L2P Enterprise Ltd

L2P Appraisal, Revalidation, Multi-source Feedback and Job Planning Management Software copy

Appraisal and Revalidation Software for the healthcare sector. One-stop solution with integrated Appraisal, 360-Multi-Source Feedback, Job Planning, CQC regulatory-documentation, and Medical Educator modules. Offers comprehensive real-time dashboards, full automation, and one-touch NHSE reports. Founded by NHS doctor with 10-years appraiser experience. Designed in collaboration with NHS trusts and private hospitals.


  • Integrated Appraisal, 360 Multi-Source Feedback, and Job Planning modules
  • Bespoke QA-checklist for improving quality of medical appraisal submissions
  • One-click NHS England reports and Extensive management reports
  • Action-oriented Dashboard
  • Quality Assurance modules and real-time performance overview toolkit
  • Integrated Medical Educator module with dashboard and HEE reports
  • CQC-module: assists doctors to keep regulatory information in one place
  • CQC-dashboard: enables organisations to track status of all regulatory document
  • Management of doctors' portfolio of Supporting Information inc. smartphone app
  • Appraisal, Revalidation, 360-MSF, Job Planning and Medical Educator dashboards


  • A system so intuitive, no training of doctors required
  • Fully-automated emails for all key reminders; minimal administration required
  • Developed by experienced NHS-appraiser in consultation with NHS/private hospitals
  • Instant NHS England reports and excellent management reports
  • Highly responsive system - 99.99% uptime
  • Smartphone friendly
  • Support desk with exceptionally fast response times
  • Powerful integrated multi-source feedback
  • Full integration across all modules: single sign-on, simple administration
  • 4 interconnected QA/performance management tools to assist all user-types


£28 to £100 per user

Service documents


G-Cloud 11

Service ID

4 0 1 9 9 8 4 2 8 3 4 1 3 6 9


L2P Enterprise Ltd

Colin Wilkinson



Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No constraints. Planned maintenance is conducted out of hours with prior notification.
System requirements
  • A modern web browser
  • Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Less than one hour.
Weekends are usually within 4 hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
First line support for administrators and doctors is provided by our own Helpdesk.
At implementation we provide full training to all administrative users.
We also provide training to groups of appraisers.
This is included in the implementation fee.
After that we provide live 1-to-1 webinars with administrators on an 'as required' basis throughout the contract, as part of the license fee.
Doctors are primarily trained via a library of videos on different aspects of the system.
Support available to third parties

Onboarding and offboarding

Getting started
As part of our implementation, we provide onsite training to administrators and appraisers. We continue training via online webinars. In addition we provide multiple short video presentations for all user types.
Ongoing training is provided via our support desk for specific question types.
Service documentation
Documentation formats
End-of-contract data extraction
Organisations download the data required as per GDPR guidelines.
The data is still retained for the doctor user until such time as they no longer require it.
Most of the data required is summary PDFs of appraisal, MSF and Job Plans.
End-of-contract process
At the end of the contract, clients are able to download all files to their own servers.
Individual users are offered the same opportunity or to maintain an account with L2P directly.
Data is maintained on our servers within the constraints of GDPR and is discussed with each client.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No difference between mobile and desktop
Service interface
Customisation available
Description of customisation
Clients can choose from multiple different modules. The modules available are:
Appraisal and Revalidation,
Multi-Source Feedback,
Job Planning,
Medical Educators,
Medical Indemnity Module,
Post Appraisal Questionnaires (including bespoke questionnaires),
Quality Assurance,
Disclosure and Barring Service check module (automated checking and reminders),
ICO module (automated checking and reminders),
Resources modules,
Bespoke Checklists,
Mandatory training module.
In the configuration of the system for the client, there are also multiple different settings that can be applied - e.g. different emails and different timings of emails, different configurations of the dashboards.
As the software has evolved over 5 years, based on client feedback, the vast majority of specification change requests have been applied universally to the system. However, clients are offered the opportunity to tailor the system specifically for their organisation.


Independence of resources
Access is load balanced over a pool of application servers. Application and database servers are monitored and scaled up or out as required based on usage.


Service usage metrics
Metrics types
Support desk perfomance, including response times and first-fix rate.
System uptime.
Change request logs.
User access data including: a full audit trail (login times and dates, access logs, last users).
We produce large numbers of reports related to performance of appraisals, MSF and job planning including submission dates, last modified, etc.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
All data is maintained in the cloud linked to their account when they 'share' it with other permitted users.
Users can download the required specific information such as file types and summary PDFs.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • MS Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • MS Word, Apple Pages and other document formats
  • MS Excel, Apple Numbers and other spreadsheet formats
  • MS PowerPoint, Apple Keynote and other presentation formats
  • PDF files
  • Picture files e.g. JPEG, PNG, TIFF
  • Weblinks
  • Zip files
  • Data parsing from 3rd-party appraisal forms, including the MAG PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
L2P Enterprise offers a system uptime guarantee of 99.9% on a rolling 90 day period.
We will notify you within 24 hours if we fall below this level.
You will be entitled to credit or a refund as follows:
1.) 1 x daily average cost (your total invoice/365) for any and each day we fall below 99.9%.
2.) 3 x daily average fee for each and any day we fall below 99% availability.
3.) Calculations exclude Planned Maintenance notified in advance.

For information, we are currently running at above 99.99% availability
Approach to resilience
Available on request. Not for public consumption.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Institutional administrators use two-factor authentication using both password and physical token (a 'Yubikey' USB-key) which generates a one-time password. Each administrator has their own OTP key uniquely linked to their account. Authorisation is checked for each data item which is accessed and all edits are logged and retained.

At the application level, doctors and appraisers have password-protected access to their own data or, in the case of appraisers, appraisals they are authorised to view. Authorisation is checked at the point of access for each data item requested or amended and all edits are logged, with previous versions retained indefinitely.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus (ISOQAR)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Via Paypal and Stripe
PCI DSS accreditation date
Not known
What the PCI DSS doesn’t cover
Not known
Other security certifications
Any other security certifications
  • ISO27017 – Cloud Security
  • PSN Service and Connection Compliant
  • SSAE 16 - Type ll
  • Cyber Essentials
  • ISO 27018 - 2014
  • ISO 27032:2012
  • ISO 27040:2015
  • ISO 27017:2015

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have full Information Governance and Security training for our staff, recently updated under GDPR 2016. All staff are expected to comply with our policies. Information and Security governance is also driven by the specific guidelines from NHSE on Appraisal and Revalidation Information Governance, complying with legislative and regulatory requirements.
Training includes awareness of:
Physical security,
Access and Passwords,
Using the Internet,
Mobile computing,
Removable media,
Information disposal and
Security incidents.
Reporting is directly to the Managing Director. All actual or suspected information security breaches are reported and are thoroughly investigated - The Information Security Policy is reviewed annually by the Directors. We carry out Risk Assessments and monthly internal audits to ensure our compliance is adhered to. All incidents are reported/logged and dealt with..

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes are prioritised and tracked through an issue management system. Each release goes through user acceptance testing before being rolled out as part of planned maintenance, with release notes provided to all clients. All releases are version controlled and can be rolled back if required. Releases include updates or patches to third-party software where appropriate.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Potential vulnerabilities are prioritised and tracked through an issue management system. All potential vulnerabilities are assessed for impact and probability by the Head of Development and the Management Team, and then addressed with an appropriate priority. Penetration testing is performed annually by an external security company and identified vulnerabilities are addressed immediately or within the next scheduled release, as appropriate.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Applications and servers are monitored 24/7, with initial alerts to the technical team and escalation to the Management Team if required. Any potential attacks are assessed and prioritised by the technical team in consultation with the hosting company and remedial action is taken immediately for threats which are service-impacting or put data at risk.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All incidents are logged and tracked through an issue management system. All incidents are reviewed by the Head of Development and the Management Team to identify causes and prioritise actions to prevent future incidents. Any incidents with potential client impact are advised to clients with details of the cause, impact (actual or potential), and remedial and preventative actions undertaken.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£28 to £100 per user
Discount for educational organisations
Free trial available
Description of free trial
Full system including full implementation and training (depending on circumstances). Time period can be negotiated.
Link to free trial
By request

Service documents

Return to top ↑