Callmy Ltd

Callmy Alert Lone Worker SOS

The Callmy Alert SOS provides BS8484 certified solutions for lone working and personal safety.

The services can be managed by your organisations own control room, or supplied as a fully managed capability, with SOS activations triaged by a dedicated Alarm Receiving Centre on a 24x7 basis.

Features

  • Instant SOS activation with a press of a button.
  • Timed SOS activation with countdown function.
  • Man-down feature.
  • Call for help feature - connects to a response team.
  • Track and locate users when SOS is activated.
  • When SOS is active listen to the user.
  • Download audio recordings for evidential use.
  • Managed and monitor service via web portal, includes SSO option.
  • Self managed or BS8484 managed service option.
  • Includes an integrated Mass Notification Service.

Benefits

  • App and device based options.
  • Cost effective and simple to deploy.
  • Ease of user management through Active Directory integration.
  • Optimised to minimise battery use.
  • Optimised for use in areas with poor connectivity.
  • Monitor end users locations to support emergency response.
  • Location sharing controlled by end user, to maintain privacy.
  • Send messages directly to the end users app or device.
  • Warn and Inform users to aid mobilisation, lockdown and evacuations.
  • Discreet and easy to use.

Pricing

£2.00 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.watson@callmy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 0 3 9 9 2 1 2 3 2 6 3 9 7 8

Contact

Callmy Ltd Tony Watson
Telephone: 020 31891250
Email: tony.watson@callmy.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
End user devices for app require iOS or Android operating systems.
System requirements
  • Administration access requires a Chrome or MS Edge browser
  • The Callmy Alert iOS app requires iOS 8 or later
  • The Callmy Alert Android app requires version 6 or later

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support questions are responded to within 4 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Customers have access to the Callmy support team, which can be accessed by authorised contacts using dedicated phone and email access.

Standard Support - provided seven days between 09.00 and 17.00
Response to technical questions, received from authorised contacts via phone or email . Included as part of the standard price.

Enhanced Support - provided seven days 24 hours per day.
Response to technical questions received from authorised contacts via phone or email . This is charged at either £1,000 per annum, or 8% of the annual contract value, which ever is greater.

Fault Reporting - authorised contacts can report technical faults, via phone or email, on a 24x7 basis - provided as part of the standard service delivery.

Training Support - Callmy Alert Administration training is provided as part of the standard service implementation and this can be conducted either on the customers site or remotely. Administrators have free access to online training material and can request additional remote training sessions as required.

Monitoring of end users, with the Callmy Alert SOS app or device, via the BS8484 certified managed service option, is provided on a 24x7 basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The Callmy service team will liaise with the buyer to configure the service as they require. They will also deliver training, either on site or remotely and provide access to training material - PDF and video.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The authorised service administrator(s) will delete their data via the Callmy Alert Management Portal. The Callmy Alert service desk can also perform this task if required.
End-of-contract process
At the end of the contracts initial term, the customer has the option to extend for another agreed period; the minimum being 12 months, or to terminate. Callmy Alert will work with the customer to decommission the service and this does not incur any additional charges.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The app is only used by end users to facilitate their SOS service. The desktop provides service administrators with access to various management tools, the ability to monitor user location and to triage SOS activations.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
The Management Portal provides secure web based access to manage every the service. This enables service configuration (including Active Directory integration), the ability to monitor end user locations, see which users have set their SOS timer, see if a user has activated their SOS alert, listen to users audio when their sos is active and track users precise GPS location when the SOS is active. Audit logs for historic data can also be accessed.
Admin permission levels can be set to devolve management throughout an organisation. The interface allows for messages to be broadcast to individual users and groups.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Our iOS and Android apps are build on core OS frameworks, allowing Callmy to take advantage of the full range of accessibility integrated into both iOS and Android Operating Systems. These include voice over of critical notifications, high contrast and colour support, text size adjustment. These features are tested in house, as part of the QA process prior to any new software release or update.
API
Yes
What users can and can't do using the API
The Callmy Alert service is integration ready and customers access and manage API integrations through a Swagger page.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Messages within the Callmy Alert app can be branded by customers to personalise to them to their requirements and guidelines.

Scaling

Independence of resources
The capacity of the Callmy Alert service is actively monitored and resource allocated, based on historic usage patterns and anticipated peak demands. If additional capacity is required, it is scaled into service to maintain availability and service levels.

Analytics

Service usage metrics
Yes
Metrics types
Authorised administrators can view metrics on: numbers of users, which users have activated their SOS alert, which users have set their SOS timer and for how long, if the timer elapsed and triggered the SOS. This data includes tracked GPS information and audio recordings captured during the SOS activation. If notes or pre activation messages have been added by the end user, these can also been seen in the activation reports. All information is time and date stamped and details of relevant durations are available. Details can be exported to Excel for further analysis.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported to Excel
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
Via integration with Azure Active Directory

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Callmy Alert is a 99.99 available service and this forms part of the SLA
Approach to resilience
Callmy Alert is delivered from two Microsoft Azure ISO 27001 certified data centres and the application is operationalized to ensure there is no single point of failure. The Callmy Alert service backs up data in real-time and can automatically failover should the primary data centre become unavailable or a software component fail. The Service Level Agreement states that Callmy Alert is 99.99 available.
Outage reporting
Callmy Alert employs various services to monitor the hosting environment and application. These include Azure, Datadog, Pingdom and Twilio. Alerts are sent to the service management team using dedicated apps, sms and email.

Identity and authentication

User authentication needed
Yes
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Administrators have to be added to the service via a secure Management Portal - this also defines their permission to access and manage Callmy Alert's capabilities. Administrators can only log in using their registered email address and password. It is also advised Administrators enable the services two factor authorisation.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
The Callmy Alert Management Portal can also be secured using SSO.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
BS8484 SSAIB Certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
The Callmy Alert hosting environment is certified to IS027001.

Callmy Ltd is Cyber Essentials Certified
Information security policies and processes
Callmy Ltd has information security policies in place to cover both internal business systems and also the security of the Callmy Alert service.

Callmy Ltd's Information Security policies and procedures are documented and are available on request.

Polices include: DPA Policy, Information Security Plan, Data Protection Impact Assessment, Data Breach Policy and Acceptable Usage Policy. The Policies are reviewed on a regular basis and changes are reflected in the documentation.

Incidents and issues relating to Information Security are reported to the CEO who ensures the appropriate procedure is followed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Callmy Ltd employs a configuration process to systematically manage, organise, and control the changes in documents, code base, and other entities during the development life cycle. The components tracked include the core application, database, notification hubs, streaming service, web services and end user app. Regular tasks are managed and reviewed that include:

- Configuration Identification
- Baselines
- Change Control
- Configuration Status Accounting
- Configuration Audits and Reviews
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Callmy Ltd's development team assess the service for vulnerabilities on a monthly basis and these are logged in Microsoft Visual Studio Team Services. They are ranked as low, medium or high risk to enable the development team to make threat level/service impact assessments, allocate resources and plan deployments accordingly. This process is signed off by a senior manager and the rationale for the decisions taken logged - this forms part of the ongoing vulnerability management process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Callmy Alert is monitored for:

- Invalid administrative login attempts.
- Exceptional network activity within the Azure environment.
- Exceptional levels or suspicious activity accessing the Azure environment; from email or voice, for example.
- Exceptional levels of activity from a device; app location for instance.
- Suspicious end user activity.

Various means of alerting key stakeholders of exceptional/suspicious activity and critical incidents are employed. These alerts prompt the response team to access Callmy Alert's audit logs to make assessments and employ remedies. The time to respond forms part of the SLA and this is attached to this submission.
Incident management type
Supplier-defined controls
Incident management approach
Callmy Ltd has a pre-defined process for common events and this forms part of the Callmy Service Level Agreement.

Users report incidents either via the agreed support email address or phone number. These are logged and triaged for resolution. The user and main customer contact will receive details on how the incident is being managed/resolved - a post event report is provided to the user/main customer contact. This is report is also logged in the customer record on the Callmy Ltd's CRM system.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Callmy Ltd has a flexible working ethos and this enables staff to work from home to minimise their travelling to help reduce their carbon footprint.

Callmy Ltd has a policy to source products and services from environmentally aware suppliers and by 2030 we aim to have a carbon neutral supply chain, be water positive, have zero waste certification and be net zero.

Pricing

Price
£2.00 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The free trial covers the Callmy Alert mass notification service. It includes access for 2 administrators, up to 20 users and one message group. The trail is for one month and all service and support is freely provided.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.watson@callmy.com. Tell them what format you need. It will help if you say what assistive technology you use.