PANICGUARD LIMITED

Zecure - Employee safety platform

Zecure is an employee safety platform, designed for the new way of working.
Part of the PanicGuard group, Zecure provides a range of smart features
and intelligent services that help keep employees safe wherever they work.
Its technology is trusted by millions all over the world.

Features

  • Raising an Panic Alert
  • Tracking a Journey / Meeting
  • Real-Time Incident Reporting with escalation rules
  • Live Location Sharing
  • Fall, Impact and idle detection
  • Ghost Mode (non tracking)
  • Check-In
  • Mass Communication Tool
  • Alert monitoring
  • Zone monitoring

Benefits

  • Increasing the safety of employees
  • Providing users with peace of mind
  • Give employees a voice
  • Ensuring staff are aware of danger
  • Ability to escalate alerts directly to emergency services
  • Be able to evaluate and run reports
  • Provide a duty of care to employees working alone
  • Offer lone workers the protection when out in the field
  • Protect lone worker from risks including injuries
  • Keep track of your team wherever they are

Pricing

£3.00 to £7.00 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.constable@panicguard.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 3 9 7 9 8 4 3 1 3 7 8 6 6 6

Contact

PANICGUARD LIMITED Adam Constable
Telephone: 020 3633 4975
Email: adam.constable@panicguard.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Alert Monitoring Solution - MAStermind, Sentinel, Bold
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • APP - IOS / Android Device
  • Dashboard - Web browser with Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 – Critical (P1)
TIME TO RESPOND - 15 minutes

2 – Major (P2)
TIME TO RESPOND - 1 hour

3 – Ordinary (P3)
TIME TO RESPOND - 1 day or next business day

4 – Low (P4)
TIME TO RESPOND - 1 day or next business day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Silver
24/7 online Support Portal Access
Notifications about new versions and builds
Self Service Portal
Online Learning Resources

Gold
24/7 online Support Portal Access
Dedicated Support Agent
Notifications about new versions and builds
Dedicated Account Manager
Self Service Portal
Online Learning Resources

Platinum
24/7 online Support Portal Access
Dedicated Support Agent
Accelerated Case Routing (when non critical)
Assistance via Remote Support and Web Meetings (Business hours)
Notifications about new versions and builds
Monthly Support Ticket Report
Dedicated Account Manager
Customised Marketing Material
Self Service Portal
Online Learning Resources
Support available to third parties
Yes

Onboarding and offboarding

Getting started
1/ Discovery & Planning (call/meeting)
2/ Compiling Assets
3/ Set-up
4/ Build
5/ Implementation
6/ Testing & Training
7/ Launch & Ongoing Support

Training is on-site and on-line with full documentation provided
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
CSV format posted on secure environment for downloading
End-of-contract process
Licensed use of the product and services relating to it (Zecure as adapted for the customer) is for the duration of the agreement - so upon termination or expiry that licence shall cease

The licence fee covers the creation of the Licensed Product, its licensed use, and normal maintenance. Additional maintenance or bespoke services would be charged in addition to that fee

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile APP is used for customers to use the service, whilst the desktop / dashboard is used to monitor the alerts and manage users.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
User Create/Edit/Delete API
Alert Integration API
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
What
- Branding
- APP Features
- Dashboard features / page permissions
- Sitewide configurations (full documentation provided on request)

How
- On Set up
- With dashboard environment
- Dashboard admin staff

Scaling

Independence of resources
We are not using "shared hosting", we own all the resources and they are dedicated to us only

Each user group has its own dedicated cluster within our infrastructure

Analytics

Service usage metrics
Yes
Metrics types
Full user activity including date/time/location/category metrics of alerts, incidents and reports
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users have the ability to export data within their secure dashboard environment
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
API

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The PanicGuard platform will be made available 24 hours day, 7 days a week (Normal Operational Hours) except for:

(a) Planned Maintenance Time;
(b) A Disaster Failure which means the time at which a Force Majeure Event or similar catastrophic failure of the System occurs.

AWS is used as the infrastructure and hence Service Availability is limited by the underlying services provided by Amazon. Recovery time objective (RTO) and recovery point objective (RPO) are also dependent on AWS.
Approach to resilience
Available upon request
Outage reporting
A public dashboard
private dashboard
email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Limited to privileged users only and CTO sign off
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Accreditation in progress
ISO/IEC 27001 accreditation date
Expected Q2 2022
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO27001 Accreditation in progress, expectation Q2 2022

Cyber Essentials
Information security policies and processes
ISMS complete for PanicGuard Limited

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management policies govern our security operations
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
This policy covers all infrastructure and networks owned or operated by Panic Guard. This policy also covers any infrastructure that is present on networks owned or managed by Panic Guard, but which may not be owned or operated by Panic Guard.

Patches deployed in less then 14 days

We are registered for vendor security updates and bulletins
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have an incident management policy for governing

Information security event: Any occurrence related to information assets or the environment indicating a possible compromise of policies, failure of controls, or an unmapped situation that can impact security.

Information security incident: Any event that threatens the confidentiality, integrity, or availability of organization systems, applications, data, or networks.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are reported to and managed by the Panic Guard’s Incident Management team (IMT). The IMT will determine whether Panic Guard policies and/or processes need to be updated or created, avoid a similar incident in the future and whether additional safeguards are required.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Wellbeing

Wellbeing

Safety underpins our feeling of personal security. But not everyone feels secure when out and about. Without this no one can develop their personal
wellness. Feeling safe and secure has to come first.

Pricing

Price
£3.00 to £7.00 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
14 day trial available to evaluate solution in its entirety
Link to free trial
https://zecureapp.com/download-use-code/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.constable@panicguard.com. Tell them what format you need. It will help if you say what assistive technology you use.