ILLY Systems Ltd

LINKS CarePath - A Therapeutically Driven Case Management System

Market leading therapeutic system offering comprehensive case management and reporting supporting initiatives on Substance Misuse - Drugs and Alcohol, Criminal Justice, YP and Sexual Health. OHID NDTMS and SRHAD/GUMCAD compliant, full TOPS implementation, Prescribing and Harm Reduction modules. NHS Trusts, Council, Community services, Prisons, Residential Rehabilitation Services and Families Services.

Features

• NDTMS compliant with powerful reporting
• Comprehensive Client Record single shared client record
• Integrated modules and advanced consents for multi-agency working
• YP, Prescribing, Harm Reduction, CJIT Teams, Prison,Domestic Violence
• Rough Sleepers, Risk Assessments and Safeguarding data
• Treatment data including community structured, unstructured, residential rehab, secure settings
• Case notes with auto save draft and file attachments
• Drug screening including BBV data
• Individual and group interventions and diary management
• Customisable dashboards

Benefits

• ADAPT outcome questionnaire for personalised treatment with interactive graph display
• Improving data quality
• Time saving Initiatives
• Multi-Agency working with secure data and appropriate data sharing
• Effective outcomes monitoring with interactive tools
• Integrated treatment episodes
• Advanced reporting tools to make analysing data simple
• Hierarchical security for appropriate data sharing
• Advanced task-based data capture - safeguarding information with interactive diagram
• Comprehensive user and client data audit logs

£1,475 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@illycorp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

521873077776181

Contact

Varsha Visavadia
0204566 5727
info@illycorp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Runs on Microsoft SQL Server

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hour online call logging and tracking. Standard telephone support 9am to 5pm Monday to Friday excluding bank holidays. Response times depend on category of fault. See our SLA
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support levels provide the following response times:; High Priority, response time 1 hour. Medium Priority, response time 24 hrs. Low Priority, 5 days response. See our Service Definition for full details; Account Managers are provided to all customers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: ILLY has successfully delivered quality solutions across the UK’s private, public and social care sector for over 2 decades. Our teams are dedicated to working in partnership with our clients to ensure the solutions and services offered are of the highest standard and provide value for money. ILLY’s comprehensive project approach is tried and tested to ensure LINKS CarePath is successfully bedded in and becomes an integral part of business processes. ILLY takes a long term view and believes focussing on the quality of the initial delivery leads to a system that will serve our; clients indefinitely. ILLY takes a partnership approach providing business process analysis, configuration, data migration and ongoing support of LINKS CarePath to meet our clients’ goals. Once an order has been placed and contract signed, ILLY will run a number of workshops to ensure that the correct setup of the System as per the Treatment Service Hierarchy. The output from these workshops will enable the correct setup and configuration of the Clients’ system (including logos, reports, configuration, data, pathways and hierarchy). We offer a comprehensive ; training programme for front line staff, service managers and council users.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract, ILLY will facilitate a joint parties workshop to examine and understand the data required to be extracted, the format and requirements of the new provider, the outcome of which will determine the scope. These would then be costed using our standard rates.
• End-of-contract process: At the end of the contract, depending on whether the user required any data extracts, we would work with the buyer to extract the data in the required format. Note: Some buyers prefer to keep a readonly archive environment depending on their data retention policies. We can offer a low cost option for this. Otherwise, at the end of the contract we remove all data from the system and provide a certificate of destruction.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: MyCarePath and ChangeYourTomrorow have both been developed with Responsive Design to ensure web pages render well on a variety of devices and window or screen sizes
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Access to the service is via a dedicated HPPTS URL using TLS 1.2 encryption and optional 2 factor authentication
• Accessibility standards: None or don’t know
• Description of accessibility: Access to the service is via a dedicated HPPTS URL using TLS 1.2 encryption and optional 2 factor authentication
• Accessibility testing: Standard interface testing has been undertaken as part of the product development life cycle. No specific testing has been done with users of assistive technology.
• API: No
• Customisation available: Yes
• Description of customisation: Admin users can customise the configuration via the configuration menu, where reference data (for static drop down lists) , risks, questionnaires and user roles, permissions, password criteria and many more settings can be configured.

Scaling

• Independence of resources: Each organisation is given their own server, so there is no contention with other users.

Analytics

• Service usage metrics: Yes
• Metrics types: Systems Specific: The Admin Tool can show how many users and licenses are being used. ; Application Specific: 1. The Client Record Completeness tool will make Service Manager's job easier as it allows him to see which Keyworkers need to enter additional data ; 2. Team Manager dashboard quickly pull off a report that highlights key clinical data for the team's prescribing clients ; 3.The completeness bar on my dashboard as well as the data completion page in the client record saves valuable time
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Data encryption at rest is an optional extra
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard NDTMS extracts can be done by the user. If complex exports are required (such as case notes, scripts etc), these will can be provided at our standard rates.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The application is available without interruption 24 hours a day, 7 days a week, 365 days a year. This is subject to scheduled downtime as notified from time to time.
• Approach to resilience: Our service is fully resilient. Full details are available on request.
• Outage reporting: All services are proactively monitored and any outages are alerted to us by email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is granted based on roles. The Systems Administrator can specify the levels of access. Only Administrators have access to support channels
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQUAR ltd
• ISO/IEC 27001 accreditation date: Latest certificate expires 22/11/2025
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DSP Toolkit
  • ISO 9001:2015 CERTIFIED
  • ISO 27001 :2022 CERTIFIED

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: We are also DSP Toolkit compliant level 3 to the most recent version. ; We are ISO 27001:2022 certified. Further details are available in our ISMS.
• Information security policies and processes: As an ISO 27001:2022 registered company we have numerous policies and procedures.; ; Our Information Security Management System details all the steps we take to ensure adequate protection of sensitive information. A copy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management process is detailed in our ISMS. Our LIVE, UAT and development environments are kept separate and we have a sign off process for any changes to the LIVE environment. All changes are tested in a UAT environment before being deployed to the LIVE environment. The Client signs off all LIVE releases.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: As an ISO 27001:2022 certified company, we take vulnerability management seriously. These are documented in our ISMS and are available on request. All patches are applied within 14 days.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our systems are proactively monitored with patching and threat management software, and policies to deploy patches based on threat level. In line with GDPR requirements, we ensure that we can respond to any incidents without any undue delay.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Details are available in our 27001: 2022 ISMS - available on request

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  At ILLY we are privileged to work within a sector dedicated to improving social vaue which can be measured by the positive contribution we make within our communities, affecting societal change through close partnership working with commissioners, data analysts/administrators, front-line practitioners and OHID.; ; ILLY started out building software for the banking sector in 1993, but through a shared conscience and a desire to improve the lives of the UK’s most vulnerable individuals, we began to develop and deliver innovative technology with real therapeutic value which, over time, has demonstrably helped our partners in supporting service users to achieve their individual recovery goals.; ; Since moving into the substance misuse sector, ILLY’s mission has been clear: to drive positive social change through the use of technology and data. We use our expertise to support services deliver effective interventions which, in turn, improve lives and benefit communities. Adding social value is the reason for our existence – it is ingrained in our DNA.; ; For over 25 years, ILLY Systems has been on a relentless mission to make a real difference within the sectors we work in. Key within this has been to develop and deliver innovative technology that has real therapeutic value in helping clients, young and adult, turn their lives around. As such, delivering social value to our communities is the reason why we exist and ingrained in our culture. This is only possible because of the way in which we have been able to integrate our passion, our economic engine and our big goals of doing good through the use of effective technology. We believe that through the development of innovative therapeutic tools and solutions, we are able to make a real contribution to support clients and their families affected by the harm caused through substance misuse.

Pricing

• Price: £1,475 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@illycorp.com. Tell them what format you need. It will help if you say what assistive technology you use.