Independent IT review

Published: 26 March 2025 Page last updated: 26 March 2025

Downloads

1. Introduction

1.1. Overview

This Independent IT Review (IIR) was commissioned in the light of the Penny Dash report [i] which, amongst other findings, reported:

poorly performing IT systems are hampering CQC’s ability to roll out the Single Assessment Framework (SAF), and cause considerable frustration and time loss for providers and CQC staff.

The report made 7 recommendations, the first of which stated that there is a need to

rapidly improve operational performance, fix the provider portal and regulatory platform, and improve the quality of reports

As such, the scope of this independent IT review is bounded by the Provider Portal (PP) and Regulatory Platform (RP) IT systems, which have (for the last 2 years) been governed by the Regulatory Transformation programme which in turn fits within an organisational Transformation Portfolio which has been running over 5 years (2019 to 2024).

It has been subsequently understood that the PP is a module of the RP, along with five other major modules and as such hereafter this report will refer to the platform as the RP and its component modules.

This IIR responds to the following questions:

Where are we now, with respect to the functionality of the RP:

  1. How and why did the CQC get to the point where the IT solutions (RP) generated under the auspices of the Regulatory Transformation Business Case has caused/is causing such a significant level of organisational disruption?
  2. Is the IT solution (RP) salvageable based on the current contractual relationship with supplier and subcontractors?
    1. If so, what needs to be done to make the IT solutions (RP), the overall operating model, the programme management and contractual controls, fit for purpose.
    2. If not, how should the CQC proceed to build or buy and then implement an IT solution that is fit for purpose in the shortest possible time.

There have been several reviews, audits, lessons learned reports already undertaken and the intention of this report is to be additive rather than duplicative but will draw on some of the findings of these analyses for expediency. This review is fully independent of the CQC or any of its delivery or funding partners.

1.2. Notes about the report format and language

This report contains many appendices which enable to reader to easily explore further detail about various points and engage in some of the associated contents. The first reference to each appendix will act as a hyperlink to that appendix. The appendix title at the end of the document is also a hyperlink which returns the reader back to the document at the point they left it.

Due to the short nature of this investigation (4 weeks) and the volume and complexity of the subject material, this report surfaces many opinions that are stated as fact – e.g. “the CQC doesn’t consider data as a strategic asset”. These statements are included because they were heard by more than one source and there is corroboration to be found in the situation that the CQC finds itself. Recognising the complex and nuanced environment, for each of these type statements the reader is invited to consider “it is alleged that...” as a pre-modifier.

1.3. Method for this IIR

Detailed conversations took place with over 100 people from the CQC and its design/delivery partners. The meetings were recorded on Teams with permission from the participants and the transcript was then considered and, in many cases, summarised using the AI tool, Microsoft Copilot. Many documents were reviewed and cross referenced with the content from the interviews. Best practice documents, legal requirements (e.g. the Data Protection Act 2018) and other industry standards were used as a guiding framework to analyse the history of the programme and make recommendations for the way forward. Extensive web research, supported by Microsoft Copilot, also assisted in benchmarking the CQCs position with similar organizations to avoid a simple dogmatic adherence to best practice guidance. The appendices have been created in part by Copilot to provide the reader with an easy access summary of external advisory documents (e.g. standards, best practice guides etc). As the readership for this document may be wide no prior knowledge of best practice is assumed and no insult intended if some of the material is below the readers current experience. All AI generated content has been carefully checked.

A factual accuracy process has run since mid-December 2024 with a small number of staff providing continuous feedback on the emerging drafts of the document. One aspect of the overall report (Data and Reporting) was pulled out as an excerpt and 10 experts in that area collaborated specifically with the author to shape that aspect of the report.

This report has only been possible because of the many people who contributed their time and expertise positively and generously to this investigation. It is very clear that the staff at CQC having been working diligently to fulfil their duties and keep members of the public safe in very difficult circumstances and it is a testament to their characters that they are determined to move forward positively and find a way to bring the CQC back to a fully effective and efficient organisation. They should be praised and thanked for their contributions to this report and their ongoing efforts.

Note

i Review into the operational effectiveness of the Care Quality Commission: full report - GOV.UK