured so that the service runs smoothly from day one. Documentation and help is built into the product.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Should users request data export, we will provide managed data export serviced at published rates.
End-of-contract process SafeTeam Guardian is provided as Software as a Service.
Charges are based on number of users and should a customer wish to end contract, it's easy for them to remove the app software from phones, centrally using their MDM. Alternatively, they can remove user accounts from the web control system or ask us to do that.
If required, we can provide customer data and destroy data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Mobile APP has a fundamentally different purpose and use case to the browser management interface. This is intentional.
Service interface Yes
Description of service interface Service is provided through the web management system. This is browser based, easy to use and has inbuilt help.
Accessibility standards WCAG 2.1 A
Accessibility testing Informal accessibility testing. Limited core functions are available.
API No
Customisation available Yes
Description of customisation No customisation is required or provided for standard mobile app user.

For managers only:
Customisation of Standard Operating Procedure is available during on-boarding. Custom setup of locations, radius and preference are available and supported.

Scaling

Scaling
Independence of resources Most users use an installed Mobile App. This is specifically designed to use local resources, distributing computational load.

Where information is transmitted to the server layer, bandwidth requirements are low.

The system is isolated so resources are not shared.
The hosting environment is scalable and currently provided by healthcare trusted hosting environment specialists AIMES.

Analytics

Analytics
Service usage metrics Yes
Metrics types Extensive reports are available to management users including but not limited to:
Users Active last 2 hours
Users Active Last 30 Days
Last seen Date / Time
Miles travelled
Onduty times, durations
Where time is spent
Patient visits
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Our current cloud partner, AIMES meet the NHS criteria for information security and governance. AIMES (Organisation Code 8J121) complete the Department of Health’s Information Governance Toolkit on an annual basis and our version 14 .1 submission for 2017/2018 has been reviewed and classed as meeting the NHS criteria for information security and governance (Level 3).
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Your data is yours. We will return your data to you and delete it, should you require, within 30 days of your request. We reserve the right to charge for our time in servicing such a request, at published rates and may exclude our proprietary or derived data. We reserve the right to delete your data after 30 days of cancellation.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Uptime Target: We will provide 99.5% uptime for the service, excluding any planned maintenance.
Refunds: If we fail to meet the uptime target, we may provide a refund, on a pro rata basis, should you request.
Approach to resilience This information is available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We use role based authentication, restricting higher level features and controls to a limited number of senior users.

We require strong passwords:
RequiredLength = 8,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Our security policy covers various aspects including

- Joiners, leavers process
- Asset management
- Access Control
- Data processing
- Data storage
- Network security
- Communication Security
- Risk log
- Escalation
- Compliance
- Review

Our staff report directly to our directors.

We periodically audit our compliance with these policies annually. Where possible we supplement our audits with automated software.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to software are tracked in our version control system, Microsoft Azure Devops.

All tickets are logged and tracked within our digital systems.

Project management and task lists are recorded in the project tracking software (currently Jira from Atlassian).

The security impact of changes is discussed at design, development and deployment stages. If appropriate security impact is discussed at board level
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have an in house software development team. Security patches to software can be deployed rapidly as we use continuous integration and one click deployment through Microsoft Azure Dev Opps.

Our server infrastructure runs operating systems supported by Microsoft and is regularly patched.

We use software to assess threats to our infrastructure (currently Nexpose Community Edition). We also audit compliance to our security policy.

Potential threats are either resolved immediately or logged and prioritized in our risk log.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Only staff that require access to sensitive data are provided with access.

We routinely carry out security awareness sessions with all our staff.

Security breaches (or near misses) are logged in our incident log. They are escalated to director level or to the ICO if required.
Incident management type Supplier-defined controls
Incident management approach Incidents are recorded in our incident log.

Incidents are reviewed periodically (or more quickly if escalated) and then assessed by our team. Learning points are recorded and decimated.

Our incident log is available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a limited, 30 day evaluation without charge.

Service documents

Return to top ↑