Track24 Limited

AtlasNXT

AtlasNXT uses location intelligence to solve security, duty
of care, communication and operational challenges. It is
designed to optimise user adoption by offering a
unified, intuitive experience built on privacy-first principles.
We transform modern-day operational delivery, through AI-based automation improving
cost efficiencies, whilst boosting productivity, employee
satisfaction and trust.

Features

• Track smartphones and trackers; plan routes
• Create geofences with alerts when devices enter, exit
• Locations remain private when not at risk
• Message by team, location, incidents, and combinations
• Overlay data maps including incidents from internal and external data
• Risk scores on map overlay; risk assessment documents
• AI summarisation alerts and advisories from data feed
• AI country reports and pretravel advisory notes
• Assessments/interactive documents
• KML/KMZ/CSV geofence and location imports

Benefits

• Keep your people safe and informed, in any location
• Minimise impact of unexpected/critical events
• Maximise efficiencies across mobile operations
• Enhance your brand in competitive talent market
• Win employee trust by putting privacy first
• Information export of time-ordered event reports
• Automated geofence creation, automated incident management
• Reducing cost caused by delays in critical event
• Increasing travel efficiency
• Compliance with Travel Risk Management ISO31030

£18,360 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at naomi.read@track24.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

431894543781556

Contact

Naomi Read
07949974507
naomi.read@track24.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Track 24 (The licensor) agrees to notify the customer in advance of commencing scheduled work if the period of downtime exceeds 5 minutes. Notification will be communicated to Customer via email or Customer’s account login screen.
• System requirements:
  • Mobile devices with GPS and other location services
  • Current operating systems for desktop, laptop, smartphones
  • Appropriate airtime contract for devices
  • (On-Prem Only) Suitable servers running Linux.
  • Up-to-date web browser.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Contact the support team via email support@atlasnxt.com. ; ; Acknowledgement response received by the customer confirming the ticket number within 1 hour. Response from a Support team member within 24 hrs
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Services are carefully and continuously managed by Track 24’s in-house Service Delivery Team. We provide preparation, training, education, data integration, and in use support from contract signature to ‘go live’ and throughout contract.; ; Following the onboarding, quarterly meetings with the Account Manager and 24 x 7 access to our customer support team and emergency engineering team, in case of operational outage, will be provided. Office hours escalation for other matters.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our typical approach delivers onboarding and support using a blend of Webinar and email - alongside in-person support where needed. AtlasNXT’s unique User Experience and Interface design allows for use ‘straight from the box.’. The level of effort and resources needed to deploy AtlasNXT within an organisation is determined by a detailed scoping session. For larger and more sophisticated deployments we provide bespoke onboarding & training plans. Our dedicated web interface and phonelines provide support throughout.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be exported to a CSV file via raising a Customer Support request. ; ; Data on the platform is available for up to 90 days post termination.
• End-of-contract process: The Account Executive will work closely with the customer to determine off-boarding requirements such as data extracts as part of the contract.; ; Some data export may be charge on POA basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Yes; Web Operators; Operators have oversight of the global risks to people and operations across their organisation’s geographical footprint. They can centrally manage events, resources and communications through a browser-based web platform to keep all employees safe, engaged and productive.; ; Smartphone App Users; App users include persons undergoing risks, e.g. staff, customers and partners or our customers, who need to be quickly informed of critical information relevant to their location, and to be given location aware help, when needed.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A variety of interfaces exist for remote devices which provide data into the system, including: location, telematics, ad hoc messages and real-time status. Similarly a small number of commands from the system are returned to the devices. Insofar as users might access our system the web interface standards the same accessibility standards as the rest of our products. We are aiming fro WCAG 2.1 AAA, once we have decommissioned our legacy products.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our user and operator interfaces run on common desktop computers and operating systems and on mobile phones. The assistive tools available on these are able to assist users of our products.
• API: Yes
• What users can and can't do using the API: Currently because of the security restrictions in our markets, the APIs can only be accessed with support from Track 24 Limited. The APIs are being widened cautiously based on demand. Currently we support:; - integrating smartphones, vehicle trackers, handheld trackers; - ingesting data feeds of event alerts etc; - uploading staff details; - uploading map assets such as geofences and coordinates
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers have a variety of possible customisations:; - internal data feeds; - external data feeds; - analytics "insights module"; - smartphones, tracking devices, both; - organisational structure of different team hierarchy models; - creating different specifications of the operator's duties by associating locations with services and users ; ; The customisations, switching features on and off is done by a support or sales request. The organisational features are accessible by any user with "admin" privileges via the web application.

Scaling

• Independence of resources: The system scales linearly, as the deployments are siloed, with separate infrastructure assigned to each customer. The exceptions to this, e.g. storage or cloud databases, e.g. S3, RDS and similar, are all autoscaling.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of Users (web and app users) on platform; Page views
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Some data concerning users will be reportable directly from the platform by the Operator. ; ; Customer Support are also able to support further data export requests.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • KML
  • KMZ
  • Message attachments are stored indefinitely and exported
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • KML
  • KMZ

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Track 24 will use reasonable commercial efforts to ensure that the Software is available for at least 99.9% of the time between 5.00am to 6.00pm (UK hours).; ; Track 24 will use reasonable commercial efforts to ensure the Application is available for at least 99.9% of the time and during any calendar month throughout the Term.; ; Any service refunds agreed will be calculated on a pro-rata basis of usual monthly cost depending on downtime and impact.
• Approach to resilience: Available upon request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The ‘Principle Of Least Privilege’ (POLP) is used meaning that staff at Track24 are granted the minimum access to IT systems and data that they require in order to do their job. Access to all assets must be approved by the respective Asset Owner. Track24 employs two-factor authentication on all critical software.; ; All customer users and operators are assigned a user ID and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 03/11/2023
• What the ISO/IEC 27001 doesn’t cover: No exclusions in reference to the Statement of Applicability or Standard for ISO27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All relevant ISO 27001 policies and processes are implemented and audited on an internal basis mid year and by an external auditor at the end of each year. ; ; The Track24 leadership team recognises its responsibility to maintain and improve information security through our people, processes and technology. The leadership team will convene on an annual basis to review our policies and practices, and to review and forecast any changes in the size or complexity of the IT services being built.; ; Track24 will evaluate and review the information security policies of critical suppliers and partners. We will engage with our critical suppliers and partners to address any differences between our respective IT security policies.; ; The Track24 leadership team also recognises the need for independent auditing of our information security, which will be enacted through periodic reviews.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes go through a stringent change management process documented on JIRA. ; ; Each application will be managed through github and be hosted on three different environments.; ; - Production; - Pre-release; - Development (also sometimes referred to as Staging); ; Each environment will have its own dedicated github branch.; ; Through this methodology, we will not have to manage separate repositories for multiple environments and instead will make use of github branches.; ; Security testing is continuous during development.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scanning is managed by a combination of services, including a system which provides continuous monitoring, and is updated automatically from a cloud-based database of known threats, especially ones which are specific to our technology choices. ; ; Each vulnerability alert and patch release must be checked against existing Track24 systems and services prior to taking any action in order to avoid unnecessary patching. ; ; See below for timeframes for install from date of release:; ; - High priority (security updates with a severity of critical or important - 1 week ; - Low priority (software updates) - 1 month
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring tools in use are:; ; - Paraxial Agent https://hexdocs.pm/paraxial/readme.html; - FoxTech Defend https://www.foxtrot-technologies.com/foxtech-defend/; - AWS CloudWatch - monitoring instance health, CPU usage, network in/out, disk read/write; - Graylog - Log aggregation for troubleshooting; - Twilio - auto notifications for anomalous usage; - Mailgun - devs are subscribed to their status page and we have a failed email notification going to slack; - Pingdom - System uptime statistics; - GuardDuty - Slack notifications of any suspicious activity in our AWS environment
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Processes during incidents and post-mortems are compliant with ISO9001 and ISO27001 and are audited annually. ; ; Whenever there is a security incident there must be a post-mortem conducted after the incident has been resolved and documented in the Security Incident Register.; ; The post-mortem has to cover a description of the incident, what caused the incident, who was responsible for handling the incident, and the resolution that has been implemented. ; ; All post-mortems from each quarter are reviewed and individuals assigned to the post-mortem have to present on the issue.; ; Users can report any incidents via the Customer Support team.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  Communications; Declutter the communications landscape by filtering messages based on people, place and time. Communicate with dispersed workforces easily and efficiently. Maximise cost and time efficiencies by using one system to communicate organisational operations rather than many.; ; Business Continuity; AtlasNXT supports a proactive approach to managing risk and business disruption, which will positively impact operations and cost efficiency, and contribute to employee satisfaction and trust.; ; Duty of Care and Compliance; Protect your employees and assets by providing your duty of care. Protect your brand and reputation by safeguarding your people in line with industry best practices.

  Equal opportunity

  Track24 is committed to valuing diversity and seeks to provide all employees with the opportunity for employment, career and personal development on the basis of ability, qualifications and suitability for the work as well as potential to be developed into the job. ; ; Track24 believe that people from different backgrounds can bring fresh ideas, thinking and approaches which make the way work is undertaken more effective and efficient. ; ; ‘Inclusion’ at Track24 means ensuring that every employee feels comfortable to be themselves at work and that their contribution is valued. ; ; Track24 do not tolerate direct or indirect discrimination against any person on grounds of age, disability, gender / gender reassignment, marriage / civil partnership, pregnancy / maternity, race, religion or belief, sex, or sexual orientation whether in the field of recruitment, terms and conditions of employment, career progression, training, transfer or dismissal. ; ; It is also our teams responsibility, in their daily actions, decisions and behaviour to endeavour to promote these concepts, to comply with all relevant legislation and to ensure that they do not discriminate against colleagues, clients, suppliers or any other person associated with the Company.

  Wellbeing

  Track24 prioritises the following initiatives to promote wellbeing across the team:; ; - Health & Safety - Track24 prioritises health & safety through rigorous safety protocols, ergonomic assessments and access to healthcare resources. ; - Mental Health Support - We offer bespoke mental health support from counselling services to stress management support. ; - Work-Life Balance - We encourage flexible work arrangements, remote working options, and paid time off policies.; - Professional Development - Track24 invests in the professional development of the team through training programs and career advancement pathways. ; - Employee Engagement - Track24 foster a culture of inclusion, collaboration, and mutual respect, where every employee feels values and appreciated.

Pricing

• Price: £18,360 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: - Focused on key modules; - Time-bound, fully-supported trial (4 weeks); - 3-step focus for each module; 2-hour in-depth training; guided training exercise, guided live exercise; - Module evaluation before progression to next trial stage

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at naomi.read@track24.com. Tell them what format you need. It will help if you say what assistive technology you use.