Why I left CQC to build Verivius

I spent thirteen years inside the Care Quality Commission. I inspected hospitals, dental practices, GP surgeries, ambulance services, care homes, diagnostic centres, surgical clinics, most of the regulated sector at one point or another. By the time I left I had been to several hundred services across England.

The pattern I want to tell you about is the one that took me a long time to name properly. Once I named it, I could not unsee it.

Most failures I saw were not failures of clinical practice. The teams were trying. The clinicians were skilled. The registered managers cared about the work. The medicines were stored correctly, the WHO checklist was being used, the safeguarding lead knew their role, the policies were drafted with care. The clinical core was, in most services, sound.

What failed was the evidence trail of all that good practice. The incident book had four entries in the last year and the team manager could name twelve they had verbally discussed. The complaint register listed five formal complaints and the practice manager could describe seven informal ones the receptionist had handled and never written down. The training matrix had not been updated for nine months because the spreadsheet lived on a laptop the previous practice manager had taken with her. The monthly governance meeting was held faithfully, but the minutes were one sentence per agenda item, and the action log was a list of half-remembered commitments nobody had since chased.

I would sit at the desk on day one of a small-service inspection, ask to see the last quarter's significant events, and watch the registered manager open four different applications, a paper folder, and finally a WhatsApp thread with the lead nurse to reconstruct what had actually happened. The reconstruction would be accurate. The reconstruction would also be expensive, two hours of executive time on what should have been a thirty-second filter on a register.

By inspection day three, the team would be exhausted, the registered manager would have apologised six times for the disorganisation, and I would be writing a report that, more often than I wanted, would say "Requires Improvement" on Well-led. Not because the leadership was poor, most often it was good, but because the evidence of good leadership did not exist in a form a regulator could verify.

That gap between "the team is doing good work" and "the team can prove it did good work" is what this letter is about.

The cost of the gap, for the providers, was concrete:

• An inspection finding that did not reflect the clinical reality of the service.
• An action plan that took six months to close, twelve months of follow-up, and the better part of a year of headspace for the registered manager and the team.
• Sometimes a downgrade in rating that affected the service's commercial position with NHS contracting bodies, private insurers, and prospective patients.
• Always, a corrosive sense among the team that the inspection had been unfair, because in a real sense it had been, since the rating reflected the records and not the work, and the team knew the difference.

The cost for the regulator was different but real:

• Reports that did not catch the services that were genuinely unsafe, because the same evidence-trail-failure mask covered both kinds of provider.
• An inspectorate disproportionately spending time on services that were not the riskiest, because the records-disorganised services consumed inspection time in evidence reconstruction and triangulation that could otherwise have been spent at higher-risk providers.
• An accountability-by-rating system whose ratings, in the small-independent end of the sector, were measurably noisier than they should have been.

The cost for the wider sector was the largest: a regulatory contract where most of the cost of compliance lived in the records-not-the-work layer, where most of the small-provider failures were not clinical failures, and where the gap between the two created the conditions for a thriving consultancy market built on pre-inspection scrambles rather than on continuous practice.

I wanted to be in the business of closing that gap, not perpetuating it.

While I was inspecting I watched the small-provider software market evolve. The first generation was form-builders sold to mid-enterprise providers, Trusts, large care groups, multi-site dental chains. Genuinely useful at that scale. Built around the assumption of a dedicated compliance team and a six-figure annual budget. Priced accordingly.

A second generation pitched lighter versions of the same tools to smaller services. Some of these were genuinely good. Most were what I would generously call earnest. The problem was the same problem the form-builders had: they were designed by people who thought governance was a separate function, performed by a separate team, who would adopt a separate tool. That is a true description of how Trusts operate. It is a false description of how a small clinic operates.

In a small clinic the registered manager is also one of the clinicians. The practice manager is also the safeguarding lead. The healthcare assistant is also the person who notices the patient is hypotensive in recovery and goes to find the surgeon. There is no separate team to adopt a separate tool. There is one team doing one job, and the governance happens inside that one job or it does not happen at all.

The mid-enterprise tools, scaled down, did not solve this. They solved a smaller version of the wrong problem. The smaller version of a six-tab governance dashboard is still a six-tab governance dashboard. The smaller version of a kick-off-call-implementation-cycle is still a six-week setup time. The smaller version of an ungrounded "compliance score" is still a number that does not mean anything to the regulator and does not mean anything to the team.

What the small-provider sector needs is not a smaller version of mid-enterprise tooling. It needs different tooling. Tooling that assumes governance is a side effect of doing the work, not a separate function. Tooling that captures evidence at the moment of practice, not in a six-week scramble before a known visit. Tooling that an inspector turning up unannounced finds an evidence trail already in place, because the evidence trail is the trail of the work itself.

I left CQC because I wanted to build that tooling.

People assume the leap from inspector to founder is a leap of confidence. It is not. It is a leap of urgency.

Confidence was not the limit. I had inspected enough services to know with precision what a small-provider governance tool should and should not do. I had read enough vendor pitches as part of inspection prep to know exactly what was missing from the market. I had sat across from enough exhausted registered managers to know who the tool was for and what their lives looked like at three in the afternoon on a Tuesday in February when the next inspection was already overdue and the per-diem nurse had just called in sick.

What I lacked was an urgent reason to stop watching and start building. The urgent reason came from the trajectory of the regulatory environment over the last few years. Inspections of small independent providers have become more frequent and more often unannounced. The Single Assessment Framework rolled out in 2023; the Quality Statements rolled out into provider conversations through 2024; the appetite for sample-record evidence on day one of an inspection has hardened.

The small-provider end of the sector is structurally exposed to all of this. The same registered manager who used to have eight weeks' notice now has none. The same evidence trail that used to be reconstructible in three days of pre-inspection prep now needs to be answerable in twenty minutes. The cost of the evidence-trail gap, for these providers, is rising sharply.

That is the urgency. It was urgent enough to leave a job I loved at an organisation I respect. I want to be clear about both halves of that sentence. I loved inspecting. I respect CQC. The reason for leaving was not dissatisfaction with the regulator; it was that the gap I had been watching from the regulator's side could only be closed from the provider's side, and the time to close it was now.

Verivius is the tool I would have wanted to find at the desk on day one of an inspection, in the hands of the registered manager I was about to sit down with. A single workspace where every incident, complaint, safeguarding concern, training renewal, audit, governance meeting, and assurance check flows into a structured record at the moment it happens. A dashboard the registered manager opens with their coffee on a Saturday morning. A monthly governance email the system writes for them on the first working day of every month. An audit log on every write so the question "who closed that incident on the 12th" answers in seconds. A sector pack pre-loaded so the dental practice gets HTM 01-05 audit cadences without configuring anything and the GP practice gets the Significant Event Analysis cycle without configuring anything.

Verivius is not a clinical system. It does not store patient clinical detail; it sits above clinical practice and captures the governance trail. It is not a guarantee of a CQC rating; no software can guarantee that and any vendor claiming otherwise is misleading you. It is not a replacement for clinical judgment; the clinician owns those decisions and the software records the trail of them. It is not a tool for NHS Trusts; the market is different, the procurement model is different, the budget is different, and the right tooling for that segment is different.

The /about/what-we-will-not-do page lists the five negative commitments. I take those seriously. They are written by me and they are how I will run this company. When you read them, read them as load-bearing, not as marketing copy.

Before I wrote the first line of code I made five commitments to myself and to whoever would eventually be the first paying customer. They are now the brand's commitments. They are the things I will not compromise on.

One: source-first regulation. When the platform surfaces a regulatory wording, deadline, or duty, it reproduces the regulator's text verbatim with citation. We will not paraphrase. Paraphrased regulatory wording is wrong wording, and a vendor producing wrong wording with a citation is producing something worse than no platform at all. This commitment costs us in product simplicity, paraphrasing would be easier, and we will not pay that cost.

Two: evidence over assertion. The platform records what happened, not what we hope happened. Every claim made by the system about a service's compliance posture is anchored in a specific record the user can open and verify. We will not produce a "compliance score" or any similar abstraction that the regulator does not use and would not weigh in an inspection.

Three: honest fit. Verivius is not for every provider. We will tell prospects when they are the wrong fit, when they are mid-enterprise, when they need an EMR, when their problem is genuinely solved by a spreadsheet, when their budget is below what we can sustainably deliver at. Half of our discovery calls should end with "Verivius is not what you need yet." I track this ratio. If it drops, we are over-selling.

Four: calm under pressure. The brand voice is calm. The product UX is calm. The customer support is calm. The regulatory environment is anxiety-producing for the people we serve; we will not add to the anxiety. Every red-banner, every fire-emoji, every "TIME IS RUNNING OUT" framing is the opposite of the value we promise. Verivius will be the calmest tool in the regulatory toolkit; that is part of the product.

Five: built by the inside view. Verivius is built by someone who sat across from registered managers as the inspector for thirteen years. That is the load-bearing credential. I am no longer a CQC inspector, when I say "ex-CQC inspector" I mean the past tense literally, but the inside-view experience is the substrate of every product decision and every piece of content the brand publishes. If a future version of this company drifts from that inside view, the brand has drifted with it. I will not let that happen on my watch.

These five commitments are what the /values page formalises. I am restating them here because they are personal commitments before they are brand commitments, and the personal version reads differently.

Three things.

One: try the platform before you decide what you think of it. Verivius has a fourteen-day trial, card on file, cancellable from settings. Sign up, load a week of real records, see the dashboard not be empty. If at the end of fourteen days you would rather go back to your spreadsheet, do that without paying anything. The trial is genuinely the evaluation; we have not built any sales-led friction around it.

Two: tell us when we are getting it wrong. Email goes to hello@verivius.co.uk and is read by me. If something does not work, if the wording is unclear, if a sector-specific edge case breaks the platform's assumption, I want to know. The product is in pre-launch; the cost of changing now is small; the cost of changing after the first paying-customer cohort has accumulated friction is larger.

Three: hold us to the five commitments. If the platform paraphrases a regulation, call me on it. If the brand voice slips into anxiety-producing red-banner marketing, call me on it. If a discovery call sales-pitches you into something that does not fit, call me on it. The commitments are only meaningful if they survive contact with commercial pressure, and the way they survive is people noticing when they slip and saying so.

I want to be clear about this section because I am no longer at CQC and it would be inappropriate to dress up product opinions as regulator opinions. So this section is from the founder's chair, not from any regulator-side authority.

I want CQC to keep doing what it does. The inspection function is the load-bearing accountability mechanism in our sector, and the inspectors I worked with are conscientious people doing serious work under operational constraints I respected for thirteen years.

What I would ask, gently, is that the regulator continues the trajectory of valuing evidence trails over inspector-driven reconstruction. Every step that rewards a provider for having captured the evidence at the moment of practice, rather than for being able to verbally reconstruct it on day one of an inspection, is a step that aligns the regulatory contract with the work it should be evaluating. Verivius is built around the assumption that this trajectory continues. If it reverses, Verivius is less useful. I am betting on the trajectory.

The CQC governance software market is not zero-sum. The market is currently underserved at the small-provider end. There is room for multiple credible vendors. I would rather compete against credible vendors than have to be the only credible answer for the segment.

What I would ask of competitor vendors:

• Stop paraphrasing regulations.
• Stop promising rating guarantees.
• Stop pretending ex-inspectors are current inspectors.
• Stop selling to providers you cannot serve.

These are not competitive asks. They are sector-hygiene asks. If every vendor in the space did these four things, the market would be a better place to be a buyer, and the buyers would still pick whichever vendor fit their shape best. Verivius commits to these four publicly; I would like to see every other vendor do the same.

I will end with the sentence I keep coming back to when someone asks me to summarise the brand in a phrase. It is the same sentence on the home page in slightly different wording, and the same idea on the values page, and the same thread through every article. It is the sentence under which I left CQC and started Verivius.

A team that is average at the work but immaculate at the records will not struggle in an inspection. A team that is excellent at the work but disorganised at the records will struggle every time. Verivius is the second team becoming the first team without changing the work.

If you sit in the second team, and most small-independent providers I inspected did, Verivius is for you. If you sit in the first team already, you do not need us, and we will tell you that too.

Either way: I am glad you read this letter.