EcoOnline

StaySafe

StaySafe is an app and cloud-based monitoring solution which provides personal protection for lone workers.
Our easy to use App enables employees to check-in safely and request immediate assistance in an emergency, while the monitoring Hub allows for full location visibility and alert response management.

Features

• Simplest to use lone worker smartphone app solution
• Fall detection, timed sessions/welfare check plus panic/duress/discreet alarms
• Driving mode ensures compliance with new driving laws
• Low signal mode - 16% more coverage than other solutions
• Easy on-boarding including unique interactive approach
• Monitoring in-house or through an external service
• User controls protect personal privacy
• Real-time location monitoring with configurable map overlays
• Full reporting - onboarding/usage statistics and incident audit trails
• Certified to Cyber Essentials Plus and BS8484

Benefits

• Protects your employee's privacy
• Enables you to meet your legal duty of care
• Smartphone based, always available, familiar and easy to use
• Supports your employees working isolated from colleagues or supervisors
• Highly configurable to match your organisation structure and H&S processes
• Provides effective response or assistance when and where needed
• Simple roll -out, get up and running within 24 hours
• Understand your user engagement and address issues with it
• Audit trail provides you with post incident report and learning
• Best coverage delivering more user support through low signal mode

£23 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

944584233681140

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Up to date internet browser and internet connection and compatible mobile required.
• System requirements:
  • Web browser for administrators and responders
  • Internet access
  • Apple or Android phone for app users.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The supplier of our web chat (Intercom) has completed the necessary testing to ensure that our chat is accessible through screen readers and can be accessed without the need for a keyboard or trackpad. Finally, the contrast and colours make sure the dialogue is easily viewable by any visually impaired users
• Onsite support: Yes, at extra cost
• Support levels: Each customer has access to an commercial and operational manager to provide advice and guidance on setting up the StaySafe system and its maintenance into the future. Regular contact and reviews take place to ensure smooth running of the system and the latest functionality is being taken advantage of.; ; Each user of the system has direct access to their Customer Success rep or can reach out through one of our support channels.; Users can access a wealth of hosted training, support and video materials through our online help centre.; ; We provide online training sessions and lightly customised training and communication materials for users as standard and can provide more detailed training materials (POA) or on-site training for an additional fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: StaySafe has developed an entirely automated on-boarding process that users can follow, with each user's progress tracked and made available.; ; Users are invited to the system via email with instructions on how to access the system, once they have selected their password they are required to complete our in-App training program where users are educated on the fundamentals of the App through an interactive process. Only once this training has been completed can a user begin to use the App.; ; Once on-boarded we will provide the user with user guides and videos with more detailed information on how the system works, this is then followed with a series of emails with further information such as FAQ, common problems with their solutions and how to work with the limitations of the system.; ; In addition, we provide online training sessions as standard along with onsite training and refresher training when appropriate.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Clients can download directly from the online web service.
• End-of-contract process: Users are advised that the service is coming to an end at an agreed date with the client. They then receive an additional message on date of service end. Clients have the ability to export all data from the system directly .

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Lone workers access the service via the mobile app. Monitors and administrators make use of the desktop service.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Integrations are available to support onboarding/ inviting new users to the system, manage any changes to users profiles and offboarding them. We also have a number of endpoints for reporting purposes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Organisational Administrators can control all levels of customisation available in the system. They have control of team structures, user management, along with customising the features required on an organisational level or a team level. A team administrator has access to the features & users of their team.; ; Features that can be customised are; check-in duration, session notes, audible alerts, low signal mode, map layers, response procedures & alert escalation policies.; ; Lone workers have access to customise settings in their app for their personal requirements. Customisations include audible alert settings, non-movement detection, discreet panic & location update frequency.

Scaling

• Independence of resources: Our services use AWS as the platform for delivery. We have used AWS best practice in terms of scalability and throughput. Extra resources are therefore dynamically made available in response to any increases in demand. Each of our users are therefore not affected by demands put on the service by others.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide usage data split by organisation/team/individual. This includes reports on all the alerts we process. We also provide onboarding data
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users do a direct export form the web based portal.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.; ; Our internal uptime SLA is 99% within each calendar month. ; ; We have an internal support SLA for all enquiries to be picked up within 24 hours.
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency with applications running from multiple data centres with most component in an active/active configuration.
• Outage reporting: Our internal uptime SLA is 99% within each calendar month. ; ; We have an internal support SLA for all enquiries to be picked up within 24 hours. ; ; Appropriate communications are sent in the event of any service issues,

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: For customers, we offer a permissions hierarchy to prevent access to sensitive and personally identifiable information within the management platform. This could include access to real-time locations of Lone Workers, historical locations and personal details. This ensures that management within the customer only have access to data that they should.; ; For EcoOnline, we have a permissions hierarchy where employees only have access to customers for who they are responsible for.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).; The Company will:; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees. ; ; Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.; ; In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.; ; Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.; ; Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

  Tackling economic inequality

  To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.

  Equal opportunity

  Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together. ; Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.; ; Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.; ; We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination

  Wellbeing

  EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching. ; ​​​; We offer a wide range of support globally which included​ within our MS Teams Channel: Wellbeing Hub​; ; ​Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly. ; ; At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

• Price: £23 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free version of the solution for a timeboxed period,

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.