MediShout improves staff productivity of organisations. We aggregate all logistical departments (e.g. IT, stock, equipment, facilities, estates) onto one platform and our app allows staff to instantly report and resolve issues that otherwise delay them. MediShout is applicable to any building relying on logistics e.g. hospitals, care homes, banks, warehouses


  • Instant issue-reporting from staff to those who create change
  • Crowd-sourced building management platform
  • Mobile app connects front line staff to Helpdesks / change-makers
  • Technology platform aggregates all logistical Departments
  • Staff communication
  • Instant issue resolution
  • Big data-analytics
  • Advanced analytics to prevent issues
  • Aggregating Departments and systems
  • Single staff interface


  • Make staff more preductive
  • Prevent delays to staff from logistical issues like broken computers
  • Prevent logistical issues recurring and negatively impacting staff
  • Staff can control their environment so better workforce morale
  • Better efficiencies and work-flows within a building e.g. hospital
  • Staff focus on job e.g. clinicians focus on patient care
  • Collate data on workflows in ways never achieved
  • Save money from inefficient systems and waste
  • Let customers / patients become the focus of the organisation
  • MediShout creates pathways where there were none


£50 to £200 per unit per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

1 3 9 2 3 8 8 8 5 8 5 2 2 3 4



Ashish Kalraiya


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Staff use the MediShout app to report logisitcal problems e.g. broken computers, missing stock. This information then directly feeds into existing Helpdesks or IT systems within the customer's organisation, or the customer can use the MediShout Dashboard as a stand-alone product to see any issues that have been sent.
Cloud deployment model Public cloud
Service constraints Nil
System requirements
  • Organisations just need the internet to access MediShout messages
  • To actually send messages, staff need smart-phones, tablets or computers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times A dedicated Technical Support Team can be accessed by customers Monday to Friday 9am - 5pm (excluding Bank Holidays) via email or phone call.

For emergency issues that arise at any time in the evening, weekend or Bank Holiday: customers will have a dedicated phone number to contact a member of our team. Said person will have the capacity to either fix the problem, shut down the system temporarily or call for additional technical support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels MediShout is offered to customers on a monthly subscription fee. Included in this fee are two levels of support:

1. Account Manager - named and assigned to each customer. This person will offer support on the product, features, optimizing functionality and outcomes.

2. Technical Support - for any technical issues relating to the software, we offer Monday to Friday 9am to 5pm support to resolve any issues. For emergencies we provide an out of hours and Bank Holiday phone number to contact.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once a customer has signed up to MediShout we customise the product to their needs e.g. adding building areas, categories and assigning who receives information. Thus the foundations are all set-up.

Thereafter, we provide training (onsite or online, based on customers preference) on how to manage and adapt features plus how to optimise use of our product. We leave customers with documentation for ongoing reference plus they have an assigned Account Manager to ask further questions of at any time.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can extract data at any stage from the MediShout Dashboard by simply clicking an "Export Data" button. This will be available to customers up until their contract ends.
End-of-contract process We offer MediShout on a monthly subscription fee. Included in the price is: onboarding, data storage and security, unlimited app downloads for users, full access to the MediShout platform, technical support, an assigned Account Manager, data extraction. At a premium price, we can integrate with existing Helpdesks and provide advanced data-analytics on improving organisational efficiency for the customer. At the end-of-contract the customer can choose to continue using MediShout. If they decline to continue using MediShout's services, written notification must be sent to our team. MediShout will then offer the customer a time-frame within which they can export all data that has been generated during the use of our services. Thereafter, the customer will be removed from the MediShout platform and app, and their staff's access to our website and app will be blocked.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service 1. To send a message regarding a logistical problem staff can use our mobile app (on Apple or Android smart phone devices) or on desktops - the user experience between mobile and desktop services is identical. Staff using MediShout to report issues will have to submit the same information whether using mobile or desktop. The only feature that mobile customers benefit from is the ability to attach photos. 2. To access the MediShout Dashboard to see information sent, customers will need a computer (desktop or laptop) and must log-in to the MediShout website using the internet.
Service interface No
Customisation available Yes
Description of customisation Customers get access to the MediShout Dashboard which they can access via the internet. Here they can customise the app and "back-end" to their specific requirements. For example, they can add building areas, categories, assign where information goes and manage user lists.


Independence of resources Customers accounts are separated across our main framework so will not be affected by other users on the service. We have sufficient bandwidth to cope with as many customers as required, thus no interruption to services should be experienced by any customer. This has been calculated by our team who can predict the maximum number of issues that occur within any given organisation based on factors such as building size and staff numbers.


Service usage metrics Yes
Metrics types We provide: 1. How many issue messages have been sent 2. How many issue messages have been resolved (and thus how many outstanding) 3. Number of staff that have downloaded the app 4. Which areas in the customer's building are having the most issues 5. How much time of staff is being wasted by logistical problems 6. Which category of issue (e.g. IT, housekeeping, equipment etc) is causing most issues to the organisation
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers are granted a log-in and password to the MediShout Dashboard where they can view all of their own data. This can be exported instantly by simply clicking an "Export Data" button.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The platform and app are offered immediately as soon as contracts are signed and returned to the MediShout team. SLA's focus on technical specification to be provided and the process for fixing any possible bugs. In the unlikely event of service downtime exceeding 48 hours, a daily compensation will be made for each day of service not provided. This will be based on the rate paid by customers and returned either via direct bank-transfer to the customer or by reducing the payment requirements in the following month's invoice.
Approach to resilience Available on request
Outage reporting Outages are mainly reported via emails to users and customers. Failing this we would contact the customer via telephone directly. We have a public facing website which would also explain if this occurs. We would send out push notifications to apps, if the app itself was not affected by the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to management interfaces and support channels are restricted through identify federation with two factor authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 18/04/2017
What the ISO/IEC 27001 doesn’t cover The platform and infrastructure that hosts the software is ISO/IEC 27001 compliant. The current software applications themselves do not have certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Data is encrypted in transmission and at rest. Our Cloud server is both ISO 27001 and ISO 27017 certified amongst others. We have a technical support email and a contact number for first line reporting, and this gets escalated to the Head of Product and then CTO/CEO who ensure policies regarding security are stringently followed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management is performed through the use of modern software tools and established change management processes. Code is versioned through source control and deployed on sandbox systems to allow thorough testing, before a change is deployed to clients. Changes are tracked using an internal system, customers can call to request an update on progress, or access the change management portal directly.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Regular vulnerability scans are scheduled on our cloud service to ensure new vulnerabilities are identified swiftly and can be patched. Once a vulnerability is visible, it is scheduled into development as a priority to ensure it can be deployed quickly and the service remains secure.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Application and hardware logs are utilised internally to monitor any potential risks or threats. This includes the use of alerts which allow us to respond and mitigate potential issues quickly.
Incident management type Supplier-defined controls
Incident management approach Incidents can be triggered by automated alerts, or users contacting us by phone or email. Once an incident has been raised, it is assessed in line with our support levels to determine the scale and severity of the incident. Incidents of small-severity can be tracked within an online system, those larger in scale will be led by an Incident Manager who will keep the afflicted parties informed and later provide an incident report on what happened, what action we have taken, and any action users should take.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 to £200 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial There is potential for a free 6 month service with unlimited app users and platform use. This would depend on the nature of the agreement with the customer. Hard integration with existing systems would not be included.

Service documents

Return to top ↑