L2P Enterprise Ltd

L2P: Job Planning

Medical Job Planning and non-medical Job Planning for AHPs, AfCs, Nurse Practitioners, other clinicians. Automated migration tools. Powerful dashboards for precise managerial insights. Handles Hot Activities, priority activities, annualised activities, parallel activities, replacement activities, and clashing activities. Interoperable with any e-rostering system.
Market leading support from job planning experts.

Features

• Intuitive by design, loved even by technophobes. Learn in 12-minutes
• Separate purpose-built systems specifically for Medics and also for AHPs
• All contract types incl. Consultants, SAS, Nurse Practitioners, AHPs, AfCs
• Simple Job Plan creation even very complex-rotas, multiple-patterns, with annualised
• Team-based Job Planning, including 'Hot activities', managed centrally by service-leads
• Management dashboards - monitor job plan completion progress at-a-glance
• Access ANY information about ANY clinician in 2-clicks or less
• Interoperable with all e-Rostering systems
• One-click reports/analytic, advanced filtering, financial analytics
• Multiple variable sign-off levels. Activities can link to non-default teams

Benefits

• Customised implementations to your structure and activities giving total accuracy
• Largest specialist Job Planning team in the country
• Service planning and cost attribution improves decision making
• Multiple rota patterns with any number of weeks incl. annualised
• Robust governance process reducing mistakes and other increasing consistency
• Consultancy assistance to gain Levels of Attainment up to LoA-4
• Lightening fast: server responds in milliseconds. APDEX score: 0.97
• Complexities tamed: 'hot', parallel, replaced, shrunk, protected, on-call,
• Integrated with Appraisals, 360-Multi-source Feedback, Educators, Leadership with single login
• Dedicated support desk directly to end-users - response in minutes

£28 to £52 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin.johnson@l2p.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

918220878294093

Contact

Kevin Johnson
0204 558 9066
kevin.johnson@l2p.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints. Planned maintenance is conducted out of hours with prior notification.
• System requirements:
  • A modern web browser
  • Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA is less than one hour. In practice, we respond to almost all queries in under 7-minutes; We support all end-users directly, not just managers and administrators; Weekends are usually within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None to date, but the whole website is compliant
• Onsite support: Onsite support
• Support levels: First-line support for administrators and all end-user is provided by our own Helpdesk.; At implementation, we provide full training to all administrative and manager users.; We provide online training to groups of appraisers.; We provide online training to Clinical Directors and Job Planning Service leads.; Training is included in the licence fee.; We provide live 1-to-1 webinars with administrators on an 'as required' basis throughout the contract, as part of the license fee.; End users also have access to a library of professionally-produced quick start video guides and simple written guides.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: - L2P has fully-automated robotic data migration and onboarding toolkit capable of ingesting your ENTIRE Job Planning ecosystem from all other systems. ; - We can also help you download your existing Job Plans, too, - Quick Start Video Guides (12 minutes) to train doctors and AHPs - Administrators, managers and service leads are trained through a library of video guides as well as live training. - Ongoing training can also be supplied via webinar (generally on the same day as the request). During the go-live phase, L2P provides 'Hyper-support' for your administrators so that, within minutes, we will be online with you helping you deal with each and every query as requested. - We guarantee to leave no stone unturned in getting all users quickly up to speed with all things L2P. All free of charge throughout the contract term.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Users are able to download all information as PDFs and zip files of any uploaded supporting information. Before a user is removed from a client institution, the administrator is prompted to download any information required. Single users can retain their login to the system or request L2P for any downloads required.; On an institution-wide basis (at the end of the contract), L2P will off-board your data in a format that can be used in another system, e.g. PDF, or flat file
• End-of-contract process: Client organisations download any data required should they remove a user from their system.; If an organisation is decommissioning L2P they can either download all the data as zip files, or request L2P to do so for a charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference. ; Smartphones - Application specifically to upload supporting information.; The main application is best used on computers or tablets.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: There are more than 200 configuration settings in L2P across all of our modules.; If you have a specific requirement that is not already available, then L2P will programme this requirement into the system for you. ; Clients can choose from multiple different modules. Available modules are:; - Appraisal and Revalidation,; - Multi-Source Feedback,; - Job Planning,; - Medical Educators,; - Healthcare Leadership Module (2 different formats),; - Post Appraisal Questionnaires (including bespoke questionnaires),; - Quality Assurance,; - Disclosure and Barring Service check module (automated checking and reminders),; - ICO module (automated checking and reminders),; - Resources modules,; - Bespoke Checklists,; - Mandatory training module, ; - Fees Payment Module.; - Full notes module as standard.; In the configuration of the system for the client, there are also multiple different settings that can be applied - e.g. different emails and different timings of emails, and different configurations of the dashboards.; As the software has evolved over 10 years, based on client feedback, the vast majority of specification change requests have been applied universally to the system. However, clients are offered the opportunity to tailor the system specifically for their organisation.

Scaling

• Independence of resources: L2P is deployed in a highly secure cloud environment. Capacity planning is undertaken regularly and we monitor server usage - both front end web servers and database/file servers- continuously. We deploy a very generous margin of extra capacity to ensure that computing resource is never over-utilised, even by spikes in demand. We deploy load-balancers to ensure that demand is distributed evenly between resources. We have complete insight into the demands created by each new customer implementation and new servers can be provisioned within 24 hours.; We regularly increase the number of support staff to cope with the increased demand.

Analytics

• Service usage metrics: Yes
• Metrics types: L2P can show how many end-users are using the system and provide a wide range of user reports. This includes % of users logging in during specific date parameters, length of session, number of documents uploaded on average for your Trust or Board, how many times per year your users log in on average.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can download files as summary or full PDFs or as zip files.; Users can also create permission to share with third parties from within L2P. This enables those who have permission will receive a unique login to receive update of information.; All management reports, including the raw data, can be exported in Excel format
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • JPEG
  • PNG
  • Excel
  • Word
  • RTF
  • PowerPoint
  • Video

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will ensure >99.9% average monthly application uptime. Should an application fall below the 99.9% uptime, L2P will work with the Customer and use all commercially reasonable endeavours to ensure it meets this guarantee. We will refund 10% of the monthly fee for every 0.1% it falls below the guarantee level. We have never had cause to invoke this clause.; In reality, our service uptime over the last 12 months has been >99.999%
• Approach to resilience: Regular testing and maintenance of infrastructure and the N+1 policy applied to data centres provides the basis of continuity controls. This is enhanced by the provision of multiple communication routes and the replication of our data centre network infrastructure across our provider's sites. Our providers' data centres are also located outside flight paths, flood plains, have no seismic threat, and are a minimum of 3km outside sites who could pose a potential accident or hazardous threat (as governed by HSE). Therefore, in the event of any given location being lost, the primary impact to our provider would be on office facilities, but with 6 UK Offices and 10 UK Data Centres providing hosting services and support, this impact is limited and mitigated with standing arrangements to relocate staff to the nearest alternative site.
• Outage reporting: We report outages by email to all main Administrative and Managerial contacts at customers' sites. This is set up and we have a communications plan ready for activation in the event of an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All administrators require 2-factor authentication for login. This is either via a security dongle (Yubikey) that generates a 32-digit password, or via an Authenticator App that can be on their smartphone or tablet.; Administrators are also set up with the required permissions to view the information or user accounts that they are allowed to see.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 26/03/2024
• What the ISO/IEC 27001 doesn’t cover: What is covered: The provision of consultancy, design and implementation solutions for hosting managed and; unmanaged, dedicated physical or virtualised servers, secure backup and network services in resilient; data centres and internal information systems operation and support. In accordance with Statement; of Applicability version 5.0.; Our processes in house are covered by Cyber Essential Plus.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • Data Centre: ISO/IEC 27017 Cloud Information Security Controls
  • ISO 23001:2013 Business continuity services
  • ISO 27018:2018 Protection of Personal Identifiable information in the Cloud
  • ISO 27017: 2015 Cloud security information controls

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: L2P is certified to Cyber Essential Plus; ; Our Data Centre provider is certified to ISO27001 and CSA CCM version 3.0 and many other accreditations.
• Information security policies and processes: L2P has a stringent Information Governance process which encompasses training and testing of individuals, securing development machines to IP addresses, Multi-Factor Authentication when accessing client data or source code. External verification is achieved through assessment against Cyber Security Essentials Plus and we undertake regular CREST penetration testing.; ; Our Data Centre provider adheres to the Security Classification Definitions as described in the Government Security Classifications Policy (GSCP). This is outlined and defined in thier Quality Manual and forms part of thier overall integrated management system, which consists of UKAS / APMG / NCSC accredited systems. Notably; ISO 27001:2013 Information Security Management; ISO 20000-1:2011 IT Service Management; ISO 9001:2015 Quality Management; ISO 14001:2015 Environmental Management and NCSC compliance for the hosted cloud service. All are regularly audited for compliance by an accredited certifying body. These standards require our provider to have robust controls in place to manage data, documents and records. All Data Centres and have been independently assessed on a number of occasions by local authorities and UK Government Departments, Senior Information Risk Owner’s (SIRO) as suitable for holding and processing their sensitive information to OFFICIAL level.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: L2P's configuration and change management processes include:; full security implication reporting on any infrastructure change proposals; full evaluation of data centre providers' change management assurance; full evaluation on staff IT resources prior to access of L2P systems; ; Our data centre provider's change management processes are in line with ISO27001 control A.12.2 Controlled mechanism for making changes to the operational environment are in place.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: L2P uses a threat intelligence service via anti-virus protection service. It provides in-depth, up-to-date global knowledge about specific threats and attack sources. We identify and manage vulnerability exposure following Penetration Testing and whenever significant code is being deployed or infrastructure changes are being made. We use accredited third party expertise where appropriate (such as CREST penetration testers).; ; Our data centre's vulnerability management process is aligned with ISO27001:2013 control A12.6.1 which addresses 3 key areas:; ; • Timely identification of vulnerabilities; • Assessment of or exposure to a vulnerability; • Defined measures to address the risk
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our data centre Protective Monitoring process is aligned with ISO27001:2013 control A.12.4 which details:; • Event Logging; • Protection of log information; • Admin & operator logs; • Clock synchronisation; • Incident Management
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: L2P has an incident management procedure which includes:; • Responsibilities and procedures for common events; • Assessment of and decision on security events; • Response process; • Evidence collection; • Learning from incidents; ; Our hosting provider's incident management process is aligned with ISO27001:2013 control A.16.1

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  L2P is available fully online and clients are encouraged to reduce waste by utilising the online functionality primarily. All L2P staff work remotely, avoiding the carbon footprint of maintaining a large office, and of staff travelling into a central location. All L2P staff are encouraged to go paperless.

  Covid-19 recovery

  L2P adapted their systems and worked closely with clients to reduce the regulatory burden on clinicians using L2P. We work closely with administrators to support them technically with the system and change data, deadlines, etc. and to reduce challenges posed by Covid-19.

  Tackling economic inequality

  L2P has an equal opportunities policy when it comes to hiring new staff and we ensure above standard industry remuneration for all our staff. As L2P staff work remotely, geographical location or ability to travel are not barriers to employment or success in their role.

  Equal opportunity

  L2P has an equal opportunities policy when it comes to hiring new staff. As L2P staff work remotely, physical or social mobility challenges are not barriers to employment or success in their role.

  Wellbeing

  All staff are encouraged to undertake personal development through the company. We support all staff with their workplace wellbeing as well as adapting our systems to support wellbeing for our clients. Each employee has a monthly wellbeing fund they can utilise for personal development or to enhance their physical or mental health

Pricing

• Price: £28 to £52 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A fully featured pilot for as many users as you request for an extended period of time. We would be happy to provide a complete implementation service for you, including configuring the system to your exact requirements.
• Link to free trial: L2p.co.uk

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin.johnson@l2p.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.