Callmy Ltd

Callmy Alert Lone Worker SOS

Callmy Alert SOS is a cost effective Lone Working app for any size of organisation and is used to deliver duty of care to staff and to comply with Health and Safety legislation.

The app can also receive emergency messages, when used with the optional Callmy Alert Mass Notification service.

Features

• Instant SOS activation with a press of a button.
• Timed SOS activation with countdown function.
• Audible alert to prompt user to cancel or extend timer.
• Call for help feature - connects to a response team.
• Track and locate users when SOS is activated.
• When SOS is active listen to the user.
• Download audio recordings for evidential use.
• Configure, managed and monitor service via web based portal.
• Self managed or BS8484 managed service options.
• Includes the Callmy Alert Mass Notification Service

Benefits

• An easy to use and discreet service.
• Cost effective and simple to deploy.
• Reduces costs of hardware based products.
• Optimised to minimise battery use.
• Optimised for use in areas with poor connectivity.
• Monitor end users locations to support emergency response.
• Send message directly to the users Callmy Alert app.
• Warn and Inform users to aid, mobilisation, lockdown and evacuations.

£2.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

619357598376774

Contact

Callmy Ltd

Tony Watson

020 31891250

tony.watson@callmy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Standard service is provided during normal working hours. This can be upgraded if required.
• System requirements:
  • Administration access requires a Chrome or MS Edge browser
  • The Callmy Alert iOS app requires iOS 8 or later
  • The Callmy Alert Android app requires version 6 or later

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support questions are responded to within 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customers have access to the Callmy support team, which can be accessed by authorised contacts using dedicated phone and email access.; ; Standard Support - provided seven days between 09.00 and 17.00 ; Response to technical questions, received from authorised contacts via phone or email . Included as part of the standard price.; ; Enhanced Support - provided seven days 24 hours per day.; Response to technical questions received from authorised contacts via phone or email . This is charged at either £1,000 per annum, or 8% of the annual contract value, which ever is greater.; ; Provisioning requests - if required authorised administrators can request new service provisions between Monday and Friday during normal working hours. Included as part of the standard price.; ; Fault Reporting - authorised contacts can report technical faults, via phone or email, on a 24x7 basis - provided as part of the standard service delivery.; ; Training Support - Callmy Alert Administration training is provided as part of the standard service implementation and this can be conducted either on the customers site or remotely. Administrators have free access to online training material and can request additional remote training sessions as required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Callmy service team will liaise with the buyer to configure the service as they require. They will also deliver training, either on site or remotely and provide access to training material - PDF and video.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The authorised service administrator(s) will delete their data via the Callmy Alert Management Portal. The Callmy Alert service desk can also perform this task if required.
• End-of-contract process: At the end of the contracts initial term, the customer has the option to extend for another agreed period; the minimum being 12 months, or to terminate. Callmy Alert will work with the customer to decommission the service and this does not incur any additional charges.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The app is only used by end users to facilitate their SOS service. The desktop provides service administrators with access to various management tools, the ability to monitor user location and to triage SOS activations.
• Service interface: Yes
• Description of service interface: The Callmy Alert Management Portal provides full access to details of every aspect of the service. This enable services to be configured and allocated to users, the ability to monitor end user locations, see which users have set their SOS timer, see if a user has activated their SOS alert, listen to users audio when their sos is active and track users precise GPS location when the SOS is active.
• Accessibility standards: None or don’t know
• Description of accessibility: Complying with accessibility standards is part of the current development roadmap.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The Callmy Alert service is integration ready and customers access and manage API integrations through a Swagger page.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The capacity of the Callmy Alert service is actively monitored and resource allocated, based on historic usage patterns and anticipated peak demands. If additional capacity is required, it is scaled into service to maintain availability and service levels.

Analytics

• Service usage metrics: Yes
• Metrics types: Authorised administrators can view metrics on: numbers of users, which users have activated their SOS alert, which users have set their SOS timer and for how long, if the timer elapsed and triggered the SOS. This data includes tracked GPS information and audio recordings captured during the SOS activation. All information is time and date stamped and details of relevant durations are available. Details can be exported to Excel for further analysis.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported to Excel
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Callmy Alert is a 99.99 available service and this forms part of the SLA
• Approach to resilience: Callmy Alert is delivered from two Microsoft Azure ISO 27001 certified data centres and the application is operationalized to ensure there is no single point of failure. The Callmy Alert service backs up data in real-time and can automatically failover should the primary data centre become unavailable or a software component fail. The Service Level Agreement states that Callmy Alert is 99.99 available.
• Outage reporting: Callmy Alert employs various services to monitor the hosting environment and application. These include Azure, Datadog, Pingdom and Twilio. Alerts are sent to the service management team using dedicated apps, sms and email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Administrators have to be added to the service via a secure Management Portal - this also defines their permission to access and manage Callmy Alert's capabilities. Administrators can only log in using their registered email address and password. It is also advised Administrators enable the services two factor authorisation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: The Callmy Alert hosting environment is certified to IS027001.; ; Callmy Ltd is Cyber Essentials IASME Certified
• Information security policies and processes: Callmy Ltd has information security policies in place to cover both internal business systems and also the security of the Callmy Alert service. ; ; Callmy Ltd's Information Security policies and procedures are documented and are available on request. ; ; Polices include: DPA Policy, Information Security Plan, Data Protection Impact Assessment, Data Breach Policy and Acceptable Usage Policy. The Policies are reviewed on a regular basis and changes are reflected in the documentation.; ; Incidents and issues relating to Information Security are reported to the CEO who ensures the appropriate procedure is followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Callmy Ltd employs a configuration process to systematically manage, organise, and control the changes in documents, code base, and other entities during the development life cycle. The components tracked include the core application, database, notification hubs, streaming service, web services and end user app. Regular tasks are managed and reviewed that include:; ; - Configuration Identification; - Baselines; - Change Control; - Configuration Status Accounting; - Configuration Audits and Reviews
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Callmy Ltd's development team assess the service for vulnerabilities on a monthly basis and these are logged in Microsoft Visual Studio Team Services. They are ranked as low, medium or high risk to enable the development team to make threat level/service impact assessments, allocate resources and plan deployments accordingly. This process is signed off by a senior manager and the rationale for the decisions taken logged - this forms part of the ongoing vulnerability management process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Callmy Alert is monitored for:; ; - Invalid administrative login attempts.; - Exceptional network activity within the Azure environment.; - Exceptional levels or suspicious activity accessing the Azure environment; from email or voice, for example.; - Exceptional levels of activity from a device; app location for instance.; - Suspicious end user activity.; ; Various means of alerting key stakeholders of exceptional/suspicious activity and critical incidents are employed. These alerts prompt the response team to access Callmy Alert's audit logs to make assessments and employ remedies. The time to respond forms part of the SLA and this is attached to this submission.
• Incident management type: Supplier-defined controls
• Incident management approach: Callmy Ltd has a pre-defined process for common events and this forms part of the Callmy Service Level Agreement. ; ; Users report incidents either via the agreed support email address or phone number. These are logged and triaged for resolution. The user and main customer contact will receive details on how the incident is being managed/resolved - a post event report is provided to the user/main customer contact. This is report is also logged in the customer record on the Callmy Ltd's CRM system.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £2.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial covers the Callmy Alert mass notification service. It includes access for 2 administrators, up to 20 users and one message group. The trail is for one month and all service and support is freely provided.

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)