ILLY Systems Ltd

LINKS CarePath - A Therapeutically Driven System

Market leading therapeutic system offering comprehensive case management and reporting supporting initiatives on Substance Misuse ( Drugs and Alcohol), Criminal Justice and Young People. NDTMS compliant, full TOPS implementation, Prescribing and Harm Reduction modules. NHS Trusts, Council, Community services, Prisons, Residential Rehabilitation services, Families Services and Young People’s services


  • NDTMS compliant with powerful reporting
  • Comprehensive Client Record - single shared client record
  • Integrated modules and advanced consents for multi-agency working
  • YP, Prescribing, Harm Reduction Criminal Justice Teams, Prison
  • Risk assessments and safeguarding data
  • Customisable dashboards
  • Treatment data including unstructured, structured and tier 4
  • Case notes and file attachments
  • Drug screening including BBV data
  • Interventions and event data


  • Therapeutically-led web based solution
  • Improving Data Quality
  • Time Saving Initiatives
  • Multi-Agency working with secure data and appropriate data sharing
  • Outcomes monitoring
  • Integrated Treatment Episodes
  • Advanced reporting tools to make analysing data simple
  • Audit logs


£978 per user per year

Service documents

G-Cloud 9


ILLY Systems Ltd

Varsha Visavadia


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements Runs on Microsoft SQL Server

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24 Hour Online call logging and tracking.
Standard telephone Support - 9 am to 5 pm Monday to Friday excluding bank holidays.
Response times depend on category of fault. See our SLA
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our standard support levels provide the following response times:

High Priority, response time 1 hour.
Medium Priority, response time 24 hrs.
Low Priority, 5 days response.

See our Service Definition for full details
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started ILLY has successfully delivered quality solutions across the UK’s private, public and social care sector for over 2 decades. Our teams are dedicated to working in partnership with our clients to ensure the solutions and services offered are of the highest standard and provide value for money.ILLY’s comprehensive project approach is tried and tested to ensure LINKS CarePath is successfully bedded in and becomes an integral part of business processes. ILLY takes a long term view and believes focussing on the quality of the initial delivery leads to a system that will serve our clients indefinitely. ILLY takes a partnership approach providing business process analysis, configuration, data migration and ongoing support of LINKS CarePath to meet our clients’ goals. Once an order has been placed and contract signed, ILLY will run a number of workshops to ensure that the correct setup of the System as per the Treatment Service Hierarchy. The output from these workshops will enable the correct setup and configuration of the Clients’ system (including logos, reports, configuration, data, pathways and hierarchy). We offer CPD accredited training programme for frontline staff, service managers and council users includes DANOS recommendations as part of workforce development needs.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract, ILLY will facilitate a joint parties workshop to examine and understand the data required to be extracted, the format and requirements of the new provider, the outcome of which will determine the scope. These would then be costed using our standard rates.
End-of-contract process At the end of the contract, depending on whether the user required any data extracts, we would work with the buyer to extract the data in the required format.

Note: Some buyers prefer to keep a read-only archive environment depending on their data retention policies. We can offer a low cost option for this.

Otherwise, at the end of the contract we remove all data from the system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Access to the Service is via a dedicated HTTPS URL using SSL 256 bit encryption or optional 2 factor authentication
Accessibility testing NA
Customisation available Yes
Description of customisation The buyer can customise their questionnaires, reference data (for static drop down lists) and user roles, permissions and password criteria


Independence of resources Each organisation is given their own server, so there is no contention with other users


Service usage metrics Yes
Metrics types Systems Specific: The Admin Tool can show how many users and licenses are being used.
Application Specific:
1. The Client Record Completeness tool will make Service Manager's job easier as it allows him to see which Keyworkers need to enter additional data
2. Team Manager dashboard quickly pull off a report that highlights key clinical data for the team's prescribing clients
3.The completeness bar on my dashboard - as well as the data completion page in the client record - saves valuable time
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Standard NDTMS extracts can be done by the user.
If complex exports are required (such as case notes, scripts etc), these will can be provided at our standard rates.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The application is available without interruption 24 hours a day, 7 days a week, 365 days a year. This is subject to scheduled downtime as notified from time to time.
Approach to resilience Our service is fully resilient. Full details are available on request.
Outage reporting All services are proactively monitored and any outages are alerted to us by email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is granted based on roles. The Systems Administrator can specify the levels of access
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • IGToolkit level 3 compliant
  • ISO 9001:2015 Certified
  • ISO 27001 compliant

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards We are not accredited to ISO 27001, but have processes that conform to this standard.

We are also IGToolkit compliant level 3 to the most recent version ( 13)

Further details are available in our ISMS.
Information security policies and processes As an ISO 9001:2015 registered company we have standard procedures and process in place to follow. Furthermore, we have implemented an Information Security Management System ( ISMS) that confirm to ISO 27001.
Our ISMS details all the steps we take to ensure adequate protection of sensitive information. A copy is available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our change management process is detailed in our ISMS.

Our LIVE, UAT and development environments are kept separate and we have a sign off process for any changes to the LIVE environment.

All changes are tested in a UAT environment before being deployed to the LIVE environment. The Client signs off all LIVE releases.
Vulnerability management type Undisclosed
Vulnerability management approach These are available on request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All our systems are proactively monitored with automatic email alerts.
Incident management type Supplier-defined controls
Incident management approach Details are available in our ISMS - available on request

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £978 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑