Capita Business Services Limited


CHKS is a leading provider of healthcare intelligence and quality improvement services. Since 1989 we have been developing hospital benchmarking and performance management solutions for healthcare organisations in over 20 countries and have worked with over 400 clients throughout the world.


  • Easy to export to Excel, CSV, Word and PDF files.
  • Automatically updated as new national data is released
  • Local data can be updated as frequently as weekly
  • Various presentation options including, heat maps, charts and tables
  • Help function on every page
  • Reports track performance by priority indications, division, and local peers
  • Fast upload of Trust data
  • Shows percentile position within your peer group


  • Provides assurance to stakeholders on efficiency versus quality and care.
  • Enables early detection of variations in performance
  • Enables a swift response via targets and alerts functions
  • Customisable scorecards to support Trust objectives
  • Standard Key scorecards already configured; i.e. CQC indicators, Mortality, Efficiency
  • Converts data into intelligent information to support decisions
  • Enables benchmarking against other providers to become best in class
  • Provides patient level data and analysis, supporting Trust improvement review


£36000 per licence per year

Service documents

G-Cloud 9


Capita Business Services Limited

Capita Business Services Ltd

0870 240 7341

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Helpdesk support is provided between 8.00am – 5.00pm from Monday to Friday with out of hours’ support facility via email. Support functions have the ability to resolve end user queries within 24 hours through dedicated account management, consultants and technical support. If the issue is unable to be resolved over the phone or requires technical resolution, a ticket is raised through the JIRA call logging system. The consultant manages the process on behalf of the customer, ensuring all required information is collected, answering questions that arise and monitoring progress. They remain in communication with the customer and keep them updated.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Helpdesk support is provided between 8.00am – 5.00pm with out of hours’ support facility via email. Support functions have the ability to resolve end user queries within 24 hours through dedicated account management, consultants and technical support.
Full technical support of the system is provided along with informatics expertise. Dedicated and experienced account managers/consultants provide consultancy, insight and intelligence covering regular review meetings (frequency agreed between Trust stakeholders, access to data, accuracy and timeliness of information flow, activity monitoring and other performance issues, response to requests for information and other data queries, internal reporting requirements, areas of focus / future planning, system enhancements and ongoing training and support.
Support can be included in that initial licence or subscription for packaged rates, or bought individually at £750 per day.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Implementation is delivered in year 1 of the contract and through a combination of onsite and offsite configuration of the tool and training.
CHKS will work with the main contact to set up an implementation and user group. Implementation is based on a mix of configuring the programme to the specific requirements and structure of the trust and knowledge transfer to users and key stakeholders. As the system has been designed to be intuitive and user-friendly, there is not an intensive training requirement. Typically, Trusts use five days of training within year 1. This training provides a sufficient level of knowledge transfer for a core group of users to use the system and cascade their knowledge as required. It also trains system administrators in the management and configuration of the system.

We provide the training on-site, with WebEx sessions also available. Once configuration is underway, we work with customers to agree a detailed training programme to take place over the following month with key staff groups and train local trainers to continue this work.

The training is complemented by in-built screen specific help files and a documented user manual. Further training materials and videos are available through the CHKS website.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction As our system allows the analysis and reporting of users existing data, no formal data extraction is required. Users will stop submitting their data to us and are able to export and final reports or charts in a range of formats before access is switched off.
End-of-contract process If the customer does not wish to renew its contract, three months’ notice should be provided to commence the decommissioning process. The customer should make arrangements for the final data submission to CHKS to be made no less than one month before contract end date and our team will switch off data processing services to ensure no further data is uploaded. At the contract end date, access to the system will be switched off and the tool decommissioned by CHKS. The customer should use the time leading up to this date to export any reports required. This is included in the price of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no functional differences as both mobile and desktop users access the system through browsers. The system layout was designed to ensure that users could fully access the system regardless of whether it was a mobile or desktop device so that it delivers the full service on either.
Accessibility standards None or don’t know
Description of accessibility The service is an analytical service, accessible through any web browser and allowing statistical comparison of data through graphs and charts in response to users selections. Data is reconfigured in real time, but can be exported for use in a wide variety of formats for further access.
The system meets many of the criteria listed, such as colour is not the only way of conveying information.
Accessibility testing Interface testing has been carried out on the usability of various browsers and complies with standard controls.
Customisation available Yes
Description of customisation Every user can customise iCompare to view and analyse information specific to them. The system has pre-populated scorecards but includes the ability for user defined and organisation ones to be created, using over 570 indicators. These scorecards can then be further customised through cluster any option in the system, creating structures specific to service users organisation. Filters can be applied to ensure users are able to have granular control over the information that they are analysing. Show by options can be used on each indicator to view sub-set of information. Organisation relevant peer groups can be created and saved for future use.
In addition to this, organisations can provide additional datasets to CHKS to be uploaded for analysis in the system.


Independence of resources We take a number of steps to mitigate against service degradation through high usage volumes to ensure that any impact is minimal. Our hardware is specified to such a level that our clients do not notice any impact (delays are generally measured in milliseconds). Any large increase in client base would be met with an equivalent increase in hardware to retain these response times.
Elastic search has been utilised to ensure that large volumes of data can be analysed and retrieved rapidly, supporting user experience at scale.


Service usage metrics Yes
Metrics types CHKS can provide service usage metrics including audit data. These include total number of user visits, individuals accessing the system, number of visit and time logged in.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All reports in iCompare can be exported for further internal analysis or for pulling notes for case note reviews.

Users can choose what output they want the data to be displayed e.g. pdf, CSV, ODS, jpeg, and Microsoft Word and Excel. This will enhance considerably how reports are compiled and built for export purposes.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JPEG
  • DOC
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Between Capita network (the office) and 6 degrees: SSH (AES256)

Availability and resilience

Availability and resilience
Guaranteed availability Typical SLA is 99.9% availability not including scheduled out-of-hours maintenance. Specific agreements can be discussed with individual customers.
Approach to resilience We utilise ElasticSearch’s built in resilience and retain data which has been processed in backups allowing us to recover any data lost within minutes.
Outage reporting Outages can be reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Our dedicated consultant works with named customer contacts to identify and assign super users or system administrators. These users then have the ability to restrict how dashboards are shared across the organisation and other configurations such as the clustering of data. They are also able to set up new users with access to the system. Any user will be able to access technical support, but the named contact will be the main route to advanced support and added value services.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 22/2/17
What the ISO/IEC 27001 doesn’t cover Finance
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NHS IG Toolkit
Information security policies and processes We have a documented information security policy that is reviewed annually. CHKS recognises that information security is a key business driver and is committed to managing the security of information including:
Maintaining confidentiality – access to information is granted only to those with specified authority to view the information.
Ensuring integrity – information is accurate and up to date.
Assuring availability – information is always available to those who require it, at the right time.
Ensuring legal compliance – by making sure that CHKS is adhering to all relevant legislation.

CHKS has determined that the most effective way to manage information security is to establish an ISMS. This will be based on the information security policy (this document) and a supporting set of policies and procedures (the ISMS manual).

We monitor compliance against regular staff information security training and have a dedicated quality manager who communicates any changes or reminders to the policy that are required.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach CHKS operates a formal change control process covering minor changes (eg minor defects, low level improvements), major changes (eg as new products), and platform changes (eg software upgrades). Changes are assessed for information governance and security before proceeding to a committee for review and approval. If necessary, a full security risk assessment will be carried out, or if a change is to an existing environment and exposes no additional sensitive data then the risk assessment is carried out during ongoing ISMS risk assessments. All changes are developed in line with industry standard good practice and subject to regular penetration testing.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All of our systems are based on the LAMP stack and are updated regularly for all software packages. Any urgent patch notifications which are made public, for the operating system or services we make use of, are updated within 24hrs of us becoming aware.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We run an internal monitoring system with multiple monitoring strategies. Any alerts are passed on to the team, 24hrs a day via mobile alerting and any issues are responded to immediately.
Incident management type Supplier-defined controls
Incident management approach CHKS operates an ISMS Reporting and Incident management procedure. This defines the process that staff must follow if they uncover or are involved in an incident. All incidents are reported to line management, local and divisional info sec, and senior management as needed. All incidents are logged in an internal online system and are reported monthly.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £36000 per licence per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑