Phoenix Software Ltd

FLEX AI Website Brand Bot

The FLEX AI Website Brand Bot uses AI technology and self service to increase website engagement and 24/7.


  • OneStopBot Concierge – One place for hundreds of skills
  • Enhanced Chat and Voice NLP, 6 Cognitive API’s
  • Extensible Skills model and Store, Add skills to your Bot
  • Library of Prebuilt Skills and personalities Ready to Deploy
  • Enhanced, Accessible Web-client , Multi language, brandable, accessible web client
  • Intent analytics captures each user’s interaction


  • Increase customer satisfaction and retention with omni-channel digital engagement
  • Reduce service delivery and contact costs through digital engagement 24/7
  • Understand customer interests and concerns via intent analytics
  • Improve customer inclusion and accessibility capabilities
  • Improve Ethics, Inclusion, Accessibility with the GOVTECH AI framework
  • Surface existing business systems for rapid deployment


£30000 per unit

Service documents


G-Cloud 11

Service ID

1 1 8 1 8 0 4 8 1 8 3 1 7 7 1


Phoenix Software Ltd

Jonny Scott

01904 562200

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The following Microsoft licensing is required for the FLEX AI bots; An Azure Subscription Optional SharePoint Online Plan 1 or Plan 2 Office 365 E1 or E3 or E5 Suite
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints Azure Subscription / Optional Office 365 E1 or E3 or E5 / Optional Sharepoint Online Plan1 or Plan2
System requirements
  • Windows Server 2016+
  • IIS 8.0+
  • SQL Server (Std/Express) 2012+ / SQL Azure
  • SharePoint Online
  • Microsoft .NET Framework 4.7.2 +
  • Microsoft Azure Cognitive Services
  • Ubuntu 16.0 +

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The response time is either 24 hour or 72 hours, depending on the contract signed by the client and applies during working hours from Monday to Fridays
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The Support levels are as follows and the SLA for an Urgent issue is a fix or workaround within 24 hours or 72 hours, dependent on contract: 1.Urgent - System not responding or critical function loss that affects all users; 2. High - A function loss that causes significant disruption to business and users; 3. Normal - Function loss that affects some users but will not stop them from being able to do other tasks; 4. Low - A cosmetic issue or a minor function loss that affects some users; This service, up to an agreed number of hours per month is included in the cost of the Licence for the Citizen Services bot. Additional support hours can be purchased if required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Through online training for power users
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats MS Word
End-of-contract data extraction All user content is stored within the customers cloud environment
End-of-contract process The software is decomissioned and product artifacts are removed from the customers Azure subscription and Office 365 tenant. No user content is affected.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface No
Customisation available Yes
Description of customisation Developers can modify and extend the product using the administrative tools and SDK.


Independence of resources The service is installed either locally on premise or on dedicated cloud resources, for each individual customer. Service infrastructure is scaled according to customer requirements.


Service usage metrics Yes
Metrics types Chat logs for all users are available including conversation data, searches and user selections.
Reporting types Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold ICS

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Azure provides physical access. No user content is stored within the FLEX configuration database, all content is stored in client applications or in Office 365/SharePoint.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Extraction not required, no customer data stored within product
Data export formats Other
Other data export formats Extraction not required, no customer data stored within product
Data import formats Other
Other data import formats Interaction with bot, upload to customer data repositories

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network No data is transferred from customer managed  networks

Availability and resilience

Availability and resilience
Guaranteed availability Availability is governed by infrastructure design as part of a deployment project. Load balancing and DR options are available.
Approach to resilience Client facing application can be hosted on multple servers and back end processes can be moved between servers in the event of a primary server outage
Outage reporting Windows monitoring tools (System Centre, Nagios, etc) can be used to monitor service and report on outages

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Active Directory Users and Groups
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication As the service is run from the clients Azure subscription, they have a choice as to which mechanism to use for management access. This can include 2 factor authentication with user name and password or other options such as Azure Vault

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 N/A hosted in Azure which is compliant
ISO/IEC 27001 accreditation date N/A hosted in Azure which is compliant
What the ISO/IEC 27001 doesn’t cover N/A hosted in Azure which is compliant
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 N/A hosted in Azure which is compliant
ISO 28000:2007 accreditation date N/A hosted in Azure which is compliant
What the ISO 28000:2007 doesn’t cover N/A hosted in Azure which is compliant
CSA STAR certification Yes
CSA STAR accreditation date N/A hosted in Azure which is compliant
CSA STAR certification level Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover N/A hosted in Azure which is compliant
PCI certification Yes
Who accredited the PCI DSS certification N/A hosted in Azure which is compliant
PCI DSS accreditation date N/A hosted in Azure which is compliant
What the PCI DSS doesn’t cover N/A hosted in Azure which is compliant
Other security certifications Yes
Any other security certifications Cyber Essentials Scheme (Basic Tier)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Achieved by the responsible Director mandating & reviewing  organisation-wide information security policy that is supported by lower level security policies, procedures and guidelines (such as the information security, risk and compliance management structures, reporting lines, divisions of responsibility, delegated authorities and so forth).
Information security policies and processes The Business Operations Director is responsible for setting and reviewing the following: Password Policy, Backup Policy, Network Access Policy, Remote Access Policy, Virtual Private Network (VPN) Policy, Guest Access Policy, Third Party Connection Policy, Network Security Policy, Mobile Device Policy, Retention Policy, Physical Security Policy, Email Policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The solution is deployed using a Continuous Integration /Continuous Deployment methodology which is part of the Azure DevOps Service. DevOps is the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.
Vulnerability management type Undisclosed
Vulnerability management approach The FLEX AI Service is hosted on servers within the customers network and we recommend that Windows Server security and hardening best practices are followed where applicable. The FLEX AI Service requires authentication and any security vulnerabilities are patched as a priority once discovered. Penetration test can be arranged at the request of the customer.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The FLEX AI Service is hosted on servers in the customer network. The FLEX Service requires authentication to access and through the use of web server logs and FLEX Service logs patterns of inappropriate use can be identified. When an incident is reported ICS works with the customer to resolve the issue and update any configuration issues and will provide a patch or update where necessary. FLEX AI security issues are logged as priority 1 calls are dealt using appropriate SLAs.
Incident management type Supplier-defined controls
Incident management approach The product support team follow defined processes around logging, assigning, escalating and resolving issues. Nominated service users can report issues via a dedicated web portal, email address or telephone number and are regularly informed of incident progress. Incident report updates are available via the web portal or by contacting the support team.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £30000 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Limited period access to fully featured demo environment
Link to free trial Environment provisioned per user

Service documents

Return to top ↑