G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Link Maker are still valid.
Link Maker

Link Maker – Children’s Social Care Placement Platform

Link Maker joins-up children’s social care nationally to increase placement choice, and to improve use of data between local authorities and providers. Across adoption, fostering, residential care and placement commissioning, and at any scale, it ensures all parties have the tools and information to make the best decisions for children.

Features

  • Care placement covers adoption, fostering, residential care and SEN
  • Search and filter placements by location, provider and needs.
  • Instant identification of placements by both authorities and providers.
  • Provider collaboration and group support - frameworks, tiers, lots, consortia.
  • Child and family case sharing across teams.
  • User-level secure messaging and document sharing.
  • Advanced reporting and monitoring tools.
  • Consortium and regional collaboration support.
  • 9-5 telephone and online user-support.
  • ISO 27001 accreditation.

Benefits

  • Find the widest range of placements for children without delay.
  • Source and arrange placements efficiently and securely.
  • Search in-house, framework, regional or national placements.
  • Collaborate with providers and other authorities seamlessly.
  • Access rich, real-time intelligence to inform practice and policy.
  • Extract data instantly for FOI or statutory information requests.
  • Align processes with nationally developed templates.
  • Stay current with regularly updated national infrastructure.
  • Provide safe, online support and resources to staff and families.
  • Meet all security, support, hosting and development needs.

Pricing

£103.41 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@linkmaker.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

3 1 2 1 2 0 2 4 8 8 4 6 6 9 4

Contact

Link Maker Linda Hill
Telephone: 0843 886 0040
Email: accounts@linkmaker.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Community cloud
Service constraints
Planned system upgrades will result in a service outage.
System requirements
  • Internet access
  • Internet browsers listed below

User support

Email or online ticketing support
Email or online ticketing
Support response times
For licenced users during 'phone support' hours notification that a support issue has been raised should be received within 2 hours. Please see the SLA for the priority levels below;
1 Security issue where there was a report of a potential risk to data integrity or security 4 hours
2 Core functionally required to find a suitable placement 4 hours
3 Functionality relating to communication and sharing information and generating a profile 4 hours
4 Functionality relating to the management of the placement finding process 8 hours
5 Functionality relating to the Agency Portals, or Community Areas. 24 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Access control policies are governed by ISO27001 and adhere to best practice. Access is role based, and follows principles of least privilege.

LMS do not have support levels as we provide support to all users as follows:

There is user access to the LMS support desk which covers all areas of support including licencing issues, bugs/errors, technical help, enhancement requests and advice. They can be contacted via;

• Telephone on 0843 886 0040
• The contact form on the web site
• Email support@linkmaker.co.uk

SLA's are set for licenced users.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users just need to register on the site and create login information. Additional help/advice can be obtained from the support desk or video tutorials available online. Additional training or onsite courses can be tailored for an individual organisation for an additional fee and can be requested through the support desk.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
End-of-contract process
Removal of data can be instigated by the user, or by LMS.

LMS use a manual support process to confirm that the data is no longer required.

Inactive cases will be removed three months after an adoption or full commissioning licences has expired.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Functionality remains the same.
Service interface
Yes
Description of service interface
Service interface is accessed via an internet browser
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our most recent independent web accessibility audit for this website was in April 2019, where they use both automated evaluation tools and manual testing with assistive technologies.
API
No
Customisation available
Yes
Description of customisation
A licenced organisation is able to customise their portal. The portal can be customised with their own branding i.e. logo, text and background colour, with the option of a branded login page. The customisation is implemented by LMS administrators on behalf of the organisation at request of a user with the relevant authority level.

The organisation can manage the content of the portal through the use of forums, where read/write access can be restricted by user type. Forums are defined by LMS staff on behalf of the organisation.

Scaling

Independence of resources
Performance and capacity is monitored 24/7, by our infrastructure management company and the infrastructure is such that remedial action can be taken instantly.

Analytics

Service usage metrics
Yes
Metrics types
Management dashboard provides an overview of all cases.

For Adoption there are, court reports, family-finding activity reports, system usage and matching reporting available. There is also a raw data extract available for system usage and matching. There is also data available for adoption to help inform the sector about placement sufficiency and practice trends.

For Placement commissioning, availability history reports, incoming referrals report, and there are raw data extracts for system usage and placement information.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Our datacentre operators are a member of The Green Grid industry body, comply with the European Code of Conduct for Datacentre Operators best practice guidelines, and have been externally audited and certified to ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 27001 (Information Security) standards.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Plain text
Data import formats
Other
Other data import formats
  • Documents that can be uploaded; PDF, .doc, .docx, .xls, .xlsx
  • Image files that can be uploaded; .jpg, .png, jpeg, .gif
  • Video files that can be uploaded; Mp4, flv,avi, m4a, m4v
  • F4a, m4b, m4r, f4b, mov,3gp, wmv, ogv and ogg

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
In addition to the above we use CSRF and XSS protection.
Data protection within supplier network
Other
Other protection within supplier network
LMS have a private LAN with restricted service/ports between servers, allowing non-web traffic only via hardened bastion server.

Availability and resilience

Guaranteed availability
The LMS hosting provider has an average availability time of over 99.99%.
Approach to resilience
The infrastructure is virtualised with load balanced components. The server cluster is hosted by Equnix with high level of physical security, fire suppression and power redundancy.
Outage reporting
For any planned down time that exceeds 1 hour, users will be emailed 3 days in advance to advise of the outage. For any planned downtime less than an hour, an announcement is posted on the site for all users. All planned downtime is scheduled out of hours to minimise the impact on users.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Users are authenticated using a username, strong password and PIN.

It is possible for individual licenced organisations to instigate two factor authentication for their own individual users.
Access restrictions in management interfaces and support channels
Access control policies are governed by ISO27001 and adhere to best practice. Access is role based, and follows principles of least privilege.

LMS administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.

Users can be granted management functionality either by other users in their organisation who already have that functionality, or by LMS administrators with the approval of an authorised representative.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
For the web site, administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
12/11/2015
What the ISO/IEC 27001 doesn’t cover
LMS business operations that do not directly affect the online platform.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
COO of LMS is responsible for information assets and as such owns the information security policies and is the Senior Information Risk Owner (SIRO). Together with the LMS Security Board, policies are reviewed on an annual basis to ensure it is accurate and reflects the risks to information and commitment by LMS to safeguard personal data.

LMS perform regular risk assessments. Risks are mitigated using appropriate controls and residual risks are monitored on an on-going basis.

To ensure LMS continue to implement, maintain and comply with their information security policies an annual internal audit is carried out, by an independent resource to ensure impartiality. An internal audit report will be generated together with a list of recommendations from the audit. The auditor can select a random set of controls that cover at least a third of ISMS.

On induction all staff are given formal training on Information Security and the LMS ISMS policies. Refreshers are repeated annually.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
LMS operate an infrastructure change control procedure and a development and release process. All changes to the LMS infrastructure or web site are logged, and monitored by the security officer through to completion.
Issues are reviewed against impact on data privacy the LMS security policies before being approved, and implemented.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
LMS uses an external CHECK approved ITHC provider to perform network/application level vulnerability scans, annually.Vulnerability scans of application and infrastructure are carried monthly, or on each version release. The findings are interpreted in to a remediation plan, where each vulnerability is given a severity rating, and appropriate action taken. For issues with a severity rating of critical or High the issues are fixed immediately. LMS patch policy states that where CVSS is greater than 8.5 then patches are applied within 24 hours, where CVSS is greater than 7 then patches are applied within 1 week. Other patches are applied monthly.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Email alerts are generated for anti-virus issues. The application generates event logs which are reviewed on an ad-hoc basis for any potential security issues. LMS are currently reviewing its solution to event monitoring and is examining components to centralise accounting and audit. The LMS hosting provider actively monitor the servers and their integrity, alongside intrusion attempts via proprietary tools under SSH.
Reported/identified incidents are assessed by the security officer and assigned a security incident rating. An incident procedure is followed to ensure resolution with the target times are set per security rating. Upon being alerted, all issues are investigated immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
LMS are committed to identify, managing and recording incidents so that the information assurance and business processes can be continually approved.
This policy and process applies to all individuals and business processes within LMS, as everyone has a responsibility to report suspicious or known malicious issues to senior stakeholders. Users can report incidents through the normal support channels. LMS Security officer will assign a severity level, and appropriate action taken. The size of the company enables LMS to have a flexible and agile approach to identifying, measuring and treating risk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£103.41 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
There are elements of the site which users are able to access for free for an unlimited time period.
Adopters are able to list their profile and access the community network. Practitioners can search profiles and support adopters.
Staff can identify and arrange individual placements for children.
Link to free trial
N/A

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@linkmaker.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.