Mobile Phone Tracking
This proven, 'Secured by Design', Mobile Tracking service allows the real time and historical monitoring of your mobile phone location supporting a range of technologies, devices, and smart phone applications for Windows, Blackberry, iPhone and Android through a feature rich interface with street level mapping, geo-fencing and full reporting.
Features
- Real time location of all smart phones and other devices
- Geofencing alerts to identify employees in specific locations
- Diagnostics and reporting for management of device faults or tampering
- Comprehensive training and train the trainer programmes and materials
- Fully project managed design, implementation and pilot programme
- Unlimited hierarchical and inclusive logins to the management Interface
- 'Secured by Design' service established in Government, NHS, Emergency Services
- Ability to run several location services through a single interface
Benefits
- Sustainable service capable of supporting strategic changes within your organisation
- Flexible configuration of service to meet a range of requirements
- Cost effective solution alternative to a vehicle tracking solution
- Improved Lone Worker and Employee Safety across all operational areas
- Fully auditable system to ensure user compliance and service effectiveness
- Agnostic to devices, network, location technologies, mapping and IT environments
- Global -delivering services overseas as and when required
- Scalable without the need for investment or additional infrastructure
- Proven system deployed in Government, NHS, Local Authorities, Emergency Services
- Easy to implement regardless of project size or service design
Pricing
£2.50 to £5.00 a user a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 9 4 1 4 3 0 7 3 6 4 9 7 0 2
Contact
TrackaPhone Ltd
Jonathan Davidson
Telephone: 07931150021
Email: jonathan.davidson@trackaphone.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No
- System requirements
-
- The managed service can be delivered without any IT requirements
- If in-house access required/desired, following requirements apply:
- Minimum Java 1.8+ recommended
- 4GB Available RAM
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- User, technical and administrative support are supplied through the same support telephone and email route. Initial simple responses are normally completed within 2 hours. Where there is a significant amount of work (administrative) this will normally be completed within 2 business days.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
User, technical and administrative support are supplied through the same support telephone and email route. Initial simple responses are normally
completed within 2 hours. Where there is a significant amount of work (administrative) this will normally be completed within 2 business days.
For technical support the maximum resolution times are as follows
System Critical (Service Not Available) Resolution in 4 Hours
Major Impaired (Major Reduction in Throughput) Resolution in 8 Hours
Minor Impact (Service Still Available) Resolution in 1 Week
Cosmetic (No Functional Impact on Service) Resolution in 4 Weeks
These support levels are standard and included in the subscription to the service. All our customer receive the same excellent levels of support.
Telephone Support
1. 24/7 Response to collect general nature of query
2. Moved to User/Admin Support or Technical Support as required
3. If needed Internally escalated to Technical Support
4. If needed Internally escalated to Technical Director
Email Support
1. Direct to User/Admin Support
2. If needed Internally escalated to Technical Support
3. If needed Internally escalated to Technical Director - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our approach is to first carry out a scoping meeting with the main stakeholders where as part of this we would agree the preferred method for delivering training. This could be a full training programme that we deliver at various sites of the customer's choosing, or a train the trainer approach, or on some occasions where the solution required is very simple the customer sometimes prefer us to provide training materials and they manage themselves.
All our training is supported by user guides, training videos, On line training sessions. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- All data held on the system is deleted automatically after 3 months, or if a contract is cancelled it will be deleted within a 30 day buffer period of the contract end date. Should the buyer request this buffer period to be shorter we will comply to all reasonable requests. The customer may download and archive their data at any time while in contract and with live access to the service, or by authorised written request for information within the buffer period.
- End-of-contract process
-
When the contract is terminated with the appropriate notice the account is closed. This immediately revokes all rights to access the service on the contract end date, although data will be kept for an agreed buffer period or 30 days, whichever is the shorter, after this date. There is no additional administration or resource required and the process is included in the contract.
If however no notice is given at the end of the contract period the service will remain live while discussions on the contract extension take place.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
1. Alert Client - is an app for iOS, Android, Blackberry, and Windows which reports locations, network diagnostics, alerts, voice recordings and battery levels of these devices to be viewed through the locator interfaces.
2. The Locator Interfaces can be accessed through a Java based desktop application 'the People Locator' which provides full administrative access to the service , allows reports to be run, access levels to be granted and service parameters defined; or through a mobile browser Interface, 'the ilocatr' which has fewer administrative capabilities and is designed for quick access to perform simple functions in the field. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- The API is solely to allow users to integrate preferred 3rd party lone worker protection devices to the service.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The service is highly customisable at every level.
From the layout of the interface to the behaviour and reporting levels of the devices being managed through the interface as well as the ability to change text size to meet accessibility standards.
The level by which a user can customise the service is based on their login permissions and above this further customisations can be requested from support including re-branding of the Locator interfaces if required.
Scaling
- Independence of resources
- TrackaPhone uses database sharding and load balancing to scale and distribute demand across multiple servers. The system is monitored continuously for system load and traffic volume that surpasses set thresholds, which are automatically reported to support staff. This acts as an early warning and allows the system to be scaled well in advance of service affecting conditions.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
1.Users of the locator Interfaces:
We have logs of user access which can be viewed through a management report
2.Users of devices managed by the interface:
All activity is recorded and can be reported on from the people locator interface, as well as automated reports and management reports to measure activity and compliance - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- The secure People Locator Interface allows users with the correct permissions to generate reports on all the data held by the system ( up to 3 months history at any one time) in either a csv or html format as required. This data can then be archived or used in other applications by the customer.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Html
- Data import formats
- Other
- Other data import formats
- This is not a relevant feature of our service
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- Other
- Other protection within supplier network
- Data traffic within the network is encrypted using an SHA-2 2048 bit SSL connection. Sensitive data is stored in encrypted database fields using AES encryption. Database backups are encrypted using GPG 4096 bit encryption.
Availability and resilience
- Guaranteed availability
-
The service is designed to be available 24 hours a day, 365 days of the year. In the unlikely event of a disruption to service we provide the following SLA for resolution.
'System Critical': defined as System Not Available - Updates every 30 Minutes - resolution within 4 Hours
'Major Impaired': defined as Major Reduction in Throughput - Updates Every Hour - resolution within 8 Hours
'Minor Impact' - defined as Service Still Available - Updates on Fault resolution - resolution within 1 Week.
'Cosmetic' - defined as No Functional Impact on Service - Updates on Fault resolution - resolution within 4 Weeks. - Approach to resilience
-
Network
Adjacent to two main internet switch facilities.
Multiple diversely routed dedicated fibre connections linked directly to the adjacent switch facilities that take separate routes and enter the data centre from opposite ends, approaching our main communications racks from opposite directions.
Multiple routes extend from the switch room to diversely situated transit gateways
Our internal network is designed with redundancy and performance in mind. We closely monitor each and every major element and have several levels of software to monitor, report and graph performance.
Power
Supplied by two x 4000amps (3 phase) on site sub stations.
Standby Generator located within the internal plant room with full automatic auto change over panel and sufficient fuel for at least 32 hours service (24/7-4hr fuel supplier is on contract).
Hot fill pipe to an external secure fuel fill inlet.
Changeover panel - The system has an auto changeover panel which automatically and seamlessly switches the power source from the mains to the generator in the event of a power failure and then back to mains supply once stable power is restored. - Outage reporting
- TrackaPhone provides a public dashboard that displays the current state of the service using a traffic light system to indicate whether the system is operating optimally, degraded in any way, or down. Additional details may be provided on the dashboard as appropriate such as impact and estimated service resolution time.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
1. Administrator level has full unrestricted access and can create new users at Restricted User level.
2. Restricted Users - permissions are defined in terms of groups of data that can be viewed, and what user can do
Request Locations Y/N
Create Schedules Y/N
Add or remove devices Y/N
Create Zones Y/N
Manage Groups Y/N
Access Commands Y/N
Create Map Overlays Y/N
Cancel Alerts Y/N
Set Device Status Y/N
Send Text Messages Y/N
create geofences Y/N
modify devices Y/N
View via Mobile Interface (ilocatr) Y/N
Edit Alert Response Y/N
View Locations Y/N
remotely activate alerts Y/N
Request device logs Y/N - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The Certification Group Ltd - Elaine Hanaghan
- ISO/IEC 27001 accreditation date
- 21/06/2017
- What the ISO/IEC 27001 doesn’t cover
- This particular certification addresses the integrity of our hosted service and data held for the delivery of the service. This does not cover other areas of our service which support the overall service: for example our 24/7 emergency response service which is certified under a separate ISO/IEC 27001 certificate.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- BSI IoT
- Secured by Design
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- TrackaPhone follows IT security processes that concern the use of the internet connection, approved applications, anti-virus, system updates and passwords. Employees that do not adhere to the policies may be subject to disciplinary action up to and including dismissal.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Service components are subject to change control once they have been signed-off, stored in a baseline and placed under configuration control. Stakeholders have an opportunity to participate in the control of any subsequent changes. All recipients are made aware of any changes that occur. There's an audit trail connecting a change to a configuration item to the reason for its change, and which records the participation and authorisation of those people concerned with the change.
Each change is evaluated for potential security impact by the investigator, who's responsible for determining operational and security risks that result from the proposed change. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Where potential threats are raised for a component of the service, an assessment is made with respect to the version of software in use, and whether the vulnerability could affect service. When there's the possibility of threat to the service, the vulnerability is simulated within the staging environment to establish whether a change is required.
Based on the vulnerability assessment, a patch/change may be implemented.
-Emergency within 24 hours
-Low risk within 7 days
-Minimal risk next maintenance window.
Threats are identified through subscriptions to periodic security newsletters, social news feeds with current security issues, regular monitoring of cybersecurity websites. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The TrackaPhone service management console has auditing built in to provide a level of detail to trace user interaction with the system. This can be used to identify suspect patterns of behaviour or actions by service users.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Incidents are reported by email from the user. Based on the incident description, the incident management process makes use of known errors in order to facilitate a quick fix when an incident is reported by a user. Incident reports are sent by email and are made available on request.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
TrackaPhone makes extensive use of working from home and emphasis on technology use, such as video conferencing, to reduce necessity for travel, thereby reducing our carbon footprint. - Covid-19 recovery
-
Covid-19 recovery
TrackaPhone makes extensive use of working from home and emphasis on technology use, such as video conferencing, to reduce unnecessary contact and possible spread of Covid-19. - Tackling economic inequality
-
Tackling economic inequality
Trackaphone has just completed funding one of it's employees through an an accountancy apprenticeship to gain ACCA accreditation. And is looking at possibilities of using apprenticeships to fill other roles within the organisation. - Equal opportunity
-
Equal opportunity
Trackaphone are an equal opportunities employer and would not discriminate for any employment opportunities, this is encapsulated in our equal opportunities statement. This is available on request. - Wellbeing
-
Wellbeing
Work life balance has been facilitated within TrackaPhone by an early adoption of working from home and emphasis on technology, such as video conferencing, to reduce travel reducing the time that would be spent away from home.
The Staff Handbook, which contains the company disciplinary procedure, states that any bullying, discrimination of any kind or sexual harassment constitute gross misconduct and dealt with as such. Our staff handbook is available if requested.
Pricing
- Price
- £2.50 to £5.00 a user a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- There is a free technical trial, which allows customers to carry out end to end testing to ensure any issues with firewalls, devices, network restrictions etc. can be identified and resolved. This is typically a 1-2 week trial with 1 -2 devices registered on the system.