Skip to main content

Help us improve the Digital Marketplace - send your feedback

TrackaPhone Ltd

Mobile Phone Tracking

This proven, 'Secured by Design', Mobile Tracking service allows the real time and historical monitoring of your mobile phone location supporting a range of technologies, devices, and smart phone applications for Windows, Blackberry, iPhone and Android through a feature rich interface with street level mapping, geo-fencing and full reporting.

Features

  • Real time location of all smart phones and other devices
  • Geofencing alerts to identify employees in specific locations
  • Diagnostics and reporting for management of device faults or tampering
  • Comprehensive training and train the trainer programmes and materials
  • Fully project managed design, implementation and pilot programme
  • Unlimited hierarchical and inclusive logins to the management Interface
  • 'Secured by Design' service established in Government, NHS, Emergency Services
  • Ability to run several location services through a single interface

Benefits

  • Sustainable service capable of supporting strategic changes within your organisation
  • Flexible configuration of service to meet a range of requirements
  • Cost effective solution alternative to a vehicle tracking solution
  • Improved Lone Worker and Employee Safety across all operational areas
  • Fully auditable system to ensure user compliance and service effectiveness
  • Agnostic to devices, network, location technologies, mapping and IT environments
  • Global -delivering services overseas as and when required
  • Scalable without the need for investment or additional infrastructure
  • Proven system deployed in Government, NHS, Local Authorities, Emergency Services
  • Easy to implement regardless of project size or service design

Pricing

£2.50 to £5.00 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.davidson@trackaphone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 9 4 1 4 3 0 7 3 6 4 9 7 0 2

Contact

TrackaPhone Ltd Jonathan Davidson
Telephone: 07931150021
Email: jonathan.davidson@trackaphone.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • The managed service can be delivered without any IT requirements
  • If in-house access required/desired, following requirements apply:
  • Minimum Java 1.8+ recommended
  • 4GB Available RAM

User support

Email or online ticketing support
Email or online ticketing
Support response times
User, technical and administrative support are supplied through the same support telephone and email route. Initial simple responses are normally completed within 2 hours. Where there is a significant amount of work (administrative) this will normally be completed within 2 business days.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
User, technical and administrative support are supplied through the same support telephone and email route. Initial simple responses are normally
completed within 2 hours. Where there is a significant amount of work (administrative) this will normally be completed within 2 business days.

For technical support the maximum resolution times are as follows

System Critical (Service Not Available) Resolution in 4 Hours
Major Impaired (Major Reduction in Throughput) Resolution in 8 Hours
Minor Impact (Service Still Available) Resolution in 1 Week
Cosmetic (No Functional Impact on Service) Resolution in 4 Weeks

These support levels are standard and included in the subscription to the service. All our customer receive the same excellent levels of support.

Telephone Support
1. 24/7 Response to collect general nature of query
2. Moved to User/Admin Support or Technical Support as required
3. If needed Internally escalated to Technical Support
4. If needed Internally escalated to Technical Director

Email Support
1. Direct to User/Admin Support
2. If needed Internally escalated to Technical Support
3. If needed Internally escalated to Technical Director
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our approach is to first carry out a scoping meeting with the main stakeholders where as part of this we would agree the preferred method for delivering training. This could be a full training programme that we deliver at various sites of the customer's choosing, or a train the trainer approach, or on some occasions where the solution required is very simple the customer sometimes prefer us to provide training materials and they manage themselves.
All our training is supported by user guides, training videos, On line training sessions.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data held on the system is deleted automatically after 3 months, or if a contract is cancelled it will be deleted within a 30 day buffer period of the contract end date. Should the buyer request this buffer period to be shorter we will comply to all reasonable requests. The customer may download and archive their data at any time while in contract and with live access to the service, or by authorised written request for information within the buffer period.
End-of-contract process
When the contract is terminated with the appropriate notice the account is closed. This immediately revokes all rights to access the service on the contract end date, although data will be kept for an agreed buffer period or 30 days, whichever is the shorter, after this date. There is no additional administration or resource required and the process is included in the contract.

If however no notice is given at the end of the contract period the service will remain live while discussions on the contract extension take place.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
1. Alert Client - is an app for iOS, Android, Blackberry, and Windows which reports locations, network diagnostics, alerts, voice recordings and battery levels of these devices to be viewed through the locator interfaces.
2. The Locator Interfaces can be accessed through a Java based desktop application 'the People Locator' which provides full administrative access to the service , allows reports to be run, access levels to be granted and service parameters defined; or through a mobile browser Interface, 'the ilocatr' which has fewer administrative capabilities and is designed for quick access to perform simple functions in the field.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
The API is solely to allow users to integrate preferred 3rd party lone worker protection devices to the service.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service is highly customisable at every level.
From the layout of the interface to the behaviour and reporting levels of the devices being managed through the interface as well as the ability to change text size to meet accessibility standards.
The level by which a user can customise the service is based on their login permissions and above this further customisations can be requested from support including re-branding of the Locator interfaces if required.

Scaling

Independence of resources
TrackaPhone uses database sharding and load balancing to scale and distribute demand across multiple servers. The system is monitored continuously for system load and traffic volume that surpasses set thresholds, which are automatically reported to support staff. This acts as an early warning and allows the system to be scaled well in advance of service affecting conditions.

Analytics

Service usage metrics
Yes
Metrics types
1.Users of the locator Interfaces:
We have logs of user access which can be viewed through a management report

2.Users of devices managed by the interface:
All activity is recorded and can be reported on from the people locator interface, as well as automated reports and management reports to measure activity and compliance
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The secure People Locator Interface allows users with the correct permissions to generate reports on all the data held by the system ( up to 3 months history at any one time) in either a csv or html format as required. This data can then be archived or used in other applications by the customer.
Data export formats
  • CSV
  • Other
Other data export formats
Html
Data import formats
Other
Other data import formats
This is not a relevant feature of our service

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other
Other protection within supplier network
Data traffic within the network is encrypted using an SHA-2 2048 bit SSL connection. Sensitive data is stored in encrypted database fields using AES encryption. Database backups are encrypted using GPG 4096 bit encryption.

Availability and resilience

Guaranteed availability
The service is designed to be available 24 hours a day, 365 days of the year. In the unlikely event of a disruption to service we provide the following SLA for resolution.
'System Critical': defined as System Not Available - Updates every 30 Minutes - resolution within 4 Hours
'Major Impaired': defined as Major Reduction in Throughput - Updates Every Hour - resolution within 8 Hours
'Minor Impact' - defined as Service Still Available - Updates on Fault resolution - resolution within 1 Week.
'Cosmetic' - defined as No Functional Impact on Service - Updates on Fault resolution - resolution within 4 Weeks.
Approach to resilience
Network
Adjacent to two main internet switch facilities.
Multiple diversely routed dedicated fibre connections linked directly to the adjacent switch facilities that take separate routes and enter the data centre from opposite ends, approaching our main communications racks from opposite directions.
Multiple routes extend from the switch room to diversely situated transit gateways
Our internal network is designed with redundancy and performance in mind. We closely monitor each and every major element and have several levels of software to monitor, report and graph performance.

Power
Supplied by two x 4000amps (3 phase) on site sub stations.
Standby Generator located within the internal plant room with full automatic auto change over panel and sufficient fuel for at least 32 hours service (24/7-4hr fuel supplier is on contract).
Hot fill pipe to an external secure fuel fill inlet.
Changeover panel - The system has an auto changeover panel which automatically and seamlessly switches the power source from the mains to the generator in the event of a power failure and then back to mains supply once stable power is restored.
Outage reporting
TrackaPhone provides a public dashboard that displays the current state of the service using a traffic light system to indicate whether the system is operating optimally, degraded in any way, or down. Additional details may be provided on the dashboard as appropriate such as impact and estimated service resolution time.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
1. Administrator level has full unrestricted access and can create new users at Restricted User level.
2. Restricted Users - permissions are defined in terms of groups of data that can be viewed, and what user can do
Request Locations Y/N
Create Schedules Y/N
Add or remove devices Y/N
Create Zones Y/N
Manage Groups Y/N
Access Commands Y/N
Create Map Overlays Y/N
Cancel Alerts Y/N
Set Device Status Y/N
Send Text Messages Y/N
create geofences Y/N
modify devices Y/N
View via Mobile Interface (ilocatr) Y/N
Edit Alert Response Y/N
View Locations Y/N
remotely activate alerts Y/N
Request device logs Y/N
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Certification Group Ltd - Elaine Hanaghan
ISO/IEC 27001 accreditation date
21/06/2017
What the ISO/IEC 27001 doesn’t cover
This particular certification addresses the integrity of our hosted service and data held for the delivery of the service. This does not cover other areas of our service which support the overall service: for example our 24/7 emergency response service which is certified under a separate ISO/IEC 27001 certificate.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • BSI IoT
  • Secured by Design

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
TrackaPhone follows IT security processes that concern the use of the internet connection, approved applications, anti-virus, system updates and passwords. Employees that do not adhere to the policies may be subject to disciplinary action up to and including dismissal.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Service components are subject to change control once they have been signed-off, stored in a baseline and placed under configuration control. Stakeholders have an opportunity to participate in the control of any subsequent changes. All recipients are made aware of any changes that occur. There's an audit trail connecting a change to a configuration item to the reason for its change, and which records the participation and authorisation of those people concerned with the change.

Each change is evaluated for potential security impact by the investigator, who's responsible for determining operational and security risks that result from the proposed change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Where potential threats are raised for a component of the service, an assessment is made with respect to the version of software in use, and whether the vulnerability could affect service. When there's the possibility of threat to the service, the vulnerability is simulated within the staging environment to establish whether a change is required.

Based on the vulnerability assessment, a patch/change may be implemented.
-Emergency within 24 hours
-Low risk within 7 days
-Minimal risk next maintenance window.

Threats are identified through subscriptions to periodic security newsletters, social news feeds with current security issues, regular monitoring of cybersecurity websites.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The TrackaPhone service management console has auditing built in to provide a level of detail to trace user interaction with the system. This can be used to identify suspect patterns of behaviour or actions by service users.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported by email from the user. Based on the incident description, the incident management process makes use of known errors in order to facilitate a quick fix when an incident is reported by a user. Incident reports are sent by email and are made available on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

TrackaPhone makes extensive use of working from home and emphasis on technology use, such as video conferencing, to reduce necessity for travel, thereby reducing our carbon footprint.
Covid-19 recovery

Covid-19 recovery

TrackaPhone makes extensive use of working from home and emphasis on technology use, such as video conferencing, to reduce unnecessary contact and possible spread of Covid-19.
Tackling economic inequality

Tackling economic inequality

Trackaphone has just completed funding one of it's employees through an an accountancy apprenticeship to gain ACCA accreditation. And is looking at possibilities of using apprenticeships to fill other roles within the organisation.
Equal opportunity

Equal opportunity

Trackaphone are an equal opportunities employer and would not discriminate for any employment opportunities, this is encapsulated in our equal opportunities statement. This is available on request.
Wellbeing

Wellbeing

Work life balance has been facilitated within TrackaPhone by an early adoption of working from home and emphasis on technology, such as video conferencing, to reduce travel reducing the time that would be spent away from home.
The Staff Handbook, which contains the company disciplinary procedure, states that any bullying, discrimination of any kind or sexual harassment constitute gross misconduct and dealt with as such. Our staff handbook is available if requested.

Pricing

Price
£2.50 to £5.00 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
There is a free technical trial, which allows customers to carry out end to end testing to ensure any issues with firewalls, devices, network restrictions etc. can be identified and resolved. This is typically a 1-2 week trial with 1 -2 devices registered on the system.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.davidson@trackaphone.com. Tell them what format you need. It will help if you say what assistive technology you use.