Phoenix Software Ltd

FLEX AI Medical Assistant

The FLEX AI Medical Assistant is an artificial intelligence assistant designed to support medical staff in self-serving hospital services 24/7.
Junior medical staff spend more time on clerical work than practising medicine and many of the tasks can be repettive and prime for automation.


  • OneStopBot Concierge – One place for hundreds of skills
  • Enhanced Chat and Natural Language Support
  • Extensible Skills model and Store, just like Alexa
  • Library of Prebuilt Skills and personalities Ready to Deploy
  • Enhanced, Accessible Web-client , Multilanguage, brandable, accessible web client
  • Intent analytics captures each user’s interaction
  • Push notifications can alert staff when admitting and discharging patients
  • Access curated medical knowledge with 24/7 self-service
  • Staff can report a clinical incident instantly


  • Improve digital engagement by providing instant answers 24/7
  • Enable staff to self-serve all services through natural language
  • Reduce support and contact costs by up to 60%
  • rapid deployment, be ready in weeks not months
  • Ethics, Inclusion, Accessibility and compliance built in
  • Easy to continuously improve your service
  • Staff can manage clinical entries and gain access to guidelines
  • Book investigations and edit theatre lists instantly
  • View rota and request shift changes
  • Organise mandatory training and request study leave


£30,000 a unit

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 12

Service ID

9 7 6 5 3 5 1 6 1 1 3 7 9 0 4


Phoenix Software Ltd Jonny Scott
Telephone: 01904 562200

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The following Microsoft licensing is required for the FLEX AI bots; An Azure Subscription Optional SharePoint Online Plan 1 or Plan 2 Office 365 E1 or E3 or E5 Suite
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Azure Subscription / Optional Office 365 E1 or E3 or E5 / Optional Sharepoint Online Plan1 or Plan2
System requirements
  • Windows Server 2016+
  • IIS 8.0+
  • SQL Server (Std/Express) 2012+ / SQL Azure
  • SharePoint Online
  • Microsoft .NET Framework 4.7.2 +
  • Microsoft Azure Cognitive Services
  • Ubuntu 16.0 +

User support

Email or online ticketing support
Email or online ticketing
Support response times
The response time is either 24 hour or 72 hours, depending on the contract signed by the client and applies during working hours from Monday to Fridays
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
The Support levels are as follows and the SLA for an Urgent issue is a fix or workaround within 24 hours or 72 hours, dependent on contract: 1.Urgent - System not responding or critical function loss that affects all users; 2. High - A function loss that causes significant disruption to business and users; 3. Normal - Function loss that affects some users but will not stop them from being able to do other tasks; 4. Low - A cosmetic issue or a minor function loss that affects some users; This service, up to an agreed number of hours per month is included in the cost of the Licence for the Citizen Services bot. Additional support hours can be purchased if required.
Support available to third parties

Onboarding and offboarding

Getting started
Through online training for power users
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
All user content is stored within the customers cloud environment
End-of-contract process
The software is decomissioned and product artifacts are removed from the customers Azure subscription and Office 365 tenant. No user content is affected.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Customisation available
Description of customisation
Developers can modify and extend the product using the administrative tools and SDK.


Independence of resources
The service is installed either locally on premise or on dedicated cloud resources, for each individual customer. Service infrastructure is scaled according to customer requirements.


Service usage metrics
Metrics types
Chat logs for all users are available including conversation data, searches and user selections.
Reporting types
Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Azure provides physical access. No user content is stored within the FLEX configuration database, all content is stored in client applications or in Office 365/SharePoint.
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Extraction not required, no customer data stored within product
Data export formats
Other data export formats
Extraction not required, no customer data stored within product
Data import formats
Other data import formats
Interaction with bot, upload to customer data repositories

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other protection within supplier network
No data is transferred from customer managed  networks

Availability and resilience

Guaranteed availability
Availability is governed by infrastructure design as part of a deployment project. Load balancing and DR options are available.
Approach to resilience
Client facing application can be hosted on multple servers and back end processes can be moved between servers in the event of a primary server outage
Outage reporting
Windows monitoring tools (System Centre, Nagios, etc) can be used to monitor service and report on outages

Identity and authentication

User authentication needed
Access restrictions in management interfaces and support channels
Active Directory Users and Groups
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication
As the service is run from the clients Azure subscription, they have a choice as to which mechanism to use for management access. This can include 2 factor authentication with user name and password or other options such as Azure Vault

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
N/A hosted in Azure which is compliant
ISO/IEC 27001 accreditation date
N/A hosted in Azure which is compliant
What the ISO/IEC 27001 doesn’t cover
N/A hosted in Azure which is compliant
ISO 28000:2007 certification
Who accredited the ISO 28000:2007
N/A hosted in Azure which is compliant
ISO 28000:2007 accreditation date
N/A hosted in Azure which is compliant
What the ISO 28000:2007 doesn’t cover
N/A hosted in Azure which is compliant
CSA STAR certification
CSA STAR accreditation date
N/A hosted in Azure which is compliant
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
N/A hosted in Azure which is compliant
PCI certification
Who accredited the PCI DSS certification
N/A hosted in Azure which is compliant
PCI DSS accreditation date
N/A hosted in Azure which is compliant
What the PCI DSS doesn’t cover
N/A hosted in Azure which is compliant
Other security certifications
Any other security certifications
Cyber Essentials Scheme (Basic Tier)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Achieved by the responsible Director mandating & reviewing  organisation-wide information security policy that is supported by lower level security policies, procedures and guidelines (such as the information security, risk and compliance management structures, reporting lines, divisions of responsibility, delegated authorities and so forth).
Information security policies and processes
The Business Operations Director is responsible for setting and reviewing the following: Password Policy, Backup Policy, Network Access Policy, Remote Access Policy, Virtual Private Network (VPN) Policy, Guest Access Policy, Third Party Connection Policy, Network Security Policy, Mobile Device Policy, Retention Policy, Physical Security Policy, Email Policy

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The solution is deployed using a Continuous Integration /Continuous Deployment methodology which is part of the Azure DevOps Service. DevOps is the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.
Vulnerability management type
Vulnerability management approach
The FLEX AI Service is hosted on servers within the customers network and we recommend that Windows Server security and hardening best practices are followed where applicable. The FLEX AI Service requires authentication and any security vulnerabilities are patched as a priority once discovered. Penetration test can be arranged at the request of the customer.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The FLEX AI Service is hosted on servers in the customer network. The FLEX Service requires authentication to access and through the use of web server logs and FLEX Service logs patterns of inappropriate use can be identified. When an incident is reported ICS works with the customer to resolve the issue and update any configuration issues and will provide a patch or update where necessary. FLEX AI security issues are logged as priority 1 calls are dealt using appropriate SLAs.
Incident management type
Supplier-defined controls
Incident management approach
The product support team follow defined processes around logging, assigning, escalating and resolving issues. Nominated service users can report issues via a dedicated web portal, email address or telephone number and are regularly informed of incident progress. Incident report updates are available via the web portal or by contacting the support team.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£30,000 a unit
Discount for educational organisations
Free trial available
Description of free trial
Limited period access to fully featured demo environment
Link to free trial
Environment provisioned per user

Service documents