Link Maker allows local authorities and independent providers to work together within a single, ISO27001 certified environment. Sensitive data is encrypted, and shared with only those who require it, for only as long as it is needed.
Users are provided with the highest levels of assurance about how information is kept safe, an overview of which can be found below. On request we are able to provide evidence that our service provides robust technical, physical and procedural measures to prevent unauthorised access to sensitive information. For further information, or to report a suspected security incident, please contact us
Link Maker is independently certified to ISO27001 by a UKAS accredited body. This is the best-known standard worldwide for an information security management system, which is a systematic approach to managing sensitive information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
We invest in regular security testing of our service to provide additional assurance and confidence. This is carried out by an independent CESG-approved CHECK company.
To ensure your information remains private, SSL is used to encrypt all of our webpages between your device and our service. We regularly monitor activity on the service to identify suspicious or malicious behaviour.
Our service is hosted only in the UK in secure data centres. Controls include:
- Data centre access is limited to only authorised personnel
- Badges and biometric scanning for controlled data centre access
- Security camera monitoring at all data centre locations
- Access and video surveillance log retention
- 24—7 onsite staff provides additional protection against unauthorised entry
- Unmarked facilities to help maintain low profile
- Physical security audited by independent firms annually
- Network management performed by only authorised personnel
Only permitted and authorised users can access Link Maker's systems and services. Authorisation is performed by a nominated worker from the organisation through their user-account. If this is not possible, Link Maker staff perform the authorisation by speaking to a duty-worker at the organisation. Only publicly-listed telephone numbers are used for this, and the name of the authorising worker is recorded.
The system will only allow users to login from recognised devices (i.e. those that have successfully authenticated in the past). In the event a user logs in from a new location they are required to reconfirm their identity via a unique link sent to assigned and verified email account. Login is by unique ID, password and selected digits from a PIN.
All users are required to read, understand, and agree to the terms of conditions of use before registering. This privacy page forms part of those terms and conditions.
To facilitate matching, Link Maker's systems request only information essential to the purpose, and only for as long as it is needed.
Forms and profiles do not store children's surnames, addresses, or exact dates of birth. Practitioners have the ability to enter a pseudonym for a child to further protect their identity. Children can also be hidden from adopters or foster carers within a particular area.
Where video clips are included in children's profiles additional steps are taken to secure their usage. A time-limited URL is used to serve the video, and help prevent the user from being able to directly save the video to their device. Videos are never saved or stored on the end-users device.
When any user wishes for their information to be deleted it will be performed upon a confirmed request. Additional steps are taken to ensure all personally identifiable information is permanently removed from the service. In some cases non-attributable statistical information is kept to monitor our performance.
Link Maker Systems and services allows information to be exchanged without the use of insecure email or post.
Communication data (including messages, documents, images and video) can be sent securely between adopters, foster carers and practitioners from different organisations, or between adoptive families and birth families in the case of Letter Swap. Communication data is encrypted with the password of each recipient, and therefore cannot be accessed on the Link Maker sites by anyone else in any circumstances.
These features are clear and simple to use, reducing the risk of mistakes. Once a document is no longer needed, steps are taken to ensure they are permanently deleted from the system.
Link Maker Systems is registered as a data controller with the
Information Commissioner's Office,
the regulator responsible for enforcing data protection legislation.
All of our staff are subjected to the relevant criminal checks before access to any system or service is granted. We also ensure references are checked and that employees read and sign non-disclosure agreements.
We carry out regular training and security awareness with all employees to remind them of their obligations at Link Maker.