Capita Business Services Limited


CHKS is a leading provider of healthcare intelligence and quality improvement services. Since 1989 we have been developing hospital benchmarking and performance management solutions for healthcare organisations in over 20 countries and have worked with over 400 clients throughout the world.


  • Easy to export to Excel, CSV, Word and PDF files.
  • Automatically updated as new national data is released
  • Local data can be updated as frequently as weekly
  • Various presentation options including, heat maps, charts and tables
  • Help function on every page
  • Reports track performance by priority indications, division, and local peers
  • Fast upload of data
  • Shows percentile position within your peer group
  • Population based indicators


  • Provides assurance to stakeholders on efficiency versus quality and care.
  • Enables early detection of variations in performance
  • Enables a swift response via targets and alerts functions
  • Customisable scorecards to support CCG objectives
  • Standard Key scorecards already configured; i.e. CQC indicators, Mortality, Efficiency
  • Converts data into intelligent information to support decisions
  • Enables benchmarking against other organisations to become best in class
  • Provides patient level data and analysis, supporting improvement review


£38000 per licence per year

Service documents


G-Cloud 11

Service ID

2 9 8 4 8 8 9 2 5 4 5 9 5 5 6


Capita Business Services Limited

Capita Business Services Ltd


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 Working Day
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Helpdesk support is provided between 8.00am – 5.00pm with out of hours’ support facility via email. Support functions have the ability to resolve end user queries within 24 hours through dedicated account management, consultants and technical support.
Full technical support of the system is provided along with informatics expertise. Dedicated and experienced account managers/consultants provide consultancy, insight and intelligence covering regular review meetings (frequency agreed between key stakeholders, access to data, accuracy and timeliness of information flow, activity monitoring and other performance issues, response to requests for information and other data queries, internal reporting requirements, areas of focus / future planning, system enhancements and ongoing training and support.
Support can be included in that initial licence or subscription for packaged rates, or bought individually at £900 per day.
Support available to third parties

Onboarding and offboarding

Getting started
Implementation is delivered in year 1 of the contract and through a combination of onsite and offsite configuration of the tool and training.
CHKS will work with the main contact to set up an implementation and user group. Implementation is based on a mix of configuring the programme to the specific requirements and structure of the CCG and knowledge transfer to users and key stakeholders. As the system has been designed to be intuitive and user-friendly, there is not an intensive training requirement. Typically, organisations use five days of training within year 1. This training provides a sufficient level of knowledge transfer for a core group of users to use the system and cascade their knowledge as required. It also trains system administrators in the management and configuration of the system.

We provide the training on-site, with WebEx sessions also available. Once configuration is underway, we work with customers to agree a detailed training programme to take place over the following month with key staff groups and train local trainers to continue this work.

The training is complemented by in-built screen specific help files and a documented user manual. Further training materials and videos are available through the CHKS website.
Service documentation
Documentation formats
End-of-contract data extraction
As our system allows the analysis and reporting of users existing data, no formal data extraction is required. Users will stop submitting their data to us and are able to export and final reports or charts in a range of formats before access is switched off.
End-of-contract process
If the customer does not wish to renew its contract, three months’ notice should be provided to commence the decommissioning process. The customer should make arrangements for the final data submission to CHKS to be made no less than one month before contract end date and our team will switch off data processing services to ensure no further data is uploaded. At the contract end date, access to the system will be switched off and the tool decommissioned by CHKS. The customer should use the time leading up to this date to export any reports required. This is included in the price of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There are no functional differences as both mobile and desktop users access the system through browsers. The system layout was designed to ensure that users could fully access the system regardless of whether it was a mobile or desktop device so that it delivers the full service on either.
Service interface
What users can and can't do using the API
User can get a list of available indicators, show by's, filters, data types, site codes and they can then use these to interrogate indicator data.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Every user can customise iCommissioner to view and analyse information specific to them. The system has pre-populated scorecards but includes the ability for user defined and organisation ones to be created, using over 570 indicators. These scorecards can then be further customised through cluster any option in the system, creating structures specific to service users organisation. Filters can be applied to ensure users are able to have granular control over the information that they are analysing. Show by options can be used on each indicator to view sub-set of information. Organisation relevant peer groups can be created and saved for future use.
In addition to this, organisations can provide additional datasets to CHKS to be uploaded for analysis in the system.


Independence of resources
We take a number of steps to mitigate against service degradation through high usage volumes to ensure that any impact is minimal. Our hardware is specified to such a level that our clients do not notice any impact (delays are generally measured in milliseconds). Any large increase in client base would be met with an equivalent increase in hardware to retain these response times.
Elastic search has been utilised to ensure that large volumes of data can be analysed and retrieved rapidly, supporting user experience at scale.


Service usage metrics
Metrics types
CHKS can provide service usage metrics including audit data. These include total number of user visits, individuals accessing the system, number of visit and time logged in.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All reports in iCommissioner can be exported for further internal analysis or for pulling notes for case note reviews.

Users can choose what output they want the data to be displayed e.g. pdf, CSV, ODS, jpeg, and Microsoft Word and Excel. This will enhance considerably how reports are compiled and built for export purposes.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JPEG
  • DOC
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
Between Capita network (the office) and 6 degrees: SSH (AES256)

Availability and resilience

Guaranteed availability
Typical SLA is 99.9% availability not including scheduled out-of-hours maintenance. Specific agreements can be discussed with individual customers.
Approach to resilience
We utilise ElasticSearch’s built in resilience and retain data which has been processed in backups allowing us to recover any data lost within minutes.
Outage reporting
Outages can be reported via email alerts.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Our dedicated consultant works with named customer contacts to identify and assign super users or system administrators. These users then have the ability to restrict how dashboards are shared across the organisation and other configurations such as the clustering of data. They are also able to set up new users with access to the system. Any user will be able to access technical support, but the named contact will be the main route to advanced support and added value services.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited (LRQA)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NHS IG Toolkit
Information security policies and processes
We have a documented information security policy that is reviewed annually. CHKS recognises that information security is a key business driver and is committed to managing the security of information including:
Maintaining confidentiality – access to information is granted only to those with specified authority to view the information.
Ensuring integrity – information is accurate and up to date.
Assuring availability – information is always available to those who require it, at the right time.
Ensuring legal compliance – by making sure that CHKS is adhering to all relevant legislation.

CHKS has determined that the most effective way to manage information security is to establish an ISMS. This will be based on the information security policy (this document) and a supporting set of policies and procedures (the ISMS manual).

We monitor compliance against regular staff information security training and have a dedicated quality manager who communicates any changes or reminders to the policy that are required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
CHKS operates a formal change control process covering minor changes (eg minor defects, low level improvements), major changes (eg as new products), and platform changes (eg software upgrades). Changes are assessed for information governance and security before proceeding to a committee for review and approval. If necessary, a full security risk assessment will be carried out, or if a change is to an existing environment and exposes no additional sensitive data then the risk assessment is carried out during ongoing ISMS risk assessments. All changes are developed in line with industry standard good practice and subject to regular penetration testing.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All of our systems are based on the LAMP stack and are updated regularly for all software packages. Any urgent patch notifications which are made public, for the operating system or services we make use of, are updated within 24hrs of us becoming aware.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We run an internal monitoring system with multiple monitoring strategies. Any alerts are passed on to the team, 24hrs a day via mobile alerting and any issues are responded to immediately.
Incident management type
Supplier-defined controls
Incident management approach
CHKS operates an ISMS Reporting and Incident management procedure. This defines the process that staff must follow if they uncover or are involved in an incident. All incidents are reported to line management, local and divisional info sec, and senior management as needed. All incidents are logged in an internal online system and are reported monthly.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£38000 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑