assist-Mi Limited


assist-Mi is an "app" that allows a user with restricted mobility or disabilities to request assistance while travelling, visiting a service provider, a retailer, workplace or other location. It optimises customers experience andservice provider operations. The user's profile is visible to the service provider so they anticipate the users needs.


  • Real time assistance requesting for customers
  • Customer needs and personal profile visible
  • Location based services for locating the customer
  • Interactive 2-way chat
  • Supports meeting Equality Act 2010 and DDA Compliance
  • End-user app available on iTunes and Google Play
  • Service provider "app" and admin console for use by staff
  • Browse facility so customers can understand site accessibility
  • Automatic logging and audit trail of all customer service events
  • Customer expectations can be managed through 2-way chat


  • Optimises the customers experience for those with restricted mobility/disabilities
  • Optimises service provider operations and resourcing
  • Encourages more customers to travel and visit service providers
  • Increases service provider revenue
  • Improves customer confidence to travel and be economically active
  • Provides audit trail of events in case of dispute
  • Helps to identify the correct customer who needs assistance
  • Reduces risk of embarassment for customer and service provider


£1000 to £2000 per licence per year

Service documents

G-Cloud 9


assist-Mi Limited

Neil Herron


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints End user mobile devices served are currently Apple iOS and Android. Windows version is in preparation.
Standard helpdesk support operates 9-5 Mon-Fri
System requirements
  • For the service provider a web browser based terminal
  • For the end user an Android or Apple iOS device
  • For the service provider terminal to alert customer assistance staff

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In working hours Mon-Fri 9-5 within 2 hours
At weekends within 48 hours
More tailored support arrangements can be offered
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our standard support level provides Mon-Fri 9-5 helpdesk, regular software upgrades/new releases.
Our Custom support service can be tailored to meet the operating requirements of the Service Provider at additional cost
We provide a technical account manager who would normally capture and set up any Custom support requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started End users can download the customer app from iTunes and Google Play and register to set up their assist-Mi account. Service providers need to enter into an agreement with assist-Mi Limited so that their access credentials can be created and issued. assist-Mi Limited provides service provider training, initial configuration of the service provider request handling setup so that for example, roles can be shift based or vary by time of day. A centralised request handling function for multiple sites can also be configured. The service provider has rights to further configure the site data where they provide assistance services. We provide documentation for service providers and can train staff directly or use a "train the trainer" approach.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats MS Word
End-of-contract data extraction End customer data is retained in line with assist-Mi's data retention policy. As end users the contract is for use of the app. Their contract ends is they choose to uninstall the app. Their usage data is deleted in line with our policy.
Service provider data needs to be reported or extracted through the API described above. Service provision event data is discarded in line with assist-Mi's data retention policy, subject to agreement of special retention arrangements with the service provider.
End-of-contract process Only the service provider pays for the contract. The contract price is based on the consiguration and scale of the service provider including: sites operated, contact centres, dispatch locations,number of staff or customers. This fixed element is in the for of a standing charge per annum for the specific configuration. It includes standard helpdesk support (Mon-Fri 9-5) and application updates. There are additional charges for training services, implementation project management, go-live planning, customisation, API development, creation of MIS reports and out of hours support all subject to the operation and function required by the service provider's business.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The end user/customer app is phone/tablet based. The service provider element can be desktop or tablet/phone based. There are two parts to the service.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The end user app has been specially designed to meet accessibility needs and act as an assistive technology. It has been tested by RNIB and received the highest test score. It has been piloted in the city of Coventry with users with multiple disabilities and has met user requirements for accessibility
What users can and can't do using the API The API is to the application database which permits: reports on requests to be generated, export of request and customer service event data, integration and linkage of assistance requests with other application services, such as tickets for events/travel.
The API is intended for our development team to enable interfaces. It is not a user API.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The system can present service providers branding similar to what is known as "white labelling". The customisation needs to be performed by our developers.


Independence of resources By monitoring processing capacity used for the service and periodically reviewing peak loading and spare capacity. To date loading has not exceeded 10% of the available processing capacity. Additional capacity can be configured at less than 1 days notice.


Service usage metrics Yes
Metrics types Customer site browse event volumes by period
Customer request volumes by period
Breakdown of browse and request volumes by site by period
Total requests made
Total requests accepted
Requests made and accepted broken down by site
Other metrics can be provided subject to the service provider requrement
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The data relevant to service providers is customer request history. This data can be exported through an MIS report using SQL through our API or put into a data file and communicated in a "batch" fashion.
End-users do not export data - it is in the app on their device.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats Data cubes formats to be agreed with the service provider
Data import formats Other
Other data import formats Not applicable to this service

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee availability of the central service for service providers, but not the end user communications link or device as that is sourced and under their control. The central service availability is 99.8% between 0600 and 2400 hours.
If the availability measure is not met within a month, a refund of a percentage of the service fee for that month can be made. The percentage would need to be agreed alongside the pricing for the particular service provider configuration.
Approach to resilience Available on request
Outage reporting As our product is SaaS it relies on the underlying Infrastructure/Hosting service. Our service by itself cannot therefore report outages. Outages due to planned maintenance can be reported in advance by email as part of the customised setup for the Service Provider using our product.
A separate outage reporting function would need to be implemented with our Platform provider to provide such a facility. To date we are not aware of any Platform outages that have affected our service.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels The system is designed so that access to different functions is on the basis of roles, where each role provides different privileges. Adminstrative users within the Service Provider can be assigned to one or more different roles, depending on what level of access is appropriate. assist-Mi Limited has "super-user" administrative rights. Administrative rights can be tailored to suit the Service Provider organisation, including their support functions.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Assist-Mi Limited has a security policy which is overseen by a Board Director who is responsible for security and is managed day to day by a Security Officer. The policy is reviewed on an annual basis and is reconfirmed by the Board each year. The security policy adopts principles from ISO27001.
Information security policies and processes The Board Director responsible for security ensures thepolicy is communicated to staff. The Security Officer provides the policy to staff and administers the security procedures. The Security Officer reports to the Board Director. All staff are inducted and trained on the Security Policy and procedures when they join the business. Any breach of security is documented by the Security Officer, reported by the Security Officer to the Board Director. The Board Director and Security Officer jointly decide if additional investigation is required into the incident and what additional resources or independent investigation may be required. They jointly decide whether to implement new procedures, additional countermeasures and mitigations or revise the security policy.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our system and its components are tracked through formal version control supported by a software version management tool which is also used to control releases.
Each new release has formal integration testing and security testing before release into the live environment. The end-user app is separately tested by Apple and Google before publication on iTunes and Google Play - this includes security testing.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The ISO 9001 accredited company system of our software development partner manages vulnerabilities. Our standard project management approach includes managing and mitigating risk within the design and development approach to the product.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The ISO 9001 accredited company system of our software development partner manages protective monitoring. Our standard project management approach includes implementing protective monitoring within the design and development approach to the product.
Incident management type Supplier-defined controls
Incident management approach The ISO 9001 accredited company system of our software development partner manages how incidents are addressed. Our standard project management approach includes managing and mitigating incidentswithin the design and development approach to the product. Our hosting service provider typically manages Denial of Service attempts (can be several an hour) by external parties attempting to gain access to the system via remote login. In practice, the hosting provideris continually blocking such DOS as part of its standard service without additional incident reporting.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1000 to £2000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial The end-user app is free and also has a test site.
We will provide a free trial option for a limited period of time so service providers can understand the solution, but this would not operate with live end-users. The typical trial period for the service provider is one month.
Link to free trial


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑