Skip to main content

Help us improve the Digital Marketplace - send your feedback

Leicestershire Health Informatics Service

Cloud Hosted Content Management System (CMS)

HIScms is a cloud hosted CMS with additional associated services to provide maximum benefits. You can update your content using a very simple online interface. We also offer content and development support so you can make sure your site is up-to-date, informative and reflects your organisational offerings.


  • Range of templates that we adapt to suit your organisation/brand
  • All templates meet the required accessibility and usability standards
  • All of our websites are securely hosted
  • Your data is backed up externally every night
  • Add users as the website administrator
  • Integrate social media: twitter, YouTube, blog etc...
  • Easy to use editor:customer makes their own changes
  • An integrated statistics tool


  • Extremely robust, future-proof and available to a broad audience
  • Social media increases engagement with visitors to your website
  • Customer empowered to maintain their own website


£450 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 9 1 5 0 4 6 1 1 9 7 7 0 6 2


Leicestershire Health Informatics Service LHIS
Telephone: 01162953500

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Intranet and public facing websites
Cloud deployment model
Private cloud
Service constraints
The environment can be set up to be accessed over the internet or the HSCN network. Bandwidth and latency are dependent on the application and the connection type.
Perimeter security services provide a layered protection at the perimeter of LPT’s network and server infrastructure, bringing together security capabilities based on firewalls, intrusion detection and prevention services (IDS and IPS) and DDoS protection and mitigation technology
System requirements
Internet or HSCN connection and a web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times agreed by SLA. LHIS service desk operates 07:00 to 20:30 Monday to Friday and 08.00 to 13.00 Saturday excluding weekends and UK Bank Holidays. A 24 hour out of hour’s service is available for an additional surcharge. We also provide out-of-hours IT and Senior Management cover where there is a priority 1, urgent loss of service which has a direct impact on patient care and where there is no alternative.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Typically an SLA is drawn up detailing availability, resilience, redundancy and support arrangements and this is then managed during the lifetime of the system.
Table 3 and Table 4 in the attached service definition show the standard severity matrix and response times within LHIS (which may differ if requiredl). When calls are logged with our service desk we grade them with severities depending on the nature of the issue. The service
desk operates according to ITIL change management procedures. Response time shown in the attachments. These standards are negotiable if required to meet customer needs, however customers should note this may have an impact on the service price. LHIS uses back office support and system functions from with the UK.
Support available to third parties

Onboarding and offboarding

Getting started
The on boarding process is managed according to PRINCE 2 project management principles and includes the following:

• Initial set up and testing before handover
Service documentation
Documentation formats
End-of-contract data extraction
In the rare event that a customer decides to terminate the service LHIS will provide the SharePoint data in electronic format. Please note depending on the volume of data and customers preferred method of receipt this may incur a fee.
End-of-contract process
Once the data is securely transferred LHIS will securely delete the historical data unless otherwise requested by the customer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Optimised website view for mobiles
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Customisation available
Description of customisation
Product can be branded to fit in with customer's existing brand guidelines. The CMS is tailored to your own business requirements, best suiting you and your organisation.

Specific access can be given to specific users.


Independence of resources
Dedicated resource with agreement with the customer via SLA


Service usage metrics
Metrics types
API: JavaScript, ASP.NET, REST/OData
Reporting types
API access


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
ISO 27001
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Documents can be downloaded direct from the site.
Data export formats
Other data export formats
Format in which they were uploaded
Data import formats
Other data import formats
Microsoft Office

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs are agreed on a customer to customer basis as they are bespoke to the contract.
Approach to resilience
Available on request
Outage reporting
Send email alerts and a customer facing dashboard

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
User access controls are assigned according to the requirements of the user and organisation via user access profiling
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
May 2016
What the ISO/IEC 27001 doesn’t cover
Current coverage = management of email
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Tigerscheme (recognised as Cyberscheme)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Information security policies and processes
Public Sector and NHS standards for Information Security. ISO 27000 accredited.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We operate according to ITIL change management procedures
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We operate a security and vulnerability service which is run on a routine and cyclical basis this uses industry standard tools such as Nessus. We are also part of the CareCert alerting system.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a formalised incident response methodology which is designed to address issues and threats as they are identified.

These incidents are addressed with defined timescales, depending on their severity.
Incident management type
Supplier-defined controls
Incident management approach
Incident response processes are defined through NHS security and governance standards. These are delivered through local policy provisions.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
Health and Social Care Network (HSCN)

Social Value

Covid-19 recovery

Covid-19 recovery

LHIS were critical to the initial response to lockdown one. We supported several thousand NHS staff in LLR working from home and once the vaccination programme started we were also absolutely key to the establish of the IT Infrastructure for all the Vaccination Centres required in LLR. LHIS were nominated and won the LLR Award for COVID Hero’s for all the work we had done in response to COVID. I attach the nomination below. "We would like to nominate the team at Leicestershire Health Informatics for their outstanding work to keep us all IT operational during this challenging time. Without their continued dedication, as a system across Community, CCGs and Primary care we would not have been able to support remote working to keep our teams and our patients safe. In Particular we would like to highlight the efforts of Ian Wakeford, Tirath Singh, Chris Elliott and Jaz Dhinsa for all of their hard work and dedication in supporting the development and go live of our Covid vaccination sites. These individuals have been fundamental in the set up of our PCN hubs and have dealt with the daily challenge of the national directive changing ensuring they revisit our plans and adapt to ensure we can still deliver. They have achieved this through their own strong team working and working closely with our clinical and managerial teams and as we deployed our PCN teams. They have each taken clear ownership and responsibility over the IT delivery requirements. They have all gone above and beyond during this time helping to support the IT infrastructure on the ground where our teams are now delivering the vaccine. Every vaccine delivered is a life saved and the team at LHIS have played a huge part in helping us to achieve this delivery."
Equal opportunity

Equal opportunity

Leicestershire Partnership NHS Trust (LPT) has designed and implemented policy documents that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. It takes into account the provisions of the Equality Act 2010 and promotes equal opportunities for all. This policy has been assessed to ensure that no one receives less favourable treatment on the protected characteristics of their age, disability, sex (gender), gender reassignment, sexual orientation, marriage and civil partnership, race, religion or belief, pregnancy and maternity.

The Trust is committed to creating a culture where everyone has equal chances to improve their health and welfare in an environment free from any unlawful discrimination, harassment and bullying.

All job advertisements will include a statement to encourage applications from groups that are under-represented within the Trust. Any positive action initiatives to encourage such applications will keep to relevant legislation.

The Trust’s Equality, Diversity and Inclusion Strategy 2021 - 2025 has been designed and developed to improve service delivery to the broader community and meet our public sector equality duty. The Trust will also aim to extend its focus to reduce the health inequalities and associated socio-economic factors. The objectives and any associated action plans for the next four years will focus on activity that improves outcomes for those most disadvantaged.


£450 a unit a day
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.