Skip to main content

Help us improve the Digital Marketplace - send your feedback

PRACTICE INDEX LTD

Practice Index HUB

Manage your GP practice HR, learning, finance and compliance - All in one place

Features

  • HR Package
  • Learning Package
  • Finance Package
  • Compliance Package
  • Groups Manager

Benefits

  • HR, learning, finance and compliance - All in one place
  • Encourages collaboration between staff and practices
  • An easy to use and accessible platform

Pricing

£325 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@practiceindex.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 7 9 3 9 8 1 3 6 7 3 4 8 4 3

Contact

PRACTICE INDEX LTD James Dillon
Telephone: 02070995510
Email: info@practiceindex.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
Just a web browser is required

User support

Email or online ticketing support
Email or online ticketing
Support response times
Usually within an hour between 8.30am - 6pm weekdays.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We have step-by-step guides and videos on how to do everything. Or speak to our support team who will be happy to help. Once you are logged in there is a “Help” link at the top of every page (in the top orange bar) of the HUB. Click that for more help and support options.
Support available to third parties
No

Onboarding and offboarding

Getting started
Our full support is included with all our services. That includes online, email and telephone support. Users can also book a remote support session and demo at a time and date that suits them.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can download certain data into spreadsheets.
End-of-contract process
No additional costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The HUB is fully responsive so it adapts to any screen size.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
You can customise many areas of your HUB depending on your practice requirements.

Scaling

Independence of resources
Our cloud hosted system is designed to be scaled out in line with the needs of our growing customer base. We monitor the performance of our service and optimise or add additional resources as appropriate.

Analytics

Service usage metrics
Yes
Metrics types
User activity and usage.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
PDF or spreadsheets
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We target availability of 99.9% for our services during business hours (identified as 0900 Monday to 1730 Friday).
Approach to resilience
Available on request
Outage reporting
Notifications on the platform dashboard, email and social media.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The system employs role based access control to limit access to data and functionality to the appropriate users. These roles can be managed by system administrators.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Cyber Essentials
Information security policies and processes
Security policies and procedures

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Change Management Process for software and systems:

> Someone identifies a needed change.
> A request for the change is submitted.
> The request is reviewed to assess its impact and feasibility, considering potential risks and how critical the change is to the system.
> The change is either approved to proceed or declined.
> Approved changes are scheduled for implementation.
> A "means of escape" includes procedures for aborting and recovering from unsuccessful changes and unforeseen events

Additionally, we perform security testing regularly, with extra focus after major changes to infrastructure or services.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use industry standard security controls (e.g. firewalls, encryption, ids, anti-dos) to mitigate threats. We also use various tools, monitoring software, penetration testing, user feedback and industry resources to help us identify potential threats and vulnerabilities. Our product team then deploys solutions quickly and efficiently, minimising downtime for the service.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use an automated log auditing system (IDS) to monitor system logs and trigger alerts for further investigation by a relevant team. We also keep extensive application auditing data to be able to identify potential misuse.
Incident management type
Supplier-defined controls
Incident management approach
A structured approach to handling security incidents consists of:

> We have a pre-defined process for all stages of an incident:
> Detection and investigation
> Planning how to respond
> Collecting evidence
> Deciding how serious it is
> Recovering and communicating to everyone affected

We report relevant security incidents promptly and clearly.

Users can report incidents through a support email ticket or phone.

All incidents are documented with details, actions taken, next steps, and a reference for further actions.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Equal opportunity
  • Wellbeing

Equal opportunity

Our organisation is dedicated to ensuring equal opportunities for everyone. Our policy ensures that no customer or individual affiliated with our organisation is subjected to unfavourable treatment.

Wellbeing

Our organisation holds the belief that the mental health and well-being of our employees are crucial for the success and sustainability of our organisation.

Pricing

Price
£325 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@practiceindex.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.