Link Maker allows local authorities and independent providers to work together within a single, ISO27001 certified environment. This is important, as the Information Commissioner's Office has found highly sensitive unencrypted personal information being routinely emailed, with detail of individuals unsuitable for placements held for longer than necessary, and often indefinitely. Arranging placements through Link Maker ensures that all sensitive data is encrypted, and shared with only those who require it, for only as long as it is needed.
Users are provided with the highest levels of assurance about how information is kept safe, an overview of which can be found below. On request we are able to provide evidence that our service provides robust technical, physical and procedural measures to prevent unauthorised access to sensitive information. For further information, or to report a suspected security incident, please contact us
Link Maker is independently certified to ISO27001 by a UKAS accredited body. This is the best-known standard worldwide for an information security management system, which is a systematic approach to managing sensitive information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
To ensure your information remains private, SSL (with an extended validation certificate) is used to encrypt all of our webpages between your device and our service. We regularly monitor activity on the service to identify suspicious or malicious behaviour.
Our service is hosted only in the UK in secure data centres. Controls include:
- Data centre access is limited to only authorised personnel
- Badges and biometric scanning for controlled data centre access
- Security camera monitoring at all data centre locations
- Access and video surveillance log retention
- 24×7 onsite staff provides additional protection against unauthorised entry
- Unmarked facilities to help maintain low profile
- Physical security audited by independent firms annually
- Network management performed by only authorised personnel
Only permitted and authorised practitioners, adopters and foster carers can access Link Maker's systems. Authorisation is performed by a nominated worker from the agency through his or her user-account. If this is not possible, Link Maker staff perform the authorisation by speaking to a duty-worker at the agency. Only publicly-listed telephone numbers are used for this, and the name of the authorising worker is recorded.
The system will only allow users to login from recognised devices (i.e. those that have successfully authenticated in the past). In the event a user logs in from a new location they are required to reconfirm their identity via a unique link sent to assigned and verified email account. Login is by unique ID, password and selected digits from a PIN.
All users are required to read, understand, and agree to the terms of conditions of use before registering. This privacy page forms part of those terms and conditions.
To facilitate matching, Link Maker's systems request only information essential to the purpose, and only for as long as it is needed.
Forms and profiles do not store children's surnames, addresses, or exact dates of birth. Practitioners have the ability to enter a pseudonym for a child to further protect their identity. Children can also be hidden from adopters or foster carers within a particular area.
Where video clips are included in children's profiles additional steps are taken to secure their usage. A time-limited URL is used to serve the video, and help prevent the user from being able to directly save the video to their device. Videos are never saved or stored on the end-users device.
When any user wishes for their information to be deleted it will be performed upon a confirmed request. Additional steps are taken to ensure all personally identifiable information is permanently removed from the service. In some cases non-attributable statistical information is kept to monitor our performance.
Link Maker allows further information to exchanged without the use of insecure email or post, and without leaving personal data in the possession of those who no longer require it.
Messages can be sent securely between adopters, foster carers and practitioners from different organisations. Messages are encrypted with the password of each recipient, and therefore cannot be accessed by anyone else in any circumstances.
Documents containing detailed personal information (such as the CPR, PAR or medical records) can also be shared securely. Documents are encrypted and only viewable on-screen by the appropriate users once logged into their accounts. The files themselves are not downloadable or sent by email, and therefore remain under the control of the owner. Document owners are able to see who has access to documents at any time, and to remove access when appropriate.
These features are clear and simple to use, reducing the risk of mistakes. Once a document is no longer needed, steps are taken to ensure they are permanently deleted from the system.
Link Maker Systems is registered as a data controller with the Information Commissioner's Office, the regulator responsible for enforcing data protection legislation.
All of our staff are subjected to the relevant criminal checks before access to any system or service is granted. We also ensure references are checked and that employees read and sign non-disclosure agreements.
We carry out regular training and security awareness with all employees to remind them of their obligations at Link Maker.
Some of our services require payments to be made online. All payment information is sent directly to PayPal from user devices and at no time is sensitive financial information held on Link Maker infrastructure.