Link Maker

Link Maker – Children’s Social Care Placement Platform

Link Maker joins-up children’s social care nationally to increase placement choice, and to improve use of data between local authorities and providers. Across adoption, fostering, residential care and placement commissioning, and at any scale, it ensures all parties have the tools and information to make the best decisions for children.


  • Care placement covers adoption, fostering, residential care and SEN.
  • Search and filter placements by location, provider and needs.
  • Instant identification of placements by both authorities and providers.
  • Provider collaboration and group support - frameworks, tiers, lots, consortia.
  • Child and family case sharing across teams.
  • User-level secure messaging and document sharing.
  • Advanced reporting and monitoring tools.
  • Consortium and regional collaboration support.
  • 9-5 telephone and online user-support.
  • ISO 27001 accreditation.


  • Find the widest range of placements for children without delay.
  • Source and arrange placements efficiently and securely.
  • Search in-house, framework, regional or national placements.
  • Collaborate with providers and other authorities seamlessly.
  • Access rich, real-time intelligence to inform practice and policy.
  • Extract data instantly for FOI or statutory information requests.
  • Align processes with nationally developed templates.
  • Stay current with regularly updated national infrastructure.
  • Provide safe, online support and resources to staff and families.
  • Meet all security, support, hosting and development needs.


£103.25 per licence per year

  • Free trial available

Service documents

G-Cloud 10


Link Maker

Linda Hill

0843 886 0040

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints Planned system upgrades will result in a service outage.
System requirements
  • Internet access
  • Internet browsers listed below

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For licensed users during office hours notification that a support issue has been raised should be received within 2 hours. Please see the SLA for the individual issue types below;

Login/licence Issues - 4 hours
Technical Help - 6 hours
Bug/Error - 8 hours
Advice - 8 hours
Security Incident - 4 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels There is user access to the LMS support desk which covers all areas of support including licencing issues, bugs/errors, technical help, enhancement requests and advice. They can be contacted via;

i. Telephone on 0843 886 0040
ii. The contact form on the web site
iii. Email

SLA's are set for licensed users.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users just need to register on the site and create login information. Additional help/advice can be obtained from the support desk or video tutorials available online. Additional training or onsite courses can be tailored for an individual organisation for an additional fee.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
End-of-contract process Removal of data can be instigated by the user, or by LMS. LMS use a manual support process to confirm that the data is no longer required. Inactive cases will be removed three months after an adoption or full commissioning licences has expired.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Functionality remains the same.
Accessibility standards None or don’t know
Description of accessibility The service doesn't meet any accessibility standards.
Accessibility testing No interface testing done to date.
Customisation available Yes
Description of customisation The organisation portal can be customised; with logo, images, text and background colour. They can customise the home page feed, and manage forums.


Independence of resources Performance and capacity is monitored 24/7, and the infrastructure is such that remedial action can be taken instantly.


Service usage metrics Yes
Metrics types Management dashboard provides an overview of all cases.

For Adoption there are, court reports, family-finding activity reports, system usage and matching reporting available. There is also a raw data extract available for system usage and matching.

For Placement commissioning, availability history reports, incoming referrals report, and there are raw data extracts for system usage and placement information.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Our datacentre operators are a member of The Green Grid industry body, comply with the European Code of Conduct for Datacentre Operators best practice guidelines, and have been externally audited and certified to ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 27001 (Information Security) standards.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Plain text
Data import formats Other
Other data import formats
  • Documents that can be uploaded; PDF, .doc, .docx, .xls, .xlsx
  • Image files that can be uploaded; .jpg, .png, jpeg, .gif
  • Video files that can be uploaded; Mp4, flv,avi, m4a, m4v
  • F4a, m4b, m4r, f4b, mov,3gp, wmv, ogv and ogg

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks In addition to the above we use CSRF and XSS protection.
Data protection within supplier network Other
Other protection within supplier network LMS have a private LAN with restricted service/ports between servers, allowing non-web traffic only via hardened bastion server.

Availability and resilience

Availability and resilience
Guaranteed availability The LMS hosting provider has an average availability time of over 99.99%.
Approach to resilience The infrastructure is virtualised with load balanced components. The server cluster is hosted by Equnix with high level of physical security, fire suppression and power redundancy.
Outage reporting For any planned down time that exceeds 1 hour, users will be emailed 3 days in advance to advise of the outage. For any planned downtime less than an hour, an announcement is posted on the site for all users. All planned downtime is scheduled out of hours to minimise the impact on users.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Users are authenticated using a username, strong password and PIN.
Access restrictions in management interfaces and support channels For the web site, administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 11/12/2015
What the ISO/IEC 27001 doesn’t cover LMS business operations that do not directly affect the online platform.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes COO of LMS is responsible for information assets, owns the information security policies and is the Senior Information Risk Owner (SIRO). Together with the LMS Security Board, policies are reviewed on an annual basis ensuring it is accurate and reflects the risks to information and commitment by LMS to safeguard personal data.
LMS perform regular risk assessments. Risks are mitigated using appropriate controls and residual risks are monitored on an on-going basis.
To ensure LMS continue to implement, maintain and comply with their information security policies, an annual internal audit is carried out by an independent resource to ensure impartiality. An internal audit report is generated with a list of recommendations from the audit. The auditor can select a random set of controls that cover at least a third of ISMS.
On induction, staff are given formal training on Information Security and the LMS ISMS policies. Refreshers are repeated annually.
• LMS Information Security Policy
• LMS Security Controls and Processes
• LMS Password Policy
• LMA Security Incident Policy and Procedures
• LMS Software Development Process
• LMS Security Requirements for Engineering
• LMS Infrastructure Change Process
• LMS Data Protection Policy
• LMS Disaster Recovery Policy and Procedure

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach LMS operate an infrastructure change control procedure and a development and release process. All changes to the LMS infrastructure or web site are logged.
Issues are reviewed against impact on data privacy the LMS security policies before being approved, and implemented.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach LMS uses an external CHECK approved IT Security health check provider to perform both network and application level vulnerability scans, annually. The findings are interpreted in to a remediation plan, where each vulnerability is given a severity rating, and appropriate action taken. For issues with a severity rating of critical or High the issues are fixed immediately.

The LMS patch policy states that where CVSS is greater than 8.5 then patches are applied within 24 hours, where CVSS is greater than 7 then patches are applied within 1 week. All other patches are applied monthly.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Email alerts are generated for anti-virus issues.
The application generates event logs which are reviewed on an ad-hoc basis for any potential security issues. LMS are currently reviewing its solution to event monitoring and is examining components to centralise accounting and audit.
The LMS hosting provider actively monitor the servers and their integrity, alongside intrusion attempts via proprietary tools under SSH.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach LMS are committed to identify, managing and recording incidents so that the information assurance and business processes can be continually approved.
This policy and process applies to all individuals and business processes within LMS, as everyone has a responsibility to report suspicious or known malicious issues to senior stakeholders. Users can report incidents through the normal support channels. LMS Security officer will assign a severity level, and appropriate action taken. The size of the company enables LMS to have a flexible and agile approach to identifying, measuring and treating risk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £103.25 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Adoption
Adopters are able to list their profile, search profiles for children and the community network. Practitioners can search profiles and support their adopters.

Placement Commissioning
Staff can identify and arrange individual placements for children with in-house carers, frameworks or nationally.

A trial of licensed features can be requested


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑