PASCOM-10: A journey of success for the future

PASCOM (Podiatric and Surgical Clinical Outcome Measurement) was first conceived in 1986, by Mr David Tollafield (Past Chair of PASCOM and Past Dean of Podiatric Surgery). It was rolled out the following year to all colleagues in the surgical arena. The Society of Chiropodists and Podiatrists took on responsibility for PASCOM in 2000 from Walsall Community Trust and in 2005 began expanding the programme. Some of you will have used PASCOM-2000, a Microsoft Access database which was a good start but still a far cry from what we really wanted to achieve.

In 2010 we rolled out the first web based PASCOM system for podiatric surgeons and podiatrists undertaking nail surgery. Later in May 2012 we completed our plans set about by the working party to expand the system for all aspects of podiatric practice. The need to make PASCOM more accessible led to the formation of local networks and trainers being equipped to meet the anticipated growth in use. To support this a comprehensive training manual was created as a resource to those who were used to PASCOM as well as those who were new to it. These can now be found in the following pages and downloaded from

In 2013 there was a drive as part of the vision of the College of Podiatry to embed audit and outcomes in practice and the working party undertook a radical review of both the content and layout of the system. The aim was to ensure the tool enabled all aspects of podiatric practice to be captured and reported on.

Over the years some 30 people have contributed to the system we have today. It is hoped that all clinicians will want to know more but you can start your own education now with the information that the working party have put together. No-where else do members receive such quality in clinical support for no cost.

Please embrace PASCOM-10 within you own practice whether you are in private practice or NHS. I hope all podiatrists will agree this has been a wonderful piece of collaborative work and I hope the members will avail themselves of its’ many opportunities.

Matthew Fitzpatrick FRSPH, FCPM, FFPM RCPS(Glasg)
Provost, College of Podiatry and Chair of PASCOM-10 Committee


PASCOM-10 Database Security

The PASCOM-10 website and database are hosted on secure cloud severs held in Microsoft Azure data centres ( This link includes a summary of accreditations that the data centres hold including ISO/IEC 27018 and UK G-Cloud ( The database is backed up to multiple geographically redundant and encrypted backups within the Microsoft Azure network of data centres on at least a daily basis.


Remote access security

There is no direct remote desktop access available to the webserver as it is running on a Platform As A Service (PAAS) hosting environment. Only website updates can be uploaded, these is no facility for anyone outside of Microsoft to change non-website related server settings or install other software on the server.


Access to upload website or database changes is controlled by Microsoft Account sign-on security. In addition access to the database is only possible from specific whitelisted IP addresses which are set to the developers office. The website developers, Webfuel (, use password protected PCs to access the website. Webfuel is based in Loughborough, UK.


Website Security

The application (PASCOM-10) is protected using industry standard authentication which is a Microsoft standard security system. The website can only be accessed via secure HTTPS connection.


Password Security

Access to the website is granted via username and password, passwords are held securely hashed (not plain text). Passwords are alpha-numeric, at least 8 characters long and must contain at least one lower case character and at least one upper case character. Users are advised that passwords should be changed regularly and users are not be able to reuse any of their 3 previous passwords. Any IP address making 5 failed password attempts within 5 minutes will be temporarily blocked from trying further passwords to prevent brute force attacks. The website will auto-time out following a period of inactivity. Passwords and usernames must not be shared with colleagues or other users of the system. All users are advised to access the website through password protected PCs.