L2P Appraisal, Revalidation, Multi-source Feedback and Job Planning Management Software copy
Appraisal and Revalidation Software for the healthcare sector. One-stop solution with integrated Appraisal, 360-Multi-Source Feedback, Job Planning, CQC regulatory-documentation, and Medical Educator modules. Offers comprehensive real-time dashboards, full automation, and one-touch NHSE reports. Founded by NHS doctor with 10-years appraiser experience. Designed in collaboration with NHS trusts and private hospitals.
- Integrated Appraisal, 360 Multi-Source Feedback, and Job Planning modules
- Bespoke QA-checklist for improving quality of medical appraisal submissions
- One-click NHS England reports and Extensive management reports
- Action-oriented Dashboard
- Quality Assurance modules and real-time performance overview toolkit
- Integrated Medical Educator module with dashboard and HEE reports
- CQC-module: assists doctors to keep regulatory information in one place
- CQC-dashboard: enables organisations to track status of all regulatory document
- Management of doctors' portfolio of Supporting Information inc. smartphone app
- Appraisal, Revalidation, 360-MSF, Job Planning and Medical Educator dashboards
- A system so intuitive, no training of doctors required
- Fully-automated emails for all key reminders; minimal administration required
- Developed by experienced NHS-appraiser in consultation with NHS/private hospitals
- Instant NHS England reports and excellent management reports
- Highly responsive system - 99.99% uptime
- Smartphone friendly
- Support desk with exceptionally fast response times
- Powerful integrated multi-source feedback
- Full integration across all modules: single sign-on, simple administration
- 4 interconnected QA/performance management tools to assist all user-types
£28 to £100 per user
L2P Enterprise Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||No constraints. Planned maintenance is conducted out of hours with prior notification.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Less than one hour.
Weekends are usually within 4 hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
First line support for administrators and doctors is provided by our own Helpdesk.
At implementation we provide full training to all administrative users.
We also provide training to groups of appraisers.
This is included in the implementation fee.
After that we provide live 1-to-1 webinars with administrators on an 'as required' basis throughout the contract, as part of the license fee.
Doctors are primarily trained via a library of videos on different aspects of the system.
|Support available to third parties||Yes|
Onboarding and offboarding
As part of our implementation, we provide onsite training to administrators and appraisers. We continue training via online webinars. In addition we provide multiple short video presentations for all user types.
Ongoing training is provided via our support desk for specific question types.
|End-of-contract data extraction||
Organisations download the data required as per GDPR guidelines.
The data is still retained for the doctor user until such time as they no longer require it.
Most of the data required is summary PDFs of appraisal, MSF and Job Plans.
At the end of the contract, clients are able to download all files to their own servers.
Individual users are offered the same opportunity or to maintain an account with L2P directly.
Data is maintained on our servers within the constraints of GDPR and is discussed with each client.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No difference between mobile and desktop|
|Description of customisation||
Clients can choose from multiple different modules. The modules available are:
Appraisal and Revalidation,
Medical Indemnity Module,
Post Appraisal Questionnaires (including bespoke questionnaires),
Disclosure and Barring Service check module (automated checking and reminders),
ICO module (automated checking and reminders),
Mandatory training module.
In the configuration of the system for the client, there are also multiple different settings that can be applied - e.g. different emails and different timings of emails, different configurations of the dashboards.
As the software has evolved over 5 years, based on client feedback, the vast majority of specification change requests have been applied universally to the system. However, clients are offered the opportunity to tailor the system specifically for their organisation.
|Independence of resources||Access is load balanced over a pool of application servers. Application and database servers are monitored and scaled up or out as required based on usage.|
|Service usage metrics||Yes|
Support desk perfomance, including response times and first-fix rate.
Change request logs.
User access data including: a full audit trail (login times and dates, access logs, last users).
We produce large numbers of reports related to performance of appraisals, MSF and job planning including submission dates, last modified, etc.
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
All data is maintained in the cloud linked to their account when they 'share' it with other permitted users.
Users can download the required specific information such as file types and summary PDFs.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
L2P Enterprise offers a system uptime guarantee of 99.9% on a rolling 90 day period.
We will notify you within 24 hours if we fall below this level.
You will be entitled to credit or a refund as follows:
1.) 1 x daily average cost (your total invoice/365) for any and each day we fall below 99.9%.
2.) 3 x daily average fee for each and any day we fall below 99% availability.
3.) Calculations exclude Planned Maintenance notified in advance.
For information, we are currently running at above 99.99% availability
|Approach to resilience||Available on request. Not for public consumption.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Institutional administrators use two-factor authentication using both password and physical token (a 'Yubikey' USB-key) which generates a one-time password. Each administrator has their own OTP key uniquely linked to their account. Authorisation is checked for each data item which is accessed and all edits are logged and retained.
At the application level, doctors and appraisers have password-protected access to their own data or, in the case of appraisers, appraisals they are authorised to view. Authorisation is checked at the point of access for each data item requested or amended and all edits are logged, with previous versions retained indefinitely.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus (ISOQAR)|
|ISO/IEC 27001 accreditation date||31/07/2017|
|What the ISO/IEC 27001 doesn’t cover||TBC|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Via Paypal and Stripe|
|PCI DSS accreditation date||Not known|
|What the PCI DSS doesn’t cover||Not known|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We have full Information Governance and Security training for our staff, recently updated under GDPR 2016. All staff are expected to comply with our policies. Information and Security governance is also driven by the specific guidelines from NHSE on Appraisal and Revalidation Information Governance, complying with legislative and regulatory requirements.
Training includes awareness of:
Access and Passwords,
Using the Internet,
Information disposal and
Reporting is directly to the Managing Director. All actual or suspected information security breaches are reported and are thoroughly investigated - The Information Security Policy is reviewed annually by the Directors. We carry out Risk Assessments and monthly internal audits to ensure our compliance is adhered to. All incidents are reported/logged and dealt with..
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Changes are prioritised and tracked through an issue management system. Each release goes through user acceptance testing before being rolled out as part of planned maintenance, with release notes provided to all clients. All releases are version controlled and can be rolled back if required. Releases include updates or patches to third-party software where appropriate.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Potential vulnerabilities are prioritised and tracked through an issue management system. All potential vulnerabilities are assessed for impact and probability by the Head of Development and the Management Team, and then addressed with an appropriate priority. Penetration testing is performed annually by an external security company and identified vulnerabilities are addressed immediately or within the next scheduled release, as appropriate.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Applications and servers are monitored 24/7, with initial alerts to the technical team and escalation to the Management Team if required. Any potential attacks are assessed and prioritised by the technical team in consultation with the hosting company and remedial action is taken immediately for threats which are service-impacting or put data at risk.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||All incidents are logged and tracked through an issue management system. All incidents are reviewed by the Head of Development and the Management Team to identify causes and prioritise actions to prevent future incidents. Any incidents with potential client impact are advised to clients with details of the cause, impact (actual or potential), and remedial and preventative actions undertaken.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£28 to £100 per user|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Full system including full implementation and training (depending on circumstances). Time period can be negotiated.|
|Link to free trial||By request|