ALTODIGITAL NETWORKS LIMITED

CareAR

CareAR’s Service Experience Management platform, provides Self-Solve and Remote-Solve support. Digital processes twinned with AR-Instructional Content, and AI-Powered Visual Verification, empowers end-users with the Right Content, in the Right Context, at the Right Time. This service, backed with AR Visual Support, helps to Reduce Downtime, Increase CSAT and Eliminate Dispatches.

Features

• Augmented Reality (AR) Powered Instructional Content
• Remote Assistance with Real-Time Support
• Secure Solution with End-to-End Encryption
• Visual Verification Powered by AI
• Virtual Measurement Capability
• No-Code Drag & Drop Process Workflow Creator Tool
• Scan-App for Self-Solve AI Model Creation
• APIs for Integration into Existing CRM/FSM Platforms
• SOC2 Compliant Secure Platform
• Cloud-Based for Scalability and Availability

Benefits

• Reduce Service Downtime
• Increase First Time Fix Rates
• Avoid Unnecessary Engineer Dispatches
• Improve Customer Satisfaction Scores
• Reduce Greenhouse Emissions
• Reduce Time-to-Competency for New Staff Members
• Auditable Compliance with Health & Safety Guidance
• Seamless Integration into Existing Tools & Systems

£725 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at xbsuk.bid-team@xerox.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

234839795206996

Contact

Alison Meighan
07717727484
xbsuk.bid-team@xerox.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: CareAR can be standalone or as a module of ServiceNow, Salesforce, or custom integrated to another ticket management system.
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • ARCore or ARKit for Advanced Features on Mobile Devices
  • Internet connectivity for Real-Time Support

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Single Support Level across the entire cloud platform. Each customer has a designated Customer Success Manager who will be their key point of escalation and support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding is managed by a named Customer Success Manager (CSM) to conduct the launch activities and be the initial point of escalation for new customers. Working with the CSM, CareAR provides support to guide customers towards a successful adoption and value realization, including the following; • Defining Desired Outcomes and Reporting Structure, • Designing a CareAR-Integrated Workflow • Establishing a success plan to drive adoption and value realisation • Set usage goals and expectations with user groups and managers • Support with implementing change management techniques • Creating Digital Work Instructions for Self-Solve use-cases CareAR training includes instruction by a CSM lead as well as self-guided education. Administrators and users can access the video guidance section of the tutorial to see examples of augmented reality workflows and dashboards, among other things.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Videos
• End-of-contract data extraction: Data export functionality within Customer led admin portal, into CSV files
• End-of-contract process: As a cloud SaaS service, there are no specific activities required of a customer at the end of a contract - the customer specific tenant will have access turned off at the contract expiry date, where the customer will need to inform users they no longer have access to the service. Data will then be removed from the platform and destroyed inline with data security protocols.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Differences between the mobile and desktop service; ; For Advanced Features users on mobile devices should use the App version (e.g. enhanced AR capabilities).
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser-based portal for the following: • User administration management • Integration management • Reporting • Drag & Drop management of Digital Workflows • Administration of AI models
• Accessibility standards: None or don’t know
• Description of accessibility: Add/remove users. Set app defaults. Turn certain functions on and off. Review session meta data and run reports.
• Accessibility testing: TBC
• API: Yes
• What users can and can't do using the API: Integrate with Customer Service Management / IT Service Management / Field Service Management tools for a seamless experience and 2 way data communication with work tickets/word orders.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Integration points. Customisation by CareAR. Branding options.

Scaling

• Independence of resources: CareAR’s infrastructure spans multiple fault-independent GCP availability zones physically separated from one another. There are manual or automatic capabilities to re-route and regenerate hosts within CareAR’s infrastructure and is able to detect and route around issues experienced by hosts or even whole data centers in real time and employ orchestration tooling that has the ability to regenerate hosts, building them from the latest backup. CareAR leverages tools that monitor server performance and traffic load. If suboptimal performance or overloaded capacity is detected within an availability zone, then these tools increase the capacity or shift traffic to relieve any suboptimal performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Session metrics available for both Real-Time ‘Assist’ and Self-Solve ‘Instruct’: • Overall numbers • Location • Duration • Participants • Stage of process (Instruct) • Time at each stage (Instruct) Specific questions can be set for ‘end of session surveys’ for both the ‘guest’ and ‘host’ users.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Tenant Admins can view/export/import session activity details for today, this week, this month, or within a custom date range for all or any users in their Tenant - Normal users can view/export/import session activity details for today, this week, this month, or within a custom date range for themselves only.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xls
  • Png
• Data import formats:
  • CSV
  • Other
• Other data import formats: Xls

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: The APIs used for the service (apiv2.carear.app) are hosted behind an Imperva Web Application Firewall which improves both the security as well as the reliability of the service. The application is utilising custom claims in the Google Identity Platform to add an extra level of security for user role enforcement. The apiv2 uses Imperva managed certificates to ensure that the private key is always protected (CareAR has no access to the private key). Certificates are auto-renewed by Imperva so the risk of expired or invalid certificates is minimised.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% uptime
• Approach to resilience: CareAR is hosted in the secure Google Cloud, with multiple nodes and regions used to ensure resiliency.
• Outage reporting: Email alerts & Public Dashboard All details are viewed online at https://carear.com/trust

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Customer Super-Admin designates the access rights of each account in the admin portal they own.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Compliance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: All employees are bound by Xerox Code of Business Conduct. Employees are required to take the Xerox Ethics training course as well as sign an acknowledgement to adhere to the Code of Business Conduct. In addition, annual security and privacy training are required. The CareAR Software Development Lifecycle (SDL) process is the method by which CareAR creates secure products and defines the activities that the product teams must perform at different stages of development (requirements, design, implementation, and deployment). CareAR security engineers perform numerous security activities for the Services including: • Internal security reviews before products are launched • Periodic penetration tests performed by independent security teams • Conduct threat

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CareAR has a formal change management process to manage changes to software, applications and system software that will be deployed within the production environment. Change requests are documented using a formal, auditable, system of record. Prior to a high-risk change being made, an assessment is carried out to consider the impact and risk of a requested change, evidence acknowledging applicable testing for the change, approval of deployment into production by appropriate approvers(s) and roll back procedures. A change is reviewed and tested before being deployed to production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: CareAR maintains controls and policies to mitigate the risk from security vulnerabilities in a measurable time frame that balances risk and the business/operational requirements. The CareAR service utilizes Google services for all backend services. Since ours is a serverless architecture, CareAR has no deployed servers in the infrastructure. This allows CareAR to leverage Google to maintain security patches on the infrastructure without interruption of service. For the CareAR application software, critical software patches are evaluated, tested and applied proactively. For high-risk patches, CareAR will notify customers prior to the application of a patch.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: CareAR utilises the Xerox Security Incident Response Team (SIRT), assesses the threat of all relevant vulnerabilities or security incidents and establishes remediation and mitigation actions for all events. Access to these security logs is limited to SIRT. CareAR utilizes GCP platforms and third-party tools to detect, mitigate, and to help prevent Distributed Denial of Service attacks (DDoS) attacks. Upon discovery or notification of any Security Incident, CareAR will promptly investigate such Incident and promptly notify Customers. Customers will receive notification via email to the owner of the CareAR account.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: CareAR utilises the Xerox Security Incident Response Team (SIRT), assesses the threat of all relevant vulnerabilities or security incidents and establishes remediation and mitigation actions for all events. Access to these security logs is limited to SIRT. CareAR utilizes GCP platforms and third-party tools to detect, mitigate, and to help prevent Distributed Denial of Service attacks (DDoS) attacks. Upon discovery or notification of any Security Incident, CareAR will promptly investigate such Incident and promptly notify Customers. Customers will receive notification via email to the owner of the CareAR account.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Xerox is committed to fighting climate change such that we play a role in the sustainability of our world’s natural resources. Xerox has identified four strategic commitment areas where we can make a significant impact on the environment: • Reducing Energy Use and Protecting the Climate: • Preserving Biodiversity and the World's Forests: • Preserving Clean Air and Water: • Preventing and Managing Waste: We invest in technologies that reduce the carbon footprint of our operations and offer solutions to our customers that reduce energy use, cost and waste. Our Net Zero goal is 2040. In 2021, we also expanded our greenhouse gas (GHG) emissions reduction goal to cover scopes 1, 2 and 3. We plan to achieve net-zero emissions through projects that improve operational efficiency, create new technology innovations, and neutralise residual GHG emissions through carbon compensation mechanisms. Our approach to sustainability includes partnerships to accelerate progress. We have officially joined the UNFCCC’s Race to Zero and SBTi’s Business Ambition for 1.5°C campaigns, aligning our climate mitigation targets to what science dictates is necessary to reduce the destructive impacts of climate change on human society and nature. We are a founding member of Defra’s e-Sustainability Alliance (DeSA), We are actively involved in the provision of best practices on the ways in which IT firms of all sizes can minimise their environmental impacts. We also support the Government Cloud Sustainability project, focusing on ‘Sustainable IT’ (e.g. achieving net-zero, modern slavery and other supply chain matters) and ‘IT for Sustainability’ – including the social pillar, “How to procure and measure performance on all things Cloud”. When selecting our technologies and services for G-Cloud 14, we have utilised this knowledge base and ensured that the services & technology used comply with Government guidance and carry accreditation from 3rd party bodies where appropriate.

Pricing

• Price: £725 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 2 to 4 weeks free trial. Full service included, but no integrations offered
• Link to free trial: https://carear.com/demo/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at xbsuk.bid-team@xerox.com. Tell them what format you need. It will help if you say what assistive technology you use.