Link Maker

Link Maker – Children’s Social Care Placement Platform

Link Maker joins-up children’s social care nationally to increase placement choice, and to improve use of data between local authorities and providers. Across adoption, fostering, residential care and placement commissioning, and at any scale, it ensures all parties have the tools and information to make the best decisions for children.


  • Care placement covers adoption, fostering, residential care and SEN
  • Search and filter placements by location, provider and needs.
  • Instant identification of placements by both authorities and providers.
  • Provider collaboration and group support - frameworks, tiers, lots, consortia.
  • Child and family case sharing across teams.
  • User-level secure messaging and document sharing.
  • Advanced reporting and monitoring tools.
  • Consortium and regional collaboration support.
  • 9-5 telephone and online user-support.
  • ISO 27001 accreditation.


  • Find the widest range of placements for children without delay.
  • Source and arrange placements efficiently and securely.
  • Search in-house, framework, regional or national placements.
  • Collaborate with providers and other authorities seamlessly.
  • Access rich, real-time intelligence to inform practice and policy.
  • Extract data instantly for FOI or statutory information requests.
  • Align processes with nationally developed templates.
  • Stay current with regularly updated national infrastructure.
  • Provide safe, online support and resources to staff and families.
  • Meet all security, support, hosting and development needs.


£103.41 per licence per year

Service documents


G-Cloud 11

Service ID

3 1 2 1 2 0 2 4 8 8 4 6 6 9 4


Link Maker

Linda Hill

0843 886 0040

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints Planned system upgrades will result in a service outage.
System requirements
  • Internet access
  • Internet browsers listed below

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For licenced users during 'phone support' hours notification that a support issue has been raised should be received within 2 hours. Please see the SLA for the priority levels below;
1 Security issue where there was a report of a potential risk to data integrity or security 4 hours
2 Core functionally required to find a suitable placement 4 hours
3 Functionality relating to communication and sharing information and generating a profile 4 hours
4 Functionality relating to the management of the placement finding process 8 hours
5 Functionality relating to the Agency Portals, or Community Areas. 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Access control policies are governed by ISO27001 and adhere to best practice. Access is role based, and follows principles of least privilege.

LMS do not have support levels as we provide support to all users as follows:

There is user access to the LMS support desk which covers all areas of support including licencing issues, bugs/errors, technical help, enhancement requests and advice. They can be contacted via;

• Telephone on 0843 886 0040
• The contact form on the web site
• Email

SLA's are set for licenced users.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users just need to register on the site and create login information. Additional help/advice can be obtained from the support desk or video tutorials available online. Additional training or onsite courses can be tailored for an individual organisation for an additional fee and can be requested through the support desk.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
End-of-contract process Removal of data can be instigated by the user, or by LMS.

LMS use a manual support process to confirm that the data is no longer required.

Inactive cases will be removed three months after an adoption or full commissioning licences has expired.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Functionality remains the same.
Service interface Yes
Description of service interface Service interface is accessed via an internet browser
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Our most recent independent web accessibility audit for this website was in April 2019, where they use both automated evaluation tools and manual testing with assistive technologies.
Customisation available Yes
Description of customisation A licenced organisation is able to customise their portal. The portal can be customised with their own branding i.e. logo, text and background colour, with the option of a branded login page. The customisation is implemented by LMS administrators on behalf of the organisation at request of a user with the relevant authority level.

The organisation can manage the content of the portal through the use of forums, where read/write access can be restricted by user type. Forums are defined by LMS staff on behalf of the organisation.


Independence of resources Performance and capacity is monitored 24/7, by our infrastructure management company and the infrastructure is such that remedial action can be taken instantly.


Service usage metrics Yes
Metrics types Management dashboard provides an overview of all cases.

For Adoption there are, court reports, family-finding activity reports, system usage and matching reporting available. There is also a raw data extract available for system usage and matching. There is also data available for adoption to help inform the sector about placement sufficiency and practice trends.

For Placement commissioning, availability history reports, incoming referrals report, and there are raw data extracts for system usage and placement information.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Our datacentre operators are a member of The Green Grid industry body, comply with the European Code of Conduct for Datacentre Operators best practice guidelines, and have been externally audited and certified to ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 27001 (Information Security) standards.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Plain text
Data import formats Other
Other data import formats
  • Documents that can be uploaded; PDF, .doc, .docx, .xls, .xlsx
  • Image files that can be uploaded; .jpg, .png, jpeg, .gif
  • Video files that can be uploaded; Mp4, flv,avi, m4a, m4v
  • F4a, m4b, m4r, f4b, mov,3gp, wmv, ogv and ogg

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks In addition to the above we use CSRF and XSS protection.
Data protection within supplier network Other
Other protection within supplier network LMS have a private LAN with restricted service/ports between servers, allowing non-web traffic only via hardened bastion server.

Availability and resilience

Availability and resilience
Guaranteed availability The LMS hosting provider has an average availability time of over 99.99%.
Approach to resilience The infrastructure is virtualised with load balanced components. The server cluster is hosted by Equnix with high level of physical security, fire suppression and power redundancy.
Outage reporting For any planned down time that exceeds 1 hour, users will be emailed 3 days in advance to advise of the outage. For any planned downtime less than an hour, an announcement is posted on the site for all users. All planned downtime is scheduled out of hours to minimise the impact on users.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Users are authenticated using a username, strong password and PIN.

It is possible for individual licenced organisations to instigate two factor authentication for their own individual users.
Access restrictions in management interfaces and support channels Access control policies are governed by ISO27001 and adhere to best practice. Access is role based, and follows principles of least privilege.

LMS administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.

Users can be granted management functionality either by other users in their organisation who already have that functionality, or by LMS administrators with the approval of an authorised representative.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication For the web site, administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 12/11/2015
What the ISO/IEC 27001 doesn’t cover LMS business operations that do not directly affect the online platform.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes COO of LMS is responsible for information assets and as such owns the information security policies and is the Senior Information Risk Owner (SIRO). Together with the LMS Security Board, policies are reviewed on an annual basis to ensure it is accurate and reflects the risks to information and commitment by LMS to safeguard personal data.

LMS perform regular risk assessments. Risks are mitigated using appropriate controls and residual risks are monitored on an on-going basis.

To ensure LMS continue to implement, maintain and comply with their information security policies an annual internal audit is carried out, by an independent resource to ensure impartiality. An internal audit report will be generated together with a list of recommendations from the audit. The auditor can select a random set of controls that cover at least a third of ISMS.

On induction all staff are given formal training on Information Security and the LMS ISMS policies. Refreshers are repeated annually.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach LMS operate an infrastructure change control procedure and a development and release process. All changes to the LMS infrastructure or web site are logged, and monitored by the security officer through to completion.
Issues are reviewed against impact on data privacy the LMS security policies before being approved, and implemented.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach LMS uses an external CHECK approved ITHC provider to perform network/application level vulnerability scans, annually.Vulnerability scans of application and infrastructure are carried monthly, or on each version release. The findings are interpreted in to a remediation plan, where each vulnerability is given a severity rating, and appropriate action taken. For issues with a severity rating of critical or High the issues are fixed immediately. LMS patch policy states that where CVSS is greater than 8.5 then patches are applied within 24 hours, where CVSS is greater than 7 then patches are applied within 1 week. Other patches are applied monthly.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Email alerts are generated for anti-virus issues. The application generates event logs which are reviewed on an ad-hoc basis for any potential security issues. LMS are currently reviewing its solution to event monitoring and is examining components to centralise accounting and audit. The LMS hosting provider actively monitor the servers and their integrity, alongside intrusion attempts via proprietary tools under SSH.
Reported/identified incidents are assessed by the security officer and assigned a security incident rating. An incident procedure is followed to ensure resolution with the target times are set per security rating. Upon being alerted, all issues are investigated immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach LMS are committed to identify, managing and recording incidents so that the information assurance and business processes can be continually approved.
This policy and process applies to all individuals and business processes within LMS, as everyone has a responsibility to report suspicious or known malicious issues to senior stakeholders. Users can report incidents through the normal support channels. LMS Security officer will assign a severity level, and appropriate action taken. The size of the company enables LMS to have a flexible and agile approach to identifying, measuring and treating risk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £103.41 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial There are elements of the site which users are able to access for free for an unlimited time period.
Adopters are able to list their profile and access the community network. Practitioners can search profiles and support adopters.
Staff can identify and arrange individual placements for children.
Link to free trial N/A

Service documents

Return to top ↑