Link Maker joins-up children’s social care nationally to increase placement choice, and to improve use of data between local authorities and providers. Across adoption, fostering, residential care and placement commissioning, and at any scale, it ensures all parties have the tools and information to make the best decisions for children.
- Care placement covers adoption, fostering, residential care and SEN.
- Search and filter placements by location, provider and needs.
- Instant identification of placements by both authorities and providers.
- Provider collaboration and group support - frameworks, tiers, lots, consortia.
- Child and family case sharing across teams.
- User-level secure messaging and document sharing.
- Advanced reporting and monitoring tools.
- Consortium and regional collaboration support.
- 9-5 telephone and online user-support.
- ISO 27001 accreditation.
- Find the widest range of placements for children without delay.
- Source and arrange placements efficiently and securely.
- Search in-house, framework, regional or national placements.
- Collaborate with providers and other authorities seamlessly.
- Access rich, real-time intelligence to inform practice and policy.
- Extract data instantly for FOI or statutory information requests.
- Align processes with nationally developed templates.
- Stay current with regularly updated national infrastructure.
- Provide safe, online support and resources to staff and families.
- Meet all security, support, hosting and development needs.
£103.25 per licence per year
- Free trial available
0843 886 0040
|Software add-on or extension||No|
|Cloud deployment model||Community cloud|
|Service constraints||Planned system upgrades will result in a service outage.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
For licensed users during office hours notification that a support issue has been raised should be received within 2 hours. Please see the SLA for the individual issue types below;
Login/licence Issues - 4 hours
Technical Help - 6 hours
Bug/Error - 8 hours
Advice - 8 hours
Security Incident - 4 hours
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
There is user access to the LMS support desk which covers all areas of support including licencing issues, bugs/errors, technical help, enhancement requests and advice. They can be contacted via;
i. Telephone on 0843 886 0040
ii. The contact form on the web site
iii. Email firstname.lastname@example.org
SLA's are set for licensed users.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Users just need to register on the site and create login information. Additional help/advice can be obtained from the support desk or video tutorials available online. Additional training or onsite courses can be tailored for an individual organisation for an additional fee.|
|End-of-contract data extraction||Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.|
|End-of-contract process||Removal of data can be instigated by the user, or by LMS. LMS use a manual support process to confirm that the data is no longer required. Inactive cases will be removed three months after an adoption or full commissioning licences has expired.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Functionality remains the same.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The service doesn't meet any accessibility standards.|
|Accessibility testing||No interface testing done to date.|
|Description of customisation||The organisation portal can be customised; with logo, images, text and background colour. They can customise the home page feed, and manage forums.|
|Independence of resources||Performance and capacity is monitored 24/7, and the infrastructure is such that remedial action can be taken instantly.|
|Service usage metrics||Yes|
Management dashboard provides an overview of all cases.
For Adoption there are, court reports, family-finding activity reports, system usage and matching reporting available. There is also a raw data extract available for system usage and matching.
For Placement commissioning, availability history reports, incoming referrals report, and there are raw data extracts for system usage and placement information.
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||Our datacentre operators are a member of The Green Grid industry body, comply with the European Code of Conduct for Datacentre Operators best practice guidelines, and have been externally audited and certified to ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 27001 (Information Security) standards.|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Users can export individual profile and discussion information via PDF download. Activity case reports for cases are also available to download. An anonymised data extract can be run by those with management permissions.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||In addition to the above we use CSRF and XSS protection.|
|Data protection within supplier network||Other|
|Other protection within supplier network||LMS have a private LAN with restricted service/ports between servers, allowing non-web traffic only via hardened bastion server.|
Availability and resilience
|Guaranteed availability||The LMS hosting provider has an average availability time of over 99.99%.|
|Approach to resilience||The infrastructure is virtualised with load balanced components. The server cluster is hosted by Equnix with high level of physical security, fire suppression and power redundancy.|
|Outage reporting||For any planned down time that exceeds 1 hour, users will be emailed 3 days in advance to advise of the outage. For any planned downtime less than an hour, an announcement is posted on the site for all users. All planned downtime is scheduled out of hours to minimise the impact on users.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Users are authenticated using a username, strong password and PIN.|
|Access restrictions in management interfaces and support channels||For the web site, administrators can only access the site via a VPN, with a VPN username and strong password. They then need to enter a unique username, strong password and PIN for access to the web site.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||11/12/2015|
|What the ISO/IEC 27001 doesn’t cover||LMS business operations that do not directly affect the online platform.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
COO of LMS is responsible for information assets, owns the information security policies and is the Senior Information Risk Owner (SIRO). Together with the LMS Security Board, policies are reviewed on an annual basis ensuring it is accurate and reflects the risks to information and commitment by LMS to safeguard personal data.
LMS perform regular risk assessments. Risks are mitigated using appropriate controls and residual risks are monitored on an on-going basis.
To ensure LMS continue to implement, maintain and comply with their information security policies, an annual internal audit is carried out by an independent resource to ensure impartiality. An internal audit report is generated with a list of recommendations from the audit. The auditor can select a random set of controls that cover at least a third of ISMS.
On induction, staff are given formal training on Information Security and the LMS ISMS policies. Refreshers are repeated annually.
• LMS Information Security Policy
• LMS Security Controls and Processes
• LMS Password Policy
• LMA Security Incident Policy and Procedures
• LMS Software Development Process
• LMS Security Requirements for Engineering
• LMS Infrastructure Change Process
• LMS Data Protection Policy
• LMS Disaster Recovery Policy and Procedure
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
LMS operate an infrastructure change control procedure and a development and release process. All changes to the LMS infrastructure or web site are logged.
Issues are reviewed against impact on data privacy the LMS security policies before being approved, and implemented.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
LMS uses an external CHECK approved IT Security health check provider to perform both network and application level vulnerability scans, annually. The findings are interpreted in to a remediation plan, where each vulnerability is given a severity rating, and appropriate action taken. For issues with a severity rating of critical or High the issues are fixed immediately.
The LMS patch policy states that where CVSS is greater than 8.5 then patches are applied within 24 hours, where CVSS is greater than 7 then patches are applied within 1 week. All other patches are applied monthly.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Email alerts are generated for anti-virus issues.
The application generates event logs which are reviewed on an ad-hoc basis for any potential security issues. LMS are currently reviewing its solution to event monitoring and is examining components to centralise accounting and audit.
The LMS hosting provider actively monitor the servers and their integrity, alongside intrusion attempts via proprietary tools under SSH.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
LMS are committed to identify, managing and recording incidents so that the information assurance and business processes can be continually approved.
This policy and process applies to all individuals and business processes within LMS, as everyone has a responsibility to report suspicious or known malicious issues to senior stakeholders. Users can report incidents through the normal support channels. LMS Security officer will assign a severity level, and appropriate action taken. The size of the company enables LMS to have a flexible and agile approach to identifying, measuring and treating risk.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£103.25 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Adopters are able to list their profile, search profiles for children and the community network. Practitioners can search profiles and support their adopters.
Staff can identify and arrange individual placements for children with in-house carers, frameworks or nationally.
A trial of licensed features can be requested
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|