L2S2 Ltd

Emergency Care Instant Clinic ECDS / MIU / WIC / UCC

Clinic management system fully compliant with new ECDS data format for Type 3 / 4 urgent care clinics, including minor injuries units, walk in centres and ambulatory emergency care. Assembles data in the format ready for submission to SUS / SUS+. Live web feed showing waiting times.


  • Fully secure/auditable system captures patient data meeting ECDS
  • NHS IT requirements met, available on HSCN(N3) and internet
  • Rapid capture of diagnoses using nested drop-down lists
  • Receptionis captures patient details, clinician need not enter
  • Dashboard showing queued patients waiting to be seen by clinician
  • Current waiting times available as feed for website
  • Automated report output in SUS / SUS+ submission format
  • Easily extended, wide range of additional clinic management features
  • Works in browser on HSCN for clinic operation
  • On/offline secure caching client for use in ambulance environment


  • Rapid recording of patient data to improve clinician efficiency
  • Automated preparation of SUS/SUS+ submissions ensuring rapid NHS payments
  • Manage flow of people through venue / identify bottlenecks
  • Manage resources efficiently where needed
  • Drive public to Level 3/4 centres from Level 1/2
  • Transmit accurate data to A&E in advance of ambulance arriving
  • Extensibile for managing other clinic types, e.g. OT, Physiotherapy
  • Full audit functions protect service users, clinicians and other staff


£6000 to £60000 per licence per year

  • Free trial available

Service documents

G-Cloud 9


L2S2 Ltd

Jane Aldridge

01223 234550


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Service requires modern web browser, ideally minimum 1280 across

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email support is offered within one working day. Online forum available.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support No
Support levels SATIS Tally Cloud is a simple product and most users will find solutions to any problems in the online forum. Email support direct from engineers is provided within one working day. Four hour (working day only) email support is available for 10% premium and four hour telephone support (working day only) for a premium of 25%. 24 hour support with immediate response is available by negotiation for critical applications.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full on-line manual with examples. Consultancy offered if required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Subject to permissions set by the customer administrator, users may download CSV reports of their database content. Full encrypted CSV export is sent to the prime customer automatically when the service terminates. This is provided free of charge.
End-of-contract process The customer will receive notification that the contract is coming to an end and will be offered the opportunity to extend the contract. If the extension offer is not taken, then the service will be discontinued at the final contract date and an encrypted export of the database will be sent to the prime customer at no additional cost. If the service is resumed a new empty database will be created.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Service works within secure client providing high data security with AES256 encryption. Windows 7/10 and android but minimum volumes apply.
Accessibility standards None or don’t know
Description of accessibility None
Accessibility testing None to date (new product)
Customisation available Yes
Description of customisation Customers can set permissions or groups but the data submission is fixed (maintained by L2S2 as it is compliant with new national ECDS dataset). System scope may also be extended if desired.


Independence of resources The website and application has been stress tested to ensure that capacity will always exceed demand. L2S2 servers have dedicated connectivity and can be rapidly scaled by configuration and additional activation of dark fibre.


Service usage metrics Yes
Metrics types Service includes built in DevExpress reporting allowing data tables to be reported in numerous views. Basic reports are included but the customer is either expected to craft their own reports from the data sources or to use L2S2 consultancy services.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach A standard report is built in to allow export of XML in SUS / SUS+ format for aggregating submitter. Data tables may be exported in various formats at any time, subject to customer administrator set permissions.
Data export formats
  • CSV
  • Other
Other data export formats XML in format required for SUS / SUS+ aggregators
Data import formats Other
Other data import formats Data upload not supported

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The service on both internet and HSCN (N3) is supported on resilient servers with autostart generators capable of indefinite operation in the event of power failure. No SLA is yet provided.
Approach to resilience Web service is hosted on resilient servers with automatic failover to generator backup and is continuously mirrored to a second independent site.
Outage reporting Email alerts are sent by customer services to the prime customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication For non-NHS users, two factor authentication is mandatory and supported.
Access restrictions in management interfaces and support channels Username and password / multifactor authentication
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 07/10/2014
What the ISO/IEC 27001 doesn’t cover No exclusions are in place.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations IGToolkit Level 3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NHS Digital / IGToolkit level 3
Information security policies and processes ISO 27001 / IG Toolkit compliant ISMS. For medical applications the governance is overseen by the company Caldicott guardian. Otherwise the quality manager oversees all quality policies and reports to board.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach ISO 27001, ISO 9001 and ISO 13485 accredited compliant processes followed.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach ISO 27001 compliant processes. Continuous risk assessment, continuous (hourly) antivirus. Patches applied from immediate to monthly depending on risk level. Information regarding potential threats is sourced from antivirus supplier, NHS customers and subscription lists on the internet.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Incident reporting, security review meetings and actions. Clear policies in ISO 27001 compliant ISMS.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Predefined processes exist for certain common events. Users report incidents via phone or email. Actions depend on event, criticality, jurisdiction and contract. Accreditation to ISO 27001, ISO 9001, ISO 13485 and CMDCAS. Incident reports provided via email or as required in contract.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £6000 to £60000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial One month trial leading to preparation of report suitable for SUS / SUS+ submission


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑