Five questions to ask any CQC governance software vendor

If the answer is no, you are about to enter a sales cycle. That is fine when the product is genuinely bespoke for your situation. It is wasteful when it is not.

Public pricing tells you two things at once. It tells you what the vendor expects you to pay. It tells you whether the vendor is confident enough in their product to lead with the number. Vendors who hide prices behind a qualification call are usually doing one of three things: tiering customers based on perceived budget, holding the price flexible because the product is enterprise-bespoke, or simply protecting themselves from comparison shopping. None of these are wrong; all of them cost you time.

For a small independent provider, transparent pricing usually means the vendor has done the work of fitting a standardised product to your shape. That is a stronger fit signal than a tailored proposal that may or may not match.

The pricing axis tells you who the product is built for.

Per location aligns cost to operational reality. A single-location service pays for one location. A six-location operator pays for six. Adding a new location costs proportionally to what running the new location costs in real life.

Per staff memberusually means the product is built for organisations large enough to have staffing as the dominant operational cost. It can penalise growth or seasonal staffing in services where headcount shifts. For a small provider running close to economic margins, staff-band pricing tiers can produce a step jump that doesn't match anything in your business reality.

Per moduleis the "pay for what you use" shape. It looks attractive at first glance because you can cut features. It is usually expensive in practice for small providers because the things you most want (action plans, complaints, safeguarding, documents) tend to be add-ons that stack up. Module-priced products are built for buyers with procurement teams who will shape the bill of materials carefully. Small services rarely have that.

Per usage(consumption-based) is rare in this category. If you see it, ask carefully what "usage" means; you do not want bill volatility in a governance system.

This is the single most useful diagnostic question. The vendor will give you an honest answer because the answer is unflattering only if their smallest customer is far bigger than you.

If the smallest customer runs a hundred staff across five locations, the product is built for that shape. You can still use it, but the default workflows, the assumptions in the implementation playbook, the support response cadence, all of those are calibrated for a different size of buyer. You will spend more time fitting the product to your reality than getting value from it.

If the smallest customer is genuinely a one-location two-clinician operation, the product was built for that shape. The defaults make sense. The onboarding is realistic for a registered manager who is also seeing patients. The support cadence assumes the buyer doesn't have a governance team behind them.

Vendors that have built for both ends of the market exist but are rare. The honest fit answer is usually: pick the vendor whose smallest customer looks like you.

This is the question that separates governance tools that actually work from governance tools that look organised on a screen.

A real CQC inspector reads evidence. Not policies, not agendas, not summary dashboards. Evidence is the actual record of what happened, dated, named, sourced, traceable. A platform that produces evidence as a side effect of the registered manager doing the work is genuinely inspection-ready. A platform that requires the registered manager to enter data into a structured form that gets re-summarised somewhere else is a documentation tool. The second shape adds work; the first removes work.

The diagnostic is to ask the vendor for a real example. Not a marketing screenshot; a record from a live customer account (anonymised). What does an incident record look like end-to-end? Can you trace who created it, when, what they did, what actions came out of it, who closed it, with what evidence? If yes, the platform is producing evidence. If the demo shows a clean form with neat dropdowns and no way to trace what came before, the platform is producing documentation.

The exit terms matter more than the entry terms. A small independent provider should never sign a multi-year contract for governance software. The vendor that asks for one is telling you they are not confident the product will hold the customer on its own merits.

Three sub-questions worth pinning down:

• What is the minimum contract term? Monthly is best. Annual with a 30-day exit is acceptable. Anything longer is sales-led and you should push back.
• How do I export my data on cancellation? The answer should be a self-serve export of every record in a portable format (CSV or JSON), available for at least 30 days after cancellation, at no charge. Anything less means your data is held hostage.
• What happens if you go out of business or get acquired? A serious vendor will have a written answer to this, including notice periods, data export windows, and handover commitments. A vendor that has not thought about it is a risk.

Three rough shapes exist in the CQC governance software category. None of them is wrong; each fits a different buyer.

Enterprise governance platforms. Built for multi-site providers with hundreds or thousands of staff. Modular pricing, sales-led, dedicated implementation, customer success managers, SSO and API integrations. Fits mid-size providers and larger. Often overkill for a single-location service running on tight margins; the features that justify the price are features small providers do not need.

Small-provider platforms.Built for single-location and small multi-location services. Transparent per-location pricing, self-serve signup, standardised workflows, founder-led support. Fits the small independent provider exactly. The trade-off is fewer customisation hooks; you adopt the product's workflows rather than configuring them to a bespoke internal process.

Generic compliance tools repurposed. Document-management or generic incident-tracking platforms sold as CQC-suitable. Cheap on paper, expensive in time because the regulatory shape (CQC frameworks, Reg 18 / Reg 20, sector-specific evidence categories) is not baked in. Fits services that already have a strong internal governance team mapping the generic tool to the regulatory framework manually.

For honesty: this is how Verivius answers the five questions, so you can apply the same diagnostic to us.

• Public pricing. Yes. £149 per location per month for Small (up to 25 staff), £299 for Standard (26 to 150 staff), £3,500 per Mock Inspection engagement. Published at /pricing.
• Pricing axis. Per CQC-registered location, per month. Add a location, the bill scales by one location.
• Smallest customer. Single-handed clinical operations. The Small band is built explicitly for one clinician who is also the registered manager.
• Evidence trail. Yes, by design. The platform records every action with timestamp, actor, context, and follow-through. The evidence is what gets left behind when you do the work; you do not feed it separately.
• Exit terms. Monthly subscription, cancel any time. 30 days of self-serve data export available after cancellation in a UK GDPR Article 20 portable format. Detailed commitments on the Security page.

Where Verivius is not the right fit: multi-site enterprise providers (out of scope for v1 and v2); services that already have a strong internal governance team and want to configure a generic tool against their own framework map; services that need sales-led bespoke implementation with a dedicated customer success manager. For those shapes, an enterprise platform is the honest answer.