Skip to main content

Help us improve the Digital Marketplace - send your feedback

ALCOHOL MONITORING SYSTEMS LIMITED

Remote Breath Alcohol Monitoring as a Service

SCRAM Remote Breath® Pro provides versatile breath alcohol monitoring with options for scheduled, random, on-demand, and client-initiated testing for low-risk clients. Enhanced facial guidance and verification software decreases manual photo review by over 90%, allowing officers more time to spend on their caseloads and clients.

Features

  • Automated, noninvasive monitoring
  • Samples perspiration continuously, transmits every 30 minutes for alcohol content
  • Industry-leading anti-tamper technology
  • Data analysis of every alert
  • Validated by 10+ years of independent, peer-reviewed research
  • Customer care provided by 24/7 Support Centres

Benefits

  • Continuous, automated testing means no drinking around test schedules
  • Single-source admissibility–no back-up tests required
  • Accurate results–conclusively distinguishes alcohol consumption vs. environmental alcohol
  • Ankle-worn tag allows clients to maintain family and work obligations

Pricing

£2.50 to £2.80 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asethi@scramsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 1 5 9 9 0 4 3 7 7 9 4 2 1 6

Contact

ALCOHOL MONITORING SYSTEMS LIMITED Amit Sethi
Telephone: 0207 268 4852
Email: asethi@scramsystems.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
None.
System requirements
  • Desktop with the latest Chrome, Firefox or Internet Explorer browsers
  • Windows 10 desktops or later
  • Requires client electronic monitoring tag (bracelet).

User support

Email or online ticketing support
Email or online ticketing
Support response times
Service levels are agreed upon during procurement process.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available through the product user interface "Live Chat" option.
Web chat accessibility testing
Have not tested with assistive technology users.
Onsite support
Yes, at extra cost
Support levels
Customer support is available 24/7/365 support to all customers at no extra cost. This includes phone, email, and live chat. Onsite support is available as needed. Technical account manager and cloud support engineer provided as needed. Service levels, if any will be discussed during procurement process.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Both onsite and online training are provided. All initial training is
provided and included at no additional cost to the government agency. In addition to the initial training, all refresher training and written documentation is available online.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Video
End-of-contract data extraction
For customers who would like to extract their data on the conclusion of contract - that is a capability that is available to our customers.

End of contract process will be agreed upon during procurement process.
End-of-contract process
End of contract process and any associated costs will be discussed and agreed upon during the procurement process.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Service management is conducted through the SCRAMnet Optix (online portal) and mobile interfaces.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
There has not been testing with users of assistive technology.
API
Yes
What users can and can't do using the API
The solution has a RESTFul API set which allows them to among other things
1. Inquire about the Alerts
2. Setup users / get user info / delete users / update user info
3. Get billing information
4. Get information on Service Providers and Agents managing users
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
We have designed a multi-tenant application that is monitored on a continuous basis. The monitoring allows us to update and upgrade the systems without interruption. We also are using VM technology to allow for the movement of systems and needed resources to the appropriate server, application or service quickly without interruption of the user. Our application is designed to be stateless allowing for the movement to a redundant environment / server with little impact to any user of our service.

Analytics

Service usage metrics
Yes
Metrics types
The number of Users ,
The number of Clients
The number of Releases /month
The average response time
The compliance rates of clients
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data by using several of the reports which are available to them
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our SLAs are 99.9% except for areas that we have no control over such as cellular system outages, data center disasters; however, through redundancy (we have fail over facilities) and resiliency (applications have automated recovery routines). In all cases where we have an outage we examine the ability to improve the systems with higher availability services when and where available. In the case of refunds they are proportional to the time of the out outage.
Approach to resilience
Resilience in the case of our systems is viewed differently from system redundancy. Redundancy would be having multiple occurrences or fail over occurrences of application servers, network connections, etc. Resilience is the architectural design of the application where the application has the ability to correct for issues or to restart when a failure occurs. Resilience is using application architecture to ensure the continued processing when the application encounters a problem. Our applications are designed with both redundancy and resiliency principles.
Outage reporting
Our services have multiple methods of reporting outages. There are simple issues which will be e-mailed, SMS text messages, we have instrumentation with display on critical services and we can display some information in a dashboard (not a public dashboard). And our employees are 24x7 on call and may detect an issue before or monitoring software alerts to a situation.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are controlled with both role based authentication as well as username and passwords.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Perry Johnson Registrars, Inc
ISO/IEC 27001 accreditation date
03/11/2017
What the ISO/IEC 27001 doesn’t cover
Development, Support and Operation of the SaaS Platform for Alcohol Monitoring and Offender Management Services (Statement of Applicability: 28/02/2017 Version 1.2)
Certificate No: C2016-03050-R1
Revision Date: November 3, 2017
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are an ISO 27001 audited organization and complete an annual review with audit findings and continued registration as an ISO 27001 accredited organization. Additionally, we were granted our ISO 27701 certification, which is an extension of ISO 27001 that provides guidelines for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It builds upon the requirements of ISO 27001 and extends them to cover privacy management aspects. ISO 27701 aims to help organizations manage and protect personally identifiable information (PII) in accordance with applicable privacy regulations and requirements, such as the General Data Protection Regulation (GDPR).
Security policies are define at a corporate policy level and we use DarkTrace behavior monitoring to ensure compliance with best practices in security. There are also annual audits to ensure compliance of security polices with penetration testing, both internal and external.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The facilities are SSAE 16 audited, security is examined and penetration audit are conducted and the application services are ISO 27001 audited for compliance to best practices. Each of the published audits by outside audit groups create management reports for improvements and verification that we are following best practice standards. System hardware is reviewed and update on a regular basis and Nessus scans are completed on the systems and applications on a quarterly basis.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The facilities are audited each year for SSAE 16 and the systems and application is reviewed both internally and externally. We have a annual external review for attack surface with penetration testing and we internally complete Nessus scans and OWASP scans of our applications on a quarterly basis. We deploy patches quarterly to our servers and more frequently to our desktops. Our applications are maintained in an Agile environment and are updated every other week. We are warned of threats by KnowB4, Trend Micro, Sonic Wall, DarkTrace and Dell Secure Works.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We comply with SSAE 16 for our Physical facilities and ISO 27001 for our application and computing best practices. Our systems are being scanned on a quarterly basis and we have preventative monitoring by DarkTrace with is a behavior monitoring system to identify abnormal behavior and notify the Operation team of the unusual behaviors of an individual or a device in the network. When we see a potential compromise it is classified from information to critcal. Information we inquire and ask the offender to discuss, critical we would respond immediately. We have an Incident management policy that governs our response.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We use have SSAE 16 for physical and ISO 27001 for our applications. We have a incident response process with an OCCM (On Call Crisis Manager) which is responsible for handling both user reported incidents; as well as, system reported incidents. Our incidents are reported to management via the ISO 9001 Corrective Action Preventative Action (CAPA) process and the ISO 27001 Incident Reporting process. We also provide incident reports to our customers upon request or as agreed to in our notification requirements as defined by our services contract.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

At SCRAM Systems, we encourage employee carpooling, In addition, we have consolidated some of our shipping pick-ups/drop-offs to reduce the number of trips. SCRAM Systems seeks to help the fight against climate change multiple initiatives and holds certificates in the following: - ISO14001 (Environmental Management System) - Waste Electrical and Electronic Equipment (WEEE) Directive - ROHS - Restriction of Hazardous Substances Directive.

Covid-19 recovery

To assist in Covid-19 recovery, SCRAM Systems:
- encouraged work from home for those who were able to do so.
- did not lower salaries or have any layoffs due to COVID-19.
- followed all federal, state, tribal, and local guidelines during the
pandemic.

We also mitigated exposures and illnesses by:

- restricting business travel, paid for testing as needed, paid
employees with Families First COVID Recovery Act who became ill
or needed to isolate.
- instituting rigorous and frequent cleaning and disinfecting protocol
within the offices.
- providing PPE for all employees that had customer-facing positions.
- providing disinfecting cleaning materials and multiple hand sanitizing dispensers were installed in all offices.
- checking temperatures of all visitors and employees prior to
entering the building.
- immediately sending home symptomatic individuals or asked to stay home if they had any COVID-19 symptoms.
- upgrading ventilation system filters to the FDA recommended
specifications.

Tackling economic inequality

We focus on ensuring our staff have the right skills and are paid fairly for the work being completed through various processes. Our recruiting process allows us to review skills and previous experience that match the role. Prior to offering employment, we undergo a full compensation analysis for the position based on the duties the position would require. We use a compensation benchmarking system that allows us to review the market against the hiring area. After hiring, SCRAM Systems’ Human Resources Team completes at minimum an annual review of compensation through our merit review process. During this process, not only is compensation reviewed against the performance of said duties, but a market analysis is completed for each role. During this market analysis, the company determines the market compensation and will make adjustments to pay rates as necessary to continue to be an employer of choice and in line with market rates. Lastly, when posting new roles internally, pay rates are transparent for all to understand the pay range for specific roles.

Equal opportunity

SCRAM Systems is dedicated to the principles of equal employment opportunity in any term, condition, or privilege of employment. In addition, SCRAM Systems does not discriminate against applicants or employees on the basis of disability, race, creed, color, sex, sexual orientation, gender identity, religion, age, national origin, ancestry, military or veteran status, pregnancy, genetic profile, marital status, or any other status protected by national, state, or local law. This prohibition includes unlawful harassment based on any of these protected classes. Unlawful harassment includes verbal or physical conduct that has the purpose or effect of substantially interfering with an individual’s work performance, or creating an intimidating, hostile, or offensive work environment. This policy applies to all employees, including managers, co-workers, and non-employees such as customers, clients, vendors, consultants, etc. To ensure those covered under this policy have a safe and secure location to report potential findings, SCRAM Systems has provided a confidential human resources line that allows for anonymous reporting of harassment, inequality issues, retaliation/victimization, and more. SCRAM Systems prohibits retaliation/victimization against any employee for filing a complaint under this policy or for assisting in a complaint investigation. SCRAM Systems also strives to provide reasonable accommodation for qualified individuals with known disabilities. This policy governs all aspects of employment, including recruiting, selection, job assignment, promotions and transfers, compensation, discipline, termination, access to benefits and training, and any other term or condition of employment.

Wellbeing

Our Employee Assistance Program, LifeWorks is a free support resource available to all employees. LifeWorks supports a person's total wellbeing – mental, physical, financial, social – helping them be their best and most productive self. In addition, to maintain a positive social and psychological environment for employees, SCRAM Systems provides many company events that include social gatherings, sports activities, as well as yearly health screenings on-site.

Pricing

Price
£2.50 to £2.80 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asethi@scramsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.