Rally Round

Rally Round is an easy to use secure online tool that allows family members, friends and carers to easily create and organise support for someone they care about.

Rally Round helps frail and vulnerable adults to live well at home. It also helps patients recover from illnesses. See


  • Clear private dashboard showing support needed and who is helping
  • Clear private view of support provided, by whom and when
  • Private noticeboards to share important information
  • Private discussion forums to facilitate family communication
  • Text and email alerts about significant actions within a network
  • Communication channel from customer to members of support networks
  • Data dashboard for customers showing performance and social capital
  • Onboarding service from customer referrals and self referrals
  • API available for home care providers to use
  • Live chat available for end users


  • Strengthens Local Authority and NHS prevention strategies
  • Defers or reduces amount of social care expenditure required
  • Enables carers to gain more support from family and friends
  • Enables faster hospital discharges
  • Enhances recovery post hospital admission
  • Enables self care and family-led support
  • Enhances capacity and 'reach' of third sector organisations
  • Enables home care providers to engage with family members


£8000 to £45000 per licence per year

Service documents

G-Cloud 9



Steve Pashley

0800 0698214

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints.
System requirements
  • Modern web browser
  • Access to public internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24 hours, Monday to Friday 9 - 6pm, excluding bank holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible All web chat is text based and within the web browser. It is implemented using the widely adopted Intercom system (
Web chat accessibility testing None.
Onsite support No
Support levels We provide a single level of technical support to customers. 9 - 6pm Monday - Friday via a ticketed email service. The customer acquires access to technical support as part of the standard contract.

The cost of this technical support is bundled into a renewable licence charge a customer pays. Customers can escalate issues to the management team.

End users can access free support via a live chat facility, available on
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There is onsite training and consulting for new customers.
There are printed and online training and support materials.
For members of the public using Rally Round there is email and live chat support.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction CSV extract.
End-of-contract process This depends on the agreement in place with the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference in functionality.
Accessibility standards None or don’t know
Description of accessibility The service is accessible via a modern web browser. The user can opt to receive alerts and reminders via email or SMS,
Accessibility testing None.
What users can and can't do using the API API users are issued with an API key that they must present each time they call it.
It is a standard RESTful API. Clients can create (POST), update (PATCH) and show (GET) the following resources: network, membership, jobs and invitations.
Users must have the necessary permissions to change the resources.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customised landing pages for organisations.
Networks created by people living in an organisation's area appear with that organisation's logo.
Organisations can send messages to networks within their area.
Landing pages are created by Health2Works by agreement with the customer.


Independence of resources The server process is hosted by Heroku on Amazon Web Services (AWS). New instances are created elastically as demand increases.


Service usage metrics Yes
Metrics types See previous answer on data export.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Access to RDS backing the app is restricted to system admin users.
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers can see and download data on all of the networks created under their license. The network data is: network name, created date, number of helpers, outstanding tasks, last activity date, total completed, tasks completed in last 90 days, average time to complete a support task and distribution of support provided across all support network members.
Data export formats CSV
Data import formats Other
Other data import formats Upload does not make sense in this application.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Rally Round is hosted by Heroku, a high-availability web application hosting platform based on Amazon Web Services (AWS).
Approach to resilience Rally Round is hosted on Heroku, a high-availability web application hosting platform based on Amazon Web Services (AWS). Applications are monitored continuously and are re-started or scaled as appropriate automatically. The site has been running continuously on this platform for over 6 years.
Outage reporting Outages are reported to us in real-time on a public dashboard and via API and email alerts. To-date, with 6 years of availability, we have never suffered an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Roles with limited access rights.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We use industry best practices.
Information security policies and processes The Director of Technology owns the master credentials to IT resources. Access is given on a least necessary authority basis i.e. only enough access to complete the task at hand. All logins are protected by 2FA. There are no anonymous accounts.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All components are kept in a GitHub private repo. We use a gitflow for branch management. All changes are made on a feature branch. Branches are reviewed before merging to master. Deployments are done automatically from GitHub to Heroku. Promotion from test environment to staging and production is automated so there are is no room for human error. Releases can be rolled back to the last known good release automatically.
Vulnerability management type Undisclosed
Vulnerability management approach We monitor and respond to CVE reports. Our hosting provider upgrades infrastructure automatically. We regularly upgrade dependent libraries. We can deploy new versions of the application with zero down-time. New versions of the app can pass through our gitflow in a matter of minutes.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Suspicious login attempts are reported and logged to a logging service. Investigation and remedy of security breaches are top priority, although we have not suffered any such breaches.
Incident management type Undisclosed
Incident management approach Events are reported to a publicised email address. The technical staff monitor that channel and respond. We have an issue ticket system that tracks incidents. Users can escalate issues via that system.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8000 to £45000 per licence per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑