Holt Doctors Ltd

Workforce Management Solutions

LMS, a market leading IT platform, provides an end-to-end recruitment system for managing your temporary workforce (bank, collaborative bank, agency, DE). Designed specifically for the healthcare sector, it continues to adapt with market changes - 100+ agencies using the system to supply candidates to the NHS and other healthcare clients.


  • Remote access from any device
  • Modular system - Bank, Collaborative Bank, agency, Direct Engagement
  • ISO27001 accredited - and range of security/access controls
  • Budget controls, real time reporting and Management Information
  • Automated processes and checks - including compliance
  • Highly effective automated job/candidate matching - with set parameters
  • Integration with third party systems
  • Online timesheets - and all payment processes accommodated
  • Self fill APP for Bank Candidates
  • Out of Hours Booking


  • Designed specifically for the healthcare sector
  • Experienced project implementation team, 2-6 week implementation
  • Simple and intuitive for clients, suppliers and candidates
  • Maximise back office efficiencies and streamline processes
  • Full visibility and control of your temporary workforce
  • Increased quality assurance - solutions via multiple approved Frameworks
  • Accessible from any device; self-fill APP to enhance Bank fill
  • Unlimited users - no costly licence fees
  • Multiple workforce planning tools - reduction in workforce costs
  • Full training and 24/7 support


£0.80 per person per hour

Service documents

G-Cloud 11


Holt Doctors Ltd

Tracy Ward

0208 099 6943


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Access to modern browser, or smart phone.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times You will have 24/7 access to our experienced LMS support team to help with queries on using the system – we log all calls, responses and resolution times, and the service levels we commit to will be agreed. LMS utilise the JIRA reporting system. Support is both phone, online and email based. LMS help desk may be contacted for immediate assistance from 9am to 5.30pm (week days). Outside of these hours, a member of the help desk team will respond within 2 hours. For fault reporting, the response times will be dependent on priority level (see terms and conditions).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We will provide full training to all individuals at the client identified during the on boarding process (Client Authorised Users) as requiring access to LMS, and will provide training manuals (updated as required). On site training is in a variety of formats and applicable to job roles - classroom, floor walking and one to one.

On-going training support will be provided via webinars (including refresher training required, training on new functionality/updates to system) as well as face to face training for new starters, from time to time, and where agreed between Holt Doctors and the client.

Each client will have a dedicated account manager.

Pricing for training and support is included as part of agreed set up costs (see rate card).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide clients with training tailored according to job roles in a variety of formats and at varying times through on-boarding and then ongoing. This includes initial classroom style overview, one to one “hands on” workstation training, floor walking and webinars. We also provide our clients' suppliers with relevant training via webinars. A training manual is provided with release notes also issued as applicable (with training if required).

We also provide our clients and their suppliers with 24/7 support.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction With regard to client or their suppliers' data held within the LMS software platform we will ensure such data is transferred to the client or supplier(as relevant) within 30 days of the date of termination and such data will be in .csv format. The data will be subsequently deleted from our servers and the software platform (see service definition document for further details) subject to data protection legislation requirements.
End-of-contract process At the end of the contract a client can have customised data extracts. We agree the exit plan with the client at the outset of the contract as to what they will require so we can inform them and also agree any additional relevant costs (see service definition document).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile web portal for candidates is a fully responsive application.
Accessibility standards None or don’t know
Description of accessibility We do not use a lot of symbols within the system but where we do there are mouseovers/rollovers that explain what they are/what they do.

All of the web pages can be magnified without loss of function, and text can be highlighted to be read out to a user (through available APPs)

There are no trigger points based only on colour. Bold is used to indicate items that have not been reviewed.

We do not use captchas.

Our system provides information only, not sensory experiences.
Accessibility testing We have not done any interface testing with users of assistive technology.
What users can and can't do using the API The API is for programmers to work with, and they can use the API to connect the database to different front ends if they wish. They can send data to the system and retrieve data from it. Where they have specific and unique requirements an API can be written for the client (subject to cost).
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We can customise any aspect of the software subject to cost.

A client can acquire a right to a copy of the code to modify it as they see fit.

There are multiple opportunities to modify how the product behaves.


Independence of resources Our IT team provide 24/7 support, constantly monitoring the system, reporting to us immediately if there are any concerns so we have time to react. We constantly monitor processor utilisation, upgrading architecture in line with demands for maximum number of concurrent users.

We monitor the load time of key pages, and how long reports take to run, with pages that describe the longest time any given report has taken to run. If they are taking longer than is good practice, this indicates the hardware needs to be upgraded or database queries need further optimisation.


Service usage metrics Yes
Metrics types We can provide clients with metrics on how many people logged on at any one time, what reports have been run and by whom. All activities in the system are recorded by user - with a full audit trail available.

We have developed numerous standard reports, and as reporting functionality is an integral part of LMS, it is easy to add more.

Reports can be generated into excel multisheet format. Graphs/ dashboard indicators can be added. Reports can be in most formats , automated, with alerts for set criteria.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold LMS Recruitment Systems Limited - for the healthcare sector

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach LMS can provide pull or push feeds for Data Warehousing in various formats and protocols e.g. direct to MySQL, XML/JSON/CSV feed over http or by file transfer or we can create a custom feed if the integration layer needs a different format and/or protocol.

As regards reporting from LMS, reports can be generated into excel multisheet format. Graphs and dashboard indicators can be added according to client preferences. Reports can be in most formats, can be automated, with alerts sent if set criteria are exceeded/not reached.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • XML
Data import formats
  • CSV
  • Other
Other data import formats TSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99% availability. To date we have achieved 99.99%.

By way of example, these are our Key Performance Indicators which are included in our terms and conditions:

Service Availability - 24 hours, 7 days a week, 365 days per year.
99% availability - agreed Downtime with the written consent of the Client’s Authorised Officer will be exempt.
Approach to resilience Available on request.
Outage reporting There is a public dashboard, plus email notifications are sent by email to key contacts at each client.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication User name and password, and location.
Access restrictions in management interfaces and support channels This is done programmatically, by configuring users at certain levels.

Each user account has a type (client staff, supplier, candidate), a level and a set of feature permissions, so it is possible, for example, to only give access to a feature to users of level 5 or above. Feature permissions are specific to each user type and new feature permissions can be added for all user types.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Intertek
ISO/IEC 27001 accreditation date 1st August 2016
What the ISO/IEC 27001 doesn’t cover The certification covers the design and ongoing development of the web based recruitment system, LMS, including the delivery of training.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All of our processes are IS027001 accredited and we follow those processes - all relevant staff are regularly trained in the processes, with internal audits taking place.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The Change Management Team comprises: a member of the Senior Management Team, the LMS IT Manager, LMS Business Analyst and our Projects and Implementation Manager (from clients' perspective).

Full assessment is made of the change, the potential (including security) impact, timescales and the work required .

Each requirement goes through our project management process which include testing for requirement, identifying change points/responsibilities, robustness of change, re-briefing where necessary or can result in ‘no action’ where the change can be absorbed within current procedures.

Code reviews, testing and deployment overseen by IT manager.

Release notes/training issued as applicable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Threats are assessed from technology news and system log files and evaluated for applicability and potential severity. Patches to services can be deployed within a day, depending on the complexity of the work.
Protective monitoring type Supplier-defined controls
Protective monitoring approach User and system activity is logged. Identification of potential compromises depends on triggering of system alerts on activity levels or manual review of logs. Response would be to evaluate the level of compromise and respond accordingly, depending on the severity. Response to identified incidents would be the same day.
Incident management type Supplier-defined controls
Incident management approach Pre-defined processes are in place for common incidents (e.g. user suspects their account is compromised). Users report incidents to the LMS help desk by telephone or email. Incidents are reported to the system owner using a standard format.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.80 per person per hour
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑