ALCOHOL MONITORING SYSTEMS LIMITED

Mobile Application for Client Management and Engagement as a Service

The SCRAM TouchPoint mobile app enhances communication between clients and officers while making community corrections programs more efficient. With secure and stored messaging, configurable mobile phone check-ins, and automated electronic monitoring reminders, SCRAM TouchPoint increases compliance by helping both low- and high-risk clients successfully complete the terms of their supervision.

Features

• Mobile phone check-in
• Secure, persistent messaging
• Automated electronic tagging reminders
• Document upload and storage

Benefits

• Consistent and convenient client engagement
• Simple to user interface
• Built on well know smartphone platforms
• Saves officer time managing client engagement
• Saves client travel and office time
• Provides maintenance and other reminders for EM tagging clients
• Delivers a persistent record of client/officer interactions

£0.05 to £0.35 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asethi@scramsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

787760685338311

Contact

Amit Sethi
0207 268 4852
asethi@scramsystems.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Works as a standalone service or may be used in conjunction with SCRAM electronic tagging solutions and the SCRAM Nexus Evidence Based Practices decision support solution.
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Clients requires iOS/Android smartphone
  • Officers must have Windows 11 desktops or later
  • Chrome (recommended), Edge or Firefox browser on officer management station

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service levels are agreed upon during procurement process
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is available through the officer management software "Live Chat" option
• Web chat accessibility testing: Have not tested with assistive technology users
• Onsite support: Yes, at extra cost
• Support levels: Customer support is available 24/7/365 from a service center based in the US. Support includes phone, email and live chat. Onsite support is available as needed. Technical account management and cloud support engineer provided as needed. Service levels will be discussed during procurement process.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Both onsite and online training are provided; all initial training is included at no additional cost to the agency; in addition to initial training, refresher training and documentation is available on-line
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: End of contract data extraction will be agreed upon during the procurement process
• End-of-contract process: End of contract process and any associated costs will be agreed upon during the procurement process

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Officers access the management services through a browser on their desktop PC; client access is through a mobile app that is available in the Apple App Store and Google Play Store.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service management is conducted through the SCRAMnet, Optix and mobile interfaces
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: There has not been testing with users of assistive technology
• API: Yes
• What users can and can't do using the API: The solution has a RESTFul API set which allowsthe to 1) query alerts 2) set-up users 3) get billing information 4) other services
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: This multi-tenant application is hosted in Microsoft Azure and is monitored both by SCRAM Systems and Microsoft on a continuous basis; monitoring allow updates and upgrades to the system without service interruption; the solution is stateless allowing for the movement to redundant systems with no or minimal impact to service

Analytics

• Service usage metrics: Yes
• Metrics types: Number of clients
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can extract data using pre-configured reports
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our SLAs are 99.9% except for things over which we have no control such as cellular system outages, data center disasters; however, Microsoft maintains a robust network of redundant data centers; in the event that refunds are required, they are proportional to the duration of the outage
• Approach to resilience: Resilience is built into the SCRAM architecture--applications have the ability to correct for issues or to restart when a failure occurs and the SCRAM platform ensures continued processing when applications encounter problems.
• Outage reporting: SCRAM services have multiple methods of reporting outages including e-mail and SMS texts; instrumentation on the user display is also used to report system status; the SCRAM help desk is staffed 24/7 and may detect and notify users of issues before monitoring software sends an alert.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are controlled with both role based authentication in addition to usernames and passwords
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Perry Johnson Registrars, INC.
• ISO/IEC 27001 accreditation date: 10/17/2019
• What the ISO/IEC 27001 doesn’t cover: Development, Support and Operations of the SaaS platform
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are an ISO 27001 audited organization and complete an annual review with audit findings and continued registration as an ISO 27001 accredited organization. Additionally, we were granted our ISO 27701 certification, which is an extension of ISO 27001 that provides guidelines for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It builds upon the requirements of ISO 27001 and extends them to cover privacy management aspects. ISO 27701 aims to help organizations manage and protect personally identifiable information (PII) in accordance with applicable privacy regulations and requirements, such as the General Data Protection Regulation (GDPR). ; Security policies are define at a corporate policy level and we use DarkTrace behavior monitoring to ensure compliance with best practices in security. There are also annual audits to ensure compliance of security polices with penetration testing, both internal and external.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SCRAM manages configuration and change management adheres to ISO 27001 recommendations and includes and approval process, communication, roll-back and emergency contingencies. Each ISO audit generated management reports for analysis and improvement; system hardware is reviewed and updated on a regular basis and scans are complete on the systems and applications on a quarterly basis.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SCRAM and Microsoft facilities are audited annually and the systems are reviewed internally and externally; an annual external review assesses attack surfaces and assesses penetration threats; patches are deployed quarterly or as needed to network, server and desktop infrastructure; applications are maintained in an Agile environment and are updated as necessary.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Systems are scanned on a regular basis and behavioral monitoring by industry leading software alerts SCRAM security experts of unusual behavior of individuals and devices; SCRAM preventative monitoring policy conforms to industry best practices.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SCRAM Systems has a crisis management professional available at all times responsible for handling both user reported and system generated events; Incidents are reported to management through the ISO 9001 Corrective Action Preventative Action (CAPA) process and ISO 27001 Incident Reporting Processes; notifications are routinely provided to customers and consistent with notification requirements defined in the service contract.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At SCRAM Systems, we encourage employee carpooling, In addition, we have consolidated some of our shipping pick-ups/drop-offs to reduce the number of trips. SCRAM Systems seeks to help the fight against climate change multiple initiatives and holds certificates in the following: - ISO14001 (Environmental Management System) - Waste Electrical and Electronic Equipment (WEEE) Directive - ROHS - Restriction of Hazardous Substances Directive

  Covid-19 recovery

  To assist in Covid-19 recovery, SCRAM Systems:; - encouraged work from home for those who were able to do so; - did not lower salaries or have any layoffs due to COVID-19; - followed all federal, state, tribal, and local guidelines during the; pandemic; ; We also mitigated exposures and illnesses by:; ; - restricting business travel, paid for testing as needed, paid; employees with Families First COVID Recovery Act who became ill; or needed to isolate; - instituting rigorous and frequent cleaning and disinfecting protocol; within the offices; - providing PPE for all employees that had customer-facing positions; - providing disinfecting cleaning materials and multiple; hand sanitizing dispensers were installed in all offices; - checking temperatures of all visitors and employees prior to; entering the building; - immediately sending home symptomatic individuals or asked to stay home if they had any COVID-19 symptoms; - upgrading ventilation system filters to the FDA recommended; specifications

  Tackling economic inequality

  We focus on ensuring our staff have the right skills and are paid fairly for the work being completed through various processes. Our recruiting process allows us to review skills and previous experience that match the role. Prior to offering employment, we undergo a full compensation analysis for the position based on the duties the position would require. We use a compensation benchmarking system that allows us to review the market against the hiring area. After hiring, SCRAM Systems’ Human Resources Team completes at minimum an annual review of compensation through our merit review process. During this process, not only is compensation reviewed against the performance of said duties, but a market analysis is completed for each role. During this market analysis, the company determines the market compensation and will make adjustments to pay rates as necessary to continue to be an employer of choice and in line with market rates. Lastly, when posting new roles internally, pay rates are transparent for all to understand the pay range for specific roles.

  Equal opportunity

  SCRAM Systems is dedicated to the principles of equal employment opportunity in any term, condition, or privilege of employment. In addition, SCRAM Systems does not discriminate against applicants or employees on the basis of disability, race, creed, color, sex, sexual orientation, gender identity, religion, age, national origin, ancestry, military or veteran status, pregnancy, genetic profile, marital status, or any other status protected by national, state, or local law. This prohibition includes unlawful harassment based on any of these protected classes. Unlawful harassment includes verbal or physical conduct that has the purpose or effect of substantially interfering with an individual’s work performance, or creating an intimidating, hostile, or offensive work environment. This policy applies to all employees, including managers, co-workers, and non-employees such as customers, clients, vendors, consultants, etc. To ensure those covered under this policy have a safe and secure location to report potential findings, SCRAM Systems has provided a confidential human resources line that allows for anonymous reporting of harassment, inequality issues, retaliation/victimization, and more. SCRAM Systems prohibits retaliation/victimization against any employee for filing a complaint under this policy or for assisting in a complaint investigation. SCRAM Systems also strives to provide reasonable accommodation for qualified individuals with known disabilities. This policy governs all aspects of employment, including recruiting, selection, job assignment, promotions and transfers, compensation, discipline, termination, access to benefits and training, and any other term or condition of employment.

  Wellbeing

  Our Employee Assistance Program, LifeWorks is a free support resource available to all employees. LifeWorks supports a person's total wellbeing – mental, physical, financial, social – helping them be their best and most productive self. In addition, to maintain a positive social and psychological environment for employees, SCRAM Systems provides many company events that include social gatherings, sports activities, as well as yearly health screenings on-site.

Pricing

• Price: £0.05 to £0.35 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at asethi@scramsystems.com. Tell them what format you need. It will help if you say what assistive technology you use.