Intelligent Lilli

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: There us a requirement for the hardware to be configured to the correct settings
System requirements: Authenticated Lilli account

A modern web browser on Windows, Mac or Chrome os

Power

Android or iPhone

User support

Email or online ticketing support: Email or online ticketing
Support response times: Email support is included in the cost, operating hours are 08:00 -18:00 Monday to Friday. There is no service at the weekend and we aim to answer as quickly as possible.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: Onsite and On line technical support where required is included between 08:00 to 18:00 Monday to Friday. Where possible:
• Service critical queries which will be responded to within 2 hours, 24 hours a day
• Non-service critical queries will be responded to between the hours of 8am and 6pm within 2 hours
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Customers place the order and although they can use the service straight away we normally agree the training windows to support their implementation and provide a mobilisation plan as required including milestones and success criteria.

Lilli conducts extensive remote and on-site training for our users.
- We have made available online FAQ, help, training videos and documentations.
- Lilli operates customer service function, which users can access (via phone, email) to get answers to querys and service issues
- Lilli conducts workshops and feedback sessions on a regular basis with customers to understand their challenges and needs and accordingly provide support.

Some customers prefer us to work with them on their implementation to co create the methodology and define the new ways of working as it is a change from traditional methods and we can provide support with that.

Our experience of working with Local Authority clients has identified that the most common cause of failure within projects and pilots, is when there is no flexibility in the rollout and delivery. This also assists clients with tracking outcomes and we run surveys should the clients need this service.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Data requests from users are handled by the data controller, and as data processor Lilli will then action these requests.
End-of-contract process: Data is kept as per our RoPA for 7 years then expunged from our databases. Subject Access Requests (SARs) requesting data deletion will be executed at the direction of the data controller. We can produce a CSV file for free. Any other form of data extraction depending on the requirements may come at an extra cost. This would be determined on review and form part of a mutually agreed extraction plan.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Lilli Web App uses Responsive Web technology. This means the application adopts the device form factor (desktop/laptop, tablets and mobile phones), while retaining full feature set.
On the mobile phones (Android and iPhones) users can leverage platform features such as sharing links, images and content with others via SMS, Email and other sharing enabled apps.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: Lilli Service interface is comprised of

- A Responsive Web App that works across Desktop/Laptops, Tablets and Android, iPhones
- A set of tools to manage referrals and onboarding of Service Users
- Data reporting and customer service tools based on emails, dashboards
- Native apps for iPhone and Android.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: We regularly collaborate for feedback and co-design our product with our users. At the beginning of the scoping and mobilisation stages of our project we define the users needs and outcomes and design our offer and delivery to suit. We also do this during the lifecycle of a project,by obtaining regular feedback, validating and adding to our roadmap.
API: Yes
What users can and can't do using the API: Abilities are granted by user role and are based on the principle of least privilege. Depending on assignation users can view data, produce reports, install hardware, manage other users.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Yes, customers can customise the systems. We work closely with our customers, to identify their outcomes and services to see how we can better adopt our service delivery to meet their requirements, we do this at the beginning of the process and then also regularly thought out, in order to meet changing needs and requirements.

Scaling

Independence of resources: All servers exist behind load-balancers to ensure no one server is overloaded by requests. Processes are continually monitored to detect spikes in usage. In the event of increase in demand, additional servers are spun up to cater for it, response time is less than 10 minutes from spike to additionally provisioned servers.

Parts of the systems (public APIs for apps) are deployed on Edge Servers (to the closest location to customers). These are deployed and scaled independently of other users, to ensure dedicated capacity.

Analytics

Service usage metrics: Yes
Metrics types: We provide on-demand and on schedule, digest of curated metrics, which capture systems usage, SU statistics and systems infrastructure health/uptime.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: HTTPS API request from an authorised user to a permitted API endpoint.
Data export formats: CSV

Other
Other data export formats: Excel

JSON
Data import formats: CSV

Other
Other data import formats: Excel

JSON

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Critical components of Lilli Service have 99% uptime.
Approach to resilience: IoT Hardware:
- Multi-network roaming SIM to mitigate for individual UK mobile networks becoming unavailable
- Optional backup ethernet connectivity
- On-device buffering of messages to cater for unanticipated communications outages
- Battery backup to power gateways in the event of a power outage
Server/service infrastructure:
- Continuous integration and deployment with automated testing to ensure bugs are not deployed to production environments
- CloudFlare middleware for caching of data provided to customers
- Automated horizontal scaling of servers in AWS to cater for traffic and usage spikes
- DNS services provided by Cloudflare
- Infrastructure-as-code philosophy to ensure idempotent deployments that are repeatable and not prone to human error
Outage reporting: Outages to our service initiate an investivation. An incident report is produced for the outage summarising the issue, explaining any actions taken and listing process changes and mitigations to be implemented as a result of the outage
- Statuspage is used to monitor and report API and App availability and uptime.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password

Other
Other user authentication: Both User name and password
Access restrictions in management interfaces and support channels: Systems use Role based authorisation. Each customer organisation can create roles as per the organisation structure and responsibilities of individual users. When User logs in (with their username/password) the access rights defined in the Role, are stored in a JWT token for the duration of User's session. Each request (to view/read, change or delete data) is validated against the token, before allowing access.
Access restriction testing frequency: At least every 6 months
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Data Security and Protection Toolkit and Cyber Essentials
Information security policies and processes: Lilli adopts a risk-based and pragmatic approach to security governance. Decisions are made with security posture considered and mitigations put in place to control for risks as appropriate. Staff are given training in cybersecurity and take responsibility for following best practices, and there is an escalation to the CIO for any issues that warrant reporting or demand review. Risks are reviewed weekly and are reported to the Board.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We have a documented process that sets our change management processes. All changes are tracked, checked for security and risk assessed to ensue that they meet the strict standards. All changes are recorded and quality assured.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Libraries and dependencies used in the product are regularly reviewed and updated as necessary. Penetration testing is undertaken and any deficiencies are fed into the development pipeline for remediation. All commited code is reviewed by at least one other developer to identify any security risks.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: All development devices have an agent installed that scans the computer at all times for insecure or outdated software and dependencies, and a weekly review is undertaken of all devices to remedy any deficiencies.
Incident management type: Supplier-defined controls
Incident management approach: The incident management process is built to fit the guidance of the ICO and GDPR legislation. A designated staff member oversees each incident, manages the response, communicates with employees and staff and escalates to regulators where appropriate. Incident response teams are created and consist of staff with relevant experience to handle the incident. Post-incident analysis is mandatory to isolate root causes, to understand impact on SLAs and to provide Customer Success teams with relevant information to communicate with customers.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

We have a commitment to reducing carbon emissions. We recycle and reuse materials where possible. We have a green travel policy and promote the use of electric vehicles where at all possible. To reduce carbon we have a policy which allows staff to work from home. We use sustainable products where possible. By nature of our software we are part of the solution which allows our customers to reduce their carbon footprint.
Covid-19 recovery: Covid-19 recovery

Our software supports covid recovery as it assists people with long term health conditions.This form of discreet technology enabled care, prevents conditions from becoming serious, reduces the number of hospital admissions, and improves the quality of life of those being monitored, helping them to remain safe and content in their homes for longer.
Tackling economic inequality: Tackling economic inequality

Our software supports removing inequality as it allows people to be supported regardless of their location. Partnering with Lilli to offer services to commissioners of care as part of new and existing developments. We are aligned with the commercial objectives of PfP. Increased options for individuals and efficiencies for care services PfP provides as a partner, customer and supplier. We also are happy to allow customers to advertise their jobs on their local job boards.
Equal opportunity: Equal opportunity

Our software supports removing inequality as it allows people to be supported regardless of their location. Lilli is committed to provide services that enable people to live their best lives, support communities and service providers. We are able to offer customers the option of advertising our jobs locally to support opportunities within your local communities.
Wellbeing: Wellbeing

Our software supports wellbeing as it allows people to be supported regardless of their location. We also offer the option of advertising our roles locally to support the local ecconomy and wellbeing.

Pricing

Price: £60 a licence a month
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Intelligent Lilli

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents