StaySafe (Safe Apps) Ltd

StaySafe Lone Worker

StaySafe is an app and cloud-based monitoring solution which provides personal protection for lone workers.
Our easy to use App enables employees to check-in safely and request immediate assistance in an emergency, while the monitoring Hub allows for full location visibility and alert response management.

Features

  • Simplest to use lone worker smartphone app solution
  • Low signal mode - 16% more coverage than other solutions
  • Easy onboarding including unique 'in-app' training
  • Monitoring in-house or through an external service
  • User controls protect personal privacy
  • BS8484 compliant & Cyber Essentials+ certified
  • Timed sessions/checkins plus panic/duress/discreet alarms
  • Real-time location monitoring with configurable map overlays
  • Simple organisational structure and Health & Safety process configuration
  • Full reporting - onboarding/usage statistics and incident audit trails

Benefits

  • Enables you to meet your legal duty of care
  • Supports your employees working isolated from colleagues or supervisors
  • You provide effective response or assistance when and where needed
  • Smartphone based, familiar to your workers and easy to use
  • Extremely configurable, match your organisation structure and H&S processes
  • Protects your employees privacy
  • Simple roll-out, up and running in 24 hours
  • Understand your user engagement and address issues with it
  • Simple, powerful, administration
  • Audit trail provides you with post incident report and learning

Pricing

£3.50 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.coulter@staysafeapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 3 5 0 3 4 2 7 1 6 5 1 6 7 1

Contact

StaySafe (Safe Apps) Ltd Alan Coulter
Telephone: +447869056981
Email: alan.coulter@staysafeapp.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
StaySafe guarantees 99% uptime of its platform. This level of uptime as been exceeded in every year of operation.
System requirements
  • Administrators/Responders need a web browser
  • Users need an iOS or Android device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 30 minutes, during working hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
The supplier of our web chat (Intercom) has completed the necessary testing to ensure that our chat is accessible through screen readers and can be accessed without the need for a keyboard or trackpad. Finally, the contrast and colours make sure the dialogue is easily viewable by any visually impaired users
Onsite support
Yes, at extra cost
Support levels
Each customer has access to an Account Director (commercial) and a Technical Account Manager (customer success) to provide advice and guidance on setting up the StaySafe system and its maintenance into the future. Regular contact and reviews take place to ensure smooth running of the system and the latest functionality is being taken advantage of.
Each user of the system has direct access to their Customer Success rep or can reach out through one of our support channels.
Users can access a wealth of hosted training, support and video materials through our online help centre.
We provide online training sessions and lightly customised training and communication materials for users as standard and can provide more detailed training materials (POA) or on-site training for an additional fee.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
StaySafe has developed an entirely automated on-boarding process that users can follow, with each user's progress tracked and made available.
Users are invited to the system via email with instructions on how to access the system, once they have selected their password they are required to complete our in-App training program where users are educated on the fundamentals of the App through an interactive process. Only once this training has been completed can a user begin to use the App.
Once on-boarded we will provide the user with user guides and videos with more detailed information on how the system works, this is then followed with a series of emails with further information such as FAQ, common problems with their solutions and how to work with the limitations of the system.
In addition, we provide online training sessions as standard along with onsite training and refresher training when appropriate.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
Users can extract their data upon request at the end of the contract, if not, data will be permanently removed.
End-of-contract process
At the end of a contract users will no longer have access to the App or Hub. A Representative may reach out to understand the reasons for the contract lapsing to help improve our service and practices into the future.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Lone Worker users engage with the service through mobile devices and administrators/responders use web browser on mobile or desktop devices
Service interface
Yes
Description of service interface
The cloud-based StaySafe Hub service provides the web interface for administrators to configure and manage the system and for alert responders to monitor and respond to lone workers.
Accessibility standards
None or don’t know
Description of accessibility
The modern interface components used are designed to work for touch, mouse and keyboard users, provide keyboard interactions for all mouse-based actions and utilise HTML5 semantic elements where applicable.

Through the use of relevant WAI-ARIA roles and attributes, these components should also be understandable and operable using assistive technologies (such as screen readers).
Accessibility testing
Interface testing is conducted by our own UAT team and feedback on this particular issue is sought from our clients.
API
No
Customisation available
Yes
Description of customisation
Organisational Administrators can control all levels of customisation available in the system. They have control of team structures, user management, along with customising the features required on an organisational level or a team level. A team administrator has access to the features & users of their team.
Features that can be customised are; check-in duration, session notes, audible alerts, low signal mode, map layers, response procedures & alert escalation policies.
Lone workers have access to customise settings in their app for their personal requirements. Customisations include audible alert settings, non-movement detection, discreet panic & location update frequency.

Scaling

Independence of resources
Our services use AWS as the platform for delivery. We have used AWS best practice in terms of scalability and throughput. Extra resources are therefore dynamically made available in response to any increases in demand. Each of our users are therefore not affected by demands put on the service by others.

Analytics

Service usage metrics
Yes
Metrics types
StaySafe provide reports based on a whole organisation, teams and an individual basis.

The reports are available in CSV format and easily digestable charts.
These reports detail a number of things:

Onboarding - detailing stage of lone worker (Invited/activated/logged in/trained/run session)
Usage - active vs inactive (both in number and percentage)
Number of session run over the last 30 days.
Duration of sessions.
Number of alerts raised.
Total number of sessions by individual.
Alert count by user.

All of these metrics provide our clients with information to manage usage and provide support to their employees.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
Customer data is stored in AWS RDS encrypted database instances which use the industry standard AES-256 encryption algorithm to encrypt data. This means data stored at rest in the underlying storage is encrypted, as are the automated backups, logs, snapshots, and replicas. Data that is in transit between the source and read replicas is also encrypted.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The rights of Users to receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. The Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Services & Service Levels

Hub App - 24 hrs per day / 365 days per year - 99% of time within each calendar month.

Customer support.

All support enquiries are picked up within 24 hours.
Approach to resilience
Data Centre Controls:

The data centres are secure by design and the controls make that possible.

Before they are built, we consider potential threats and designing, implementing, and testing controls to ensure the systems, technology, and people we deploy counteract risk. To help fulfil our own audit and regulatory requirements, we are providing you with insight into some of our physical and environmental controls below.

Secure Design:
- Site selection
- Redundancy
- Availability
- Capacity planning

Business Continuity & Disaster Recovery:
- Business continuity plan
- Pandemic response

Physical Access:
- Employee data centre access
- Third- party data centre access

Monitoring & Logging:
- Access review
- Access logs
- Access monitoring

Surveillance & Detection:
- CCTV
- Entry points
- Intrusion detection

Device Management:
- Assest management
- Medis destruction

Operational Support Systems:
- Power
- Climate and temperature
- Fire detection and suppression
- Leakage detection

Infrastructure Maintenance:
- Equipment maintenance
- Environment management

Governance & Risk:
- Ongoing data centre risk management
- Third-party security attestation

Further details available on request.
Outage reporting
Any outages are reported through email communications to nominated customer contacts. Regular email updates will be made until an issue is resolved.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
For customers, we offer a permissions hierarchy to prevent access to sensitive and personally identifiable information within the management platform. This could include access to realtime locations of Lone Workers, historical locations and personal details. This ensures that management within the customer only have access to data that they should.
For StaySafe, we have a permissions hierarchy where employees only have access to customers for who they are responsible for.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
For employees, a password manager where password strength is assessed.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • BS 8484

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We have an Information Security Policy in place which identifies roles and responsibilities for its implementation and review up to Board level.
This policy is available to our customers on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow a DevOps model of Plan, Code, Test, Release, Deploy, Operate and Monitor.

• Plan with Jira and Confluence.

• Securely manage code using Git, following Gitflow branching workflow allowing each feature to reside in its own branch.

• Run a Continuous Integration pipeline to automaticaly run tests before review and after approval. Includes acceptance/integration/unit tests, static analysis and security checks.

• Ansible and AWS CloudFormation for versioning, configuration management, and application-deployment to enable infrastructure as code.

• Monitoring and logging tools feed into PagerDuty to manage operations, determine service availability, identify potential issues and manage incident response.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
AWS operates, manages and controls the host operating system and virtualization layer down to the physical security of the facilities.

StaySafe is responsible for the application and operating system. Includes:

• Code undergoes automated build and test in a continuous integration pipeline. Dependencies are checked for security vulnerabilities, information leakage, and improper error handling.

• Following OWASP best practices and focus on the Top 10 Web Application Security Risks.

• Conducting regular Penetration Tests by Nettitude (CREST certificated and Lloyd’s Register company).

• Regular server patching through routine deployments.

• Monitoring trusted sources for critical vulnerabilities that require urgent action.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
StaySafe uses a number of tools to support the Operate and Monitor steps of our DevOps lifecycle.

These feed into PagerDuty for a centralised overview of online operations and incident response, in order to:

• Provide a real time view of our operations.

• Understand the impact of incidents on service delivery and customers.

• Alert our on-call staff to ensure fast action is taken. Engineers are available 24/7/365 to respond to critical incidents.
Incident management type
Supplier-defined controls
Incident management approach
StaySafe operates an online user-facing support desk in which incidents can be logged, prioritised and tracked to conclusion.

Issues are routed to the appropriate person or team, and the support desk can be used to accurately identify common events to speed up resolution where solutions can be readily drawn from our knowledge base.

User can also subscribe to notifications, such as incidents, planned or otherwise, which may affect service availability.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3.50 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We provide a free trial with full access to our Lone Worker solution. We recommend trying the solution with 10-20 lone workers over a 2-3 week period.
A pre-requisite is that lone workers have IoS or Android smart devices and at least one administrator/monitor with internet browser access is included.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.coulter@staysafeapp.com. Tell them what format you need. It will help if you say what assistive technology you use.