ProTech Computer Systems Ltd

Pro9 NHS Pathway Transformation Solution

This Service Description describes the Pro9 NHS Pathway Transformation Solution to support the requirements of NHS organisations responsible for engaging clinicians and other key stakeholders in the public and private sector (e.g. pharmaceutical and private sector hospitals) in the transformation of clinical pathways.


  • Available in IL0 and IL3 hosted options
  • Fully integrated customer facing website and CRM as standard
  • Configurable, mobile responsive website for stakeholders to view pathways
  • Define pathway stages and interventions to drive improvement
  • Workflow engine delivers business process automation
  • Assign pathway improvement activities to other users / groups
  • Support professionals in delivering improvement interventions
  • Time limiting and reminders for completion of improvement activities
  • Integrated Open Source Content Management System
  • Standard reporting and data querying tools


  • Manage clininal pathways to a high level of sophistication
  • Enables Trusts to protect their pathway 'assets' via secure login
  • Online collaboration space for pathway group members
  • Access to pathway content based on clinical preferences
  • Upload electronic files, documents etc and associate with a pathway
  • Publish content that relates to ‘Areas of Practice’
  • Supports membership based model of access to data / information
  • Ability to charge fees to private sector providers
  • Online events programme and event booking, amendment, cancellation and payment
  • End to end management of learner requests in any format


£93.00 per user per month

Service documents

G-Cloud 10


ProTech Computer Systems Ltd

Kim Smith


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The service is a standalone CRM system with additional options for a Content Management System (CMS) or integration to other third party solutions via web services.
Cloud deployment model Community cloud
Service constraints Pro9 customers are encouraged but not obliged to take software updates in line with the quarterly maintenance release schedule to benefit from continuing enhancements, new developments and support.
System requirements
  • Windows server licences
  • SQL server licences

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In line with customer SLAs.
General support provided 9 - 5.30 Monday to Friday, additional support can be provided as required.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All customers are afforded the same level of support from our dedicated support department within office hours, with additional out-of-hours or on-site support available on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of the onboarding services, ProTech will provide documentation for all modules of the system that have been procured, alongside orientation and training sessions with end users to ensure a comprehensive understanding of all relevant aspects of the system.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Access to the SQL database is provided and data can be extracted via SQL queries.
End-of-contract process Extraction of consumer generated data will be charged using the rates specified in the SFIA rate table. On termination of the service, customer data will be removed from the system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Pro9 web users are supported by our digital platform which is fully mobile responsive
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Automated online testing has been carried out to assess the various aspects of the WCAG standard, including use of text alternatives, use of colour in the site, and assess whether the site is easily navigable and readable.
What users can and can't do using the API Users can manage most aspects of the business functionality within the application and the back office. Having evolved over many implementations, this service is extended to suit the requirements on a per project basis and we would feel confident in adding additional functionality should the use case arise.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The essence of the platform and solution is that it is completely configurable so functionality can be enabled or disabled as required. Configuration of the platform is completed through the user interface, and part of the onboarding of a project would be to train senior users in how to use the configuration tools. This should allow them to become self-sufficient so that, within reason, they can evolve the platform to meet future requirements.


Independence of resources Any tasks which users could complete which would create strain on the system (for example, reporting), are completed in a separate environment from the day to day user actions.


Service usage metrics Yes
Metrics types Our service management provides reporting of Cloud based usage on a regular basis. Reports are provided to show that availability levels were met or exceeded, capacity levels along with thresholds and any incidents or requests for change.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach All record sets created from system generated reports or data profiles can be exported to standard formats such as Excel.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Strong Physical firewall
Regular scans
Limited Remote access
Segmented network traffic

Availability and resilience

Availability and resilience
Guaranteed availability 99.95, assured by independent validation of assertion
Approach to resilience Backup, disaster recovery and resilience plan in place, available on request.
Outage reporting Email alerts immediately provide any outage feedback to the client and the ProTech support team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Dependent on the implementation, the solution may be accessed over the Public Services Network (PSN) only. This allows only named users, to access the system from a device that is connected to the PSN.

Where the customer does not require the solution to be housed on the PSN, the system is accessed using windows authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 02/02/2018
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards ProTech delivers a Government ‘OFFICIAL’ security accredited, fully integrated web and CRM solution (Up to IL3). This pan government accreditation means customer data is held and managed within a system that has been subjected to rigorous security penetration tests and therefore is highly secure.
Information security policies and processes ProTech are ISO27001 accredited. We maintain a risk log to highlight and keep track of potential security risks. The log is monitored regularly and processes are put in place to ensure that any identified risks are mitigated. Regular reporting is given at board level with ultimate responsibility sitting with the COO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The solution (Pro9) is subject to quarterly maintenance releases, where the software is built and regression tested for public release. All source control changes are tracked and monitored using Team Foundation Server.

Pro9 undergoes an IT Health Check each year in line with those maintenance releases to ensure that the system still meets its 'OFFICIAL' accreditation status.
Vulnerability management type Undisclosed
Vulnerability management approach All security patches are applied by a group policy as and when suppliers publish these. We ensure that all patches are applied, we have a secure environment controlled by a physical firewall and all vulnerable ports are locked down. We receive regular updates from antivirus security forum to highlight potential threats, and take steps to mitigate these.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The firewall and antivirus highlight any potential intrusion. If any threats are identified all hardware is immediately disconnected from the network and individual PCs scanned and any potential threats mitigated.
Incident management type Undisclosed
Incident management approach We have incident management processes prescribed by ISO27001 whereby any incidents are reported to the security officer, any threats are logged, and actions taken to mitigate any threats are recorded. Incident reports are produced periodically to ensure all staff are aware of any potential threats and actions they should take.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £93.00 per user per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑