GRAVITAS AI LIMITED

Chatbot

We have developed our conversational AI product, Tina - Your Tireless AI Teammate, for healthcare service providers (e.g. GPs, specialist practitioners) to enhance patient experience and engagement through a simple conversational experience. The product delivers high quality information and cognitive automation for the end users (patients, their families and carers).

Features

• Natural language Processing
• Cognitive automation
• Analytics
• Agent integration
• Identity Management / contact less check in
• Optical Character Recognition
• Knowledge Tree
• API and Microservices Integration
• Multi lingual, multi channel
• Self service backend

Benefits

• Easy to use front end
• Complex integrations in the backend
• Enhance patient engagement and experience
• Optimise organisational productivity for the buyers (healthcare service providers)
• Bridge gaps between patients and doctors
• Accurate, focussed information and request management
• Better way to manage query and complaint
• End users can chat in the language of their preference
• Seamless handover from the bot to the agent and back
• Voice and text chat facility available

£499 to £9,999 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sumit.kumar@gravitas.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

647559363725873

Contact

Sumit Kumar
07807855375
sumit.kumar@gravitas.ai

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: - Hospital Information management systems; - Payment Gateways; - Knowledge repositories; - Medical Records; - Query, complaints management systems; - Any other system that sits in the back end with an API
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: - The bot training could take upto 8 weeks depending on the nature of the requirements
• System requirements:
  • Website hosted on https server
  • Cloud account for private cloud deployments
  • Channel specific approvals from the providers (e.g. facebook approval)
  • For automation, the source system should provide relevant APIs
  • Knowledge Graphs (KGs) for KG integration (create KGs as required)
  • Internet connection

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on the severity of the issue and as defined in the SLA. the team is available 5 am UK to 6 PM UK on weekdays. Weekends 10 am to 5 PM UK. ; The team endeavours to response to questions within the same working day.; ; The ticketing management is done zoho, a third party sofware
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: The users can:; - Request status of the service; - Raise and track tickets; - Ask for specific guidance, which may be made available outside of the web chat; ; The users can't; - request training sessions; - have non work related conversations; - raise any requests of personal nature; - raise requests outside of the scope of the deployment
• Web chat accessibility testing: We use a third party supplier - Zoho. We haven't done any web chat testing with assistive technology users
• Onsite support: Yes, at extra cost
• Support levels: The service level agreement will guide the specifics of the support provided to the customer. As a broad framework, our team will respond and resolve incidents based on the severity. For example a level 1 or highest level issue will be responded to within 2 hours with an aim to resolve within 24 hours. Other levels will have similar defined response and resolve timeframes.; There is a front line support, which has escalation mechanism to more specialist teams as required.; All enterprise customers will have a named technical account manager (and cloud engineer if required), assigned to them.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The users land on the healthcare service provider's digital channel (website, social media, telephoney) and start interacting with Tina.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The users can submit a Subject Access Request to Gravitas AI through an email on info@gravitas.ai, requesting an extract of their data. The healthcare service providers get a copy of any data stored with Gravitas AI at the end of the contract.
• End-of-contract process: At the end of the contract, the healthcare service provider is contacted to agree the next steps resulting in a) an extension of the contract (an addendum is signed, terms reviewed, pricing agreed) OR b) termination of contract (client data and documentation handed back the client is a secure manner, inform the client on the remaining period of data retention, knowledge transfer sessions are held, client separation meetings organised, lessons learnt are shared and the client account is formally closed on the CRM with full notes. An additional note is sent by the legal to inform the client about formal closure of the contract)

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile interface will give an app like look and feel. The website version feels like a part of the overall website.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The users can read (And in some cases write) information by uusing our API to integrate our product to another third party product. The APIs can be accessed through Postman.; ; Limitations: It's always better for the third party to provide their APIs for integration due to specific use cases.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Most parts of the product is customisable incluuding UI design, colour schemes, branding, conversation flow, custom automations.; ; Currently the customisation is part of the support package. The buyers can customise some elements from a programmatic interface. In future, we plan to give a self service portal.

Scaling

• Independence of resources: Service load management: Our architecture allows dynamic auto scaling of service provisioning for our product - Tina. This means Tina can switch from servicing 10 users a several 1000 users in a matter of seconds.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide:; - service usage metrics as per the requested KPIs, over an above the standard analytics set that comes as part of the solution
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: By default all PII and PHI data (both at rest and in motion) are encrypted and available to authorised users. The users can request an export by raising a subject access request. The out is shared on a password protected excel spreadsheet
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We employ encryption algorithms that are compatible with the cloud infrastructures to protect data in motion between networks.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We employ encryption algorithms that are compatible with the cloud infrastructures to protect data in our network.

Availability and resilience

• Guaranteed availability: We guarantee 95%+ uptime, dependening on the cloud service provider's availability
• Approach to resilience: Available on request. Summary: several failsafe mechanisms in place with our cloud service provider.
• Outage reporting: Email alerts at the moment. But we can provide information on a public dashboard as well

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role based access control has been implemented in the development, testing and production environment for the internal users. For the clients, we give role based access control dashboards for visibility
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Gabriel Registrar (External Auditor)
• ISO/IEC 27001 accreditation date: 30/04/2022
• What the ISO/IEC 27001 doesn’t cover: Physical control relating to access to the main building as we have a managed office
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: HIPAA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a three tier hierarchy:; 1. team member: follows procedural instructions, reports incidents and deviations; 2. Mid level management: Takes steps for incident resolution within the defined SLAs, including delegation, reporting and management; 3. Board to take cognizance of the incidents and provider steer as required for resolution

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We a follow a series of steps designed to track and manage all the defects, resources, codes, documents, hardware and budgets throughout product enhancement and deployment lifecycles. The key steps are as follows:; 1. Planning and Identification; 2. Version Control and Baseline; 3. Change Control; 4. Configuration Status Accounting; 5. Audits and Reviews; ; For change management, we ensure that any changes that are made are consistent with the rest of the product. We have controls in place to help with quality assurance, and the approval and release of new baseline(s) including the security evaluation
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: At a high level, we have the below steps in our vulnerability management process:; 1. Identifying Vulnerabilities; 2. Evaluating Vulnerabilities; 3. Treating Vulnerabilities; 4. Reporting Vulnerabilities ; We assess the potential threats through the following steps:; 1. Scanning network-accessible systems; 2. Identifying open ports and services ; 3. Correlate system information with known vulnerabilities; ; Depending on the severity of the vulnerability and agreement with the clients, we deploy patches between few hours to a few days.; We get information about potential threats from regular scanning of the networks, bi-annual penetration testing or during testing cycles for new releases.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: At a high level, we have the below steps in our vulnerability management process:; 1. Identifying Vulnerabilities; 2. Evaluating Vulnerabilities; 3. Treating Vulnerabilities; 4. Reporting Vulnerabilities ; We assess the potential threats through the following steps:; 1. Scanning network-accessible systems; 2. Identifying open ports and services ; 3. Correlate system information with known vulnerabilities; ; Depending on the severity of the vulnerability and agreement with the clients, we deploy patches between few hours to a few days.; We get information about potential threats from regular scanning of the networks, bi-annual penetration testing or during testing cycles for new releases.
• Incident management type: Undisclosed
• Incident management approach: We have a dedicated incident management team, which consists of incident engineers and managers. Depending on the severity of the incidents, incident is reviewed with a defined time frame. The customers are notified of the the incidents, if they are not aware already. Regular communications with internal and external stakeholders are delivered until the incident is resolved.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are proud to be a climate change conscious company. We actively reduce our footprint by promoting remote work and minimal travel. We also use highly efficient laptops, and a bare minimum use of papers and printers- further reducing our carbon footprint
• Covid-19 recovery:

  Covid-19 recovery

  We are recovering well from COVID 19, as we have been seeing positive client engagement
• Tackling economic inequality:

  Tackling economic inequality

  We pay our staff, contractors and vendors the minimumsalary as prescribed by the government of specific regions
• Equal opportunity:

  Equal opportunity

  We are an equal opportunity employer. Our offers are based on the merit of the candidate as opposed to their sex, orientation, colour or any other discriminatory factors
• Wellbeing:

  Wellbeing

  We promote employee well being and have established flat structure, enabling employees to open up and discuss their wellbeing and related challenges with anyone in the organisation

Pricing

• Price: £499 to £9,999 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free version includes some basic features around appointment booking, patient information leaflet, feedback; ; It doesn't include the advance features such as hybrid chat, automations.; ; The free version is available for 30 days.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sumit.kumar@gravitas.ai. Tell them what format you need. It will help if you say what assistive technology you use.