Log in to Skyline

The Digital Technology Assessment Criteria for Health and Social Care (DTAC)

Source - DTAC_version_1.0_FINAL_updated_16.04 https://www.nhsx.nhs.uk/key-tools-and-info/digital-technology-assessment-criteria-dtac/

Table of contents

The assessment criteria is made up of five core components. Sections A and B will provide the assessors the context required to understand your product and support your evidence. The core assessment criteria is defined in section C1-C4. Section D details the key Usability and Accessibility principles required. Further frequently asked questions are available at the end of the document.

The core criteria in Section C will determine the overall success of the assessment of your product or service. The accompanying score provided from Section D will show the level of adherence to the NHS Service Standard.


A. Company information - Non-assessed section

Information about your organisation and contact details.





Provide the name of your company

Informatica Systems Ltd


Provide the name of your product



Provide the type of product

Software as a Service (SaaS)


Provide the name and job title of the individual who will be the key contact at your organisation

Andrew Syme

Operations Director


Provide the key contact's email address



Provide the key contact's phone number



Provide the registered address of your company

Aurora House, Deltic Avenue, Rooksley, Milton Keynes, Buckinghamshire, United Kingdom, MK13 8LW


In which country is your organisation registered?



If you have a Companies House registration in the UK please provide your number



If applicable, when was your last assessment from the Care Quality Commission (CQC)?

Not applicable



If applicable, provide your latest CQC report.

Not applicable

B. Value proposition - Non-assessed section

Please set out the context of the clinical, economic or behavioural benefits of your product to support the review of your technology. This criteria will not be scored but will provide the context of the product undergoing assessment.
Where possible, please provide details relating to the specific technology and not generally to your organisation.






Who is this product intended to be used for?

Diagnostics | Clinical Support



Provide a clear description of what the product is designed to do and of how it is expected to be used

Skyline is a cross platform primary care software product consisting of a wide range of clinical analytical software solutions and clinical decision support tools for use in the primary care, commissioning and public health sectors.

It is a replacement product line on a cloud based architecture for Informatica’s existing iCAP Audit+ (and related modules) product suite.

Skyline is closely aligned with NHS Digital’s GPIT Futures programme and designed to support the Clinical Decision Support, Risk Stratification and Population Health Management capabilities.

Skyline acquires and processes patient clinical data from the principal clinical systems and analyses it against pre defined criteria to create cohorts of patients according to user defined sets of rules. This data is then presented in an interactive format.

Clinical decision support content is presented to clinical users to enable them to act on the results delivering high quality care for better outcomes. 

Skyline has the infrastructure to add the functionality to collect patient data from end users according to user defined set of rules and to call and re call patients to practices and clinics.

Skyline’s Clinical Decision Support capability consists of 5 core elements which are used to provide Solutions to customers:

  1. Data Acquisition - This takes inputs from principle clinical systems and stores the data within our database in a common format.

  2. Calculators - The calculators provide implementations of pre-existing algorithms used within solutions.

  3. Logical Query Definitions - LQDs are used to codify the rules that identify cohorts; lists of patients, sometimes referred to as registers. They provide query, filter and simple logical and calculation functions as well as the ability to pass and receive data to calculators.

  4. Analysis Engine - The Analysis Engine uses the LQDs and calculators to create cohorts based on the data available from Data Acquisition. Cohorts are displayed as actionable information to users.

  5. Dashboards - Dashboards can be provided to provide overview displays to support review and management of cohorts.

Based on their requirements, Customers will be provided Solutions which include cohorts and, where necessary, dashboards. Solutions are not individually CE/CA marked but are assured to confirm the implementation does not adversely affect the overall assurance of the Skyline product.

Clinical Calculators and Tools

Skyline includes the implementation of various clinical calculators / tools and algorithms (referred to more generally as ‘calculators’). None of the algorithms have been developed by Informatica. The calculators are simply implementations of pre-existing algorithms. These calculators can be used to access the risk of a particular condition for a selected patient (eg. eRAT Cancer Calculators). They may use data that has been extracted from the patient's clinical records, or require the entry of data by a clinician.  Some calculators can be used on an ad-hoc basis by the clinician, and some are used within solutions with the data obtained solely from the patient's clinical record.  The results can be used to warn the clinician of potential areas of risk.  Where relevant the result of the calculator is written back into the patient's clinical record against a suitable clinical code (Read or SNOMED).

Intended Use

Skyline is intended to support GP practices and commissioners to improve the quality of patient care, increase efficiency, meet national and local targets and maximise practice income.

Skyline is a primary care data analysis tool that downloads and analyses patient data from the principal clinical system and presents the findings in a given way based on requirement or user specification. It has the ability to deliver clinical decision support in the form of patient cues and in future releases will support collection of patient data and patient recall. Skyline supports a range of third party patient tools and risk calculators.


Describe clearly the intended or proven benefits for users and confirm if / how the benefits have been validated


Skyline is designed to help practices improve their data quality to help underpin the delivery of high quality patient care. It allows easy analyses of general practice clinical data for local and national service supervision and other primary care initiatives.  It also provides clinical decision support cues to influence GP behaviours at the point of consultation.

It is configurable to include a range of solutions to help deliver quality and productivity improvement initiatives, medicines optimisation and to support the implementation of and delivery against local or national guidelines, enabling the delivery of cost savings. 

The Public Health support suite of solutions aim to support Local Health Organisations who need to ensure successful delivery of public health programmes through primary care.  Examples include Immunisation programmes, virus monitoring and risk stratification, patient management and deployment of NHS Health Checks.



Please attach one or more user journeys which were used in the development of this product


Where possible please also provide your data flows

Not available


C. Technical questions - Assessed sections

C1 - Clinical safety

Establishing that your product is clinically safe to use.
You must provide responses and documentation relating to the specific technology product that is subject to assessment.

The DCB0129 standard applies to organisations that are responsible for the development and maintenance of health IT systems. A health IT system is defined as “product used to provide electronic information for health and social care purposes”. DTAC is designed as the assessment criteria for digital health technologies and C1 Clinical Safety Criteria is intended to be applied to all assessments. If a developer considers that the C1 Clinical Safety is not applicable to the product being assessed, rationale must be submitted exceptionally detailing why DCB0129 does not apply.

The DCB0160 standard applies to the organisation in which the health IT is deployed or used. It is a requirement of the standard (2.5.1) that in the procurement of health IT systems the organisation must ensure that the manufacturer and health IT system complies with DCB0129. The organisation must do so in accordance with the requirements and obligations set out in the DCB0160 standard. This includes personnel having the knowledge, experience and competences appropriate to undertaking the clinical risk management tasks assigned to them and organisations should ensure that this is the case when assessing this section of the DTAC.

If the Clinical Safety Officer or any other individual has concerns relating to safety of a medical device including software and apps, this should be reported to the Medicines and Healthcare products Regulatory Agency (MHRA) using the Yellow Card reporting system: Report a problem with a medicine or medical device - GOV.UK (http://www.gov.uk ).





Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129?











Please detail your clinical risk management system

Hazard and Risk Assessment

Skyline Development and Operation follows a systematic hazard identification exercise has taken place for Skyline, as outlined in the Skyline Risk Management Plan.  This included identifying the overall safety goal and performing preliminary and functional hazard identification.

All identified hazards and the subsequent risk analysis and risk management are documented and tracked in the Skyline Hazard Log which is held on Jira.  A summary of the entire hazard assessment is outlined in the following sections of this Clinical Safety Case and Closure Report. 

Foreseeable Misuse and Safety Hazards

Preliminary hazard identification has identified potential 14 potential foreseeable misuses, safety and data protection hazards which could arise associated with the Skyline system, if not sufficiently mitigated or controlled.

Safety Goal

The top-level safety goal for Skyline is to assure that Skyline is manufactured as acceptably safe for its intended use and indications of use.

The criteria for risk acceptability for Skyline are defined in the Skyline Risk Management Plan, however, the overall goal is to manage all residual safety risk as far as possible (AFAP).  This safety goal is achieved through demonstrable compliance to industry best practice safety standards, including ISO 14971 and DCB0129.



Please supply your Clinical Safety Case Report and Hazard Log

Available on Request



Please provide the name of your Clinical Safety Officer (CSO), their profession and registration details

Beverly Scott

Details available on request



If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)?




If yes, please provide your MHRA registration number



If the UK Medical Device Regulations 2002 are applicable, please provide your Declaration of Conformity and, if applicable, certificate of conformity issued by a Notified Body / UK Approved Body




Do you use or connect to any third-party products?



If yes, please attach relevant Clinical Risk Management documentation and conformity certificate

Not Applicable

C2 - Data protection

Establishing that your product collects, stores and uses data (including personally identifiable data) compliantly.

This section applies to the majority of digital health technology products however there may be some products that do not process any NHS held patient data or any identifiable data. If this is the case, the Data Protection Officer, or other suitably authorised individual should authorise this data protection section being omitted from the assessment.





If you are required to register with the Information Commissioner, please attach evidence of a current registration.

If you are not required to register, please attach a completed self-assessment showing the outcome from the Information Commissioner and your responses which support this determination.




Do you have a nominated Data Protection Officer (DPO)?




If you are required to have a nominated Data Protection Officer, please provide their name.

See ICO Registration



Does your product have access to any personally identifiable data or NHS held patient data?



Please confirm you are compliant (having standards met or exceeded status) with the annual Data Security and Protection Toolkit Assessment.




Please attach the Data Protection Impact Assessment (DPIA) relating to the product.


See https://ishealth.atlassian.net/wiki/spaces/CSD1/pages/2465267744


Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer (if one is in place) or an accountable officer where exempt in question C2.2.



Please confirm where you store and process data (including any third-party products your product uses)



If you process store or process data outside of the UK, please name the country and set out how the arrangements are compliant with current legislation

AWS is an approved Cloud Provider for NHS

C3 - Technical security

Establishing that your product meets industry best practice security standards and that the product is stable.

Dependent on the digital health technology being procured, it is recommended that appropriate contractual arrangements are put in place for problem identification and resolution, incident management and response planning and disaster recovery.

Please provide details relating to the specific technology and not generally to your organisation.






Please attach your Cyber Essentials Certificate





Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period.


Available on Request


Please confirm whether all custom code had a security review.

Yes - Internal code review


Please confirm whether all privileged accounts have appropriate Multi-Factor Authentication (MFA)?



Please confirm whether logging and reporting requirements have been clearly defined.




Please confirm whether the product has been load tested


AWS capacity is elastic, though V&P testing is planned in our backlog.

C4 - Interoperability criteria





Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers?



If yes, please provide detail and evidence:

Not Applicable


Do you use NHS number to identify patient record data?



If yes, please confirm whether it uses NHS Login to establish a user’s verified NHS number.

If no, please set out the rationale, how your product established NHS number and the associated security measures in place.

Patient Log-in is not supported in our application.

Data is extracted from the Principal Clinical System who are responsible for ensuring the correct establishment of NHS Number.





Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability (e.g. OAuth 2.0, TLS 1.2)

No because the product does not read/ write into EHRs directly


If yes, please detail the standard

Not Applicable


If no, please state the reasons and mitigations, methodology and security measures.

Skyline reads and writes into the Principal Clinical System through the NHSD Assured IM1 interface


Is your product a wearable or device, or does it integrate with them?




If yes, provide evidence of how it complies with ISO/IEEE 11073 Personal Health Data (PHD) Standards.

Not applicable


D. Key principles for success

The core elements defined in this section will form part of the overall review of the product or service and is a key part to ensuring that the product or service is suitable for use. The assessment will set a compliance rating and where a product or developer is not compliant highlight areas that the organisation could improve on with regards to following the core principles.

This section will be scored in relation to the NHS service standard. This will not contribute to the overall Assessment Criteria as set out in Section C.

D1 - Usability and accessibility - scored section




Supporting information


Understand users and their needs in context of health and social care

Do you engage users in the development of the product?


NHS Service Standard Point 1




If yes or working towards it, how frequently do you consider user needs in your product development and what methods do you use to engage users and understand their needs?

All design and operational changes consider user needs. Changes are subject to user assessment prior to deployment where appropriate


Work towards solving a whole problem for users

Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey?

Working towards it.

Skyline replaces an existing product and the company staff have extensive knowledge of the environment, pathway, uses and challenges. The company is working towards formally mapping all these journeys.

NHS Service Standard Point 2 and Point 3 are often dealt with by teams together.





If yes or working towards it, please attach the user journeys and/or how the product fits into a user pathway or journey

No evidence available


Make the service simple to use

Do you undertake user acceptance testing to validate usability of the system?


NHS Service Standard Point 4




If yes or working towards it, please attach information that demonstrates that user acceptance testing is in place to validate usability.

Available on request


Make sure everyone can use the service

Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant?


NHS Service Standard Point 5

The Service Manual provides information on WCAG 2.1 level AA.


The Government Digital Service provides guidance on accessibility and accessibility statements, including a sample template.


Provide a link to your published accessibility statement.

To follow


Create a team that includes multi-disciplinary skills and perspectives

Does your team contain multidisciplinary skills?


NHS Service Standard Point 6


Use agile ways of working

Do you use agile ways of working to deliver your product?


NHS Service Standard Point 7


Iterate and improve frequently

Do you continuously develop your product?


NHS Service Standard Point 8


Define what success looks like and be open about how your service is performing

Do you have a benefits case that includes your objectives and the benefits you will be measuring and have metrics that you are tracking?


NHS Service Standard Point 10


Choose the right tools and technology

Does this product meet with NHS Cloud First Strategy?


NHS Service Standard Point 11


NHS Internet First Policy.




Does this product meet the NHS Internet First Policy?



Use and contribute to open standards, common components and patterns

Are common components and patterns in use?


As detailed in (Internal Document)

NHS Service Standard Point 13


If yes, which common components and patterns have been used?

Free text


Operate a reliable service

Do you provide a Service Level Agreement to all customers purchasing the product?


NHS Service Standard Point 14


Do you report to customers on your performance with respect to support, system performance (response times) and availability (uptime) at a frequency required by your customers?



Please attach a copy of the information provided to customers

Available on Request


Please provide your average service availability for the past 12 months, as a percentage to two decimal places

Available on Request




Skyline is designed and developed by Informatica