INTELLIGENT LILLI LIMITED

Lilli

ASC technology software platform that uses data from discreet sensors placed in a home to provide evidence in line with Care Act domains. Supporting provision of Front Door, reablement, review and assessment services. Outcomes include enhanced waitlist management, improved assessments, right sizing, significant cost savings and avoidance.

Features

• Proactive remote monitoring and assessment service
• Plug and play rapid deployment
• Non-intrusive monitoring of vulnerable people in home settings
• Real time web based portal with customisable alerts & notifications
• Integration with services used by healthcare to support users
• Automated individual user reporting
• Management information packs and evidence of outcomes
• Open API for integration to other services
• Roaming SIM based connectivity included as part of licence
• Mobile app for carers and friends & family with notifications

Benefits

• Supports vulnerable people to live independently
• Assists commissioners to create system capacity efficiency and savings
• Supports pathways inc D2A, Front Door, Review and Reablement
• Delivers measurable cost savings and cost avoidance
• Can be deployed by existing resources and front line teams
• Delivers service transformation through outcomes
• Aligned with Care act Domains supporting a strengths based approach
• Customer success team delivering wrap around implementation and contract support
• Implementation and onboarding models designed to meet outcomes at scale
• CPD accredited training

£59.40 to £99.00 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@intelligentlilli.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

648697432478386

Contact

Kelly Hudson
+44 (0)20 3922 0067
hello@intelligentlilli.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Lilli supplies and preconfigures the hardware as plug-and-play, eliminating the need for on-site pairing of sensors. The purchaser cannot use their third-party hardware with the service. Our solution includes SIM-based connectivity, which is an integral part of the licence cost and cannot be omitted. We perform over-the-air maintenance overnight, with data buffering caches and backups to prevent any interruptions in data transfers.
• System requirements:
  • Authenticated Lilli account
  • Access to the internet
  • Email account
  • A modern web browser on Windows, Mac or ChromeOS
  • Power
  • Android or iPhone device to access platform remotely
  • Whitelisting of Lilli domains, *.intelligentlilli.com
  • Access to relevant app stores for native mobile app download
  • Video conferencing access for training
  • 2FA available should buyer require it

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: There are no service responses on weekends. However, our 24/7 chatbot is available to assist with queries and can escalate issues to our support staff, who are available the next business day. Lilli's support staff respond to inquiries Monday through Friday, from 9:00am to 5:00pm, by email or phone
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: The web chat follows the design system of the Lilli apps, hence inherits the accessibility capabilities. As the web chat system adheres to HTML standards, the following accessibility features of Android/iPhone, Linux, Windows and macOS are available:; 1. VoiceOver/Narrator for screen reading and controlling app with voice.; 2. Display settings such as invert colours, text size, contrasts and zoom.; 3. Accessibility controls over input systems.
• Web chat accessibility testing: All Lilli services, including the web chat function, are tested for accessibility against the WCAG 2.2 guidelines as part of our regular Accessibility Review process
• Onsite support: Onsite support
• Support levels: We provide onsite and online technical support where required between 9am to 17:00pm Monday to Friday. Service critical queries which will be responded to within 2 hours, 24 hours a day. Non-service critical queries will be responded to between the hours of 9am to 17:00pm within 2 hours
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We offer both on-site and online training tailored to client preferences, covering topics including product overview, platform usage, installation procedures, and troubleshooting. To support effective deployment of the Lilli service we supply clients with all necessary materials such as how-to guides, troubleshooting documentation, and detailed information tailored to the specific roles of users, ensuring they can utilise the product optimally.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data requests are managed by the client who is the data controller, and as the data processor Lilli will act upon these requests. This extraction may include data related to any requested user, organisation, or service user. Data exports are facilitated as part of a mutually agreed-upon off-boarding process.
• End-of-contract process: As per our Records of Processing Activities (RoPA), data is retained by default for seven years for audit purposes and then expunged from our databases. Subject Access Requests (SARs) for data deletion are processed under the direction of our clients, who act as the Data Controllers. We provide CSV data exports at no cost. Other forms of data extraction, depending on specific requirements, may incur additional charges; these costs are determined upon review and would be included in the mutually agreed-upon extraction plan.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None. All features on the mobile web app are available on the desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our platform offers both mobile and web versions of the interface. The web and mobile apps present the service insights for monitored Lilli service users. The web app interface allows staff users to manage hardware installation and upkeep; it enables managers to administrate staff users and Lilli service user profiles, and permits users to manage their notification settings. The mobile app provides friends and family with the ability to monitor insights for their loved ones; the data to friends and family is managed/redacted in line with customer requirements.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We perform accessibility testing against the WCAG 2.2 Accessibility Guidelines. Assistive Technology users testing is scheduled but not yet complete.
• API: Yes
• What users can and can't do using the API: The Lilli public API is the primary interface for our services. It is utilised by all Lilli applications, including the Android and iOS apps as well as the Web App, enabling users to access information from the Lilli service and make changes related to users, service configurations, and other settings. User capabilities are assigned based on their role, adhering to the principle of least privilege. Depending on their role, users may view their organisation's data, their own personal data, generate reports, install hardware, and manage other users within their organisation.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users have the ability to customise the types of alerts they receive, including the conditions that trigger these alerts. Client organisations can tailor how these alerts are integrated into their existing systems, potentially involving integration with third-party triage centres or incident management platforms for streamlined workflows and automated alert responses. Additionally, users can adjust the placement and configuration of the hardware to optimally monitor an individual’s care needs. We also offer bespoke configurations to monitor other relevant data streams, such as medication adherence or falls detection.; The features of the Lilli service can be directly customised via the app, with bespoke modifications facilitated through customer success channels, or via sales channels for new clients.; Application users can modify all relevant settings, such as notification preferences and sensor placement.; Deeper integrations and platform enhancements are negotiated and implemented on a case-by-case basis between Lilli and the client.

Scaling

• Independence of resources: All services are managed behind load balancers to prevent any single service instance from being overloaded by requests. Resources are continuously monitored to detect spikes in usage. In the event of an increase in demand, additional service instances are rapidly deployed, with the response time to provision extra servers being less than 10 minutes from the detection of the spike.; Public-facing services (public APIs for Lilli apps), are deployed on Edge Servers positioned closest to our customers. These servers are deployed and scaled independently to ensure sufficient service capacity and enhance responsiveness.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a monthly program dashboard pack that details statistics on platform users, licence usage, service user status, friends & family usage, training, and support tickets.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users perform HTTPS API requests to endpoints that are safeguarded by authorisation checks based on their identity, organisation, and roles. This allows them to download data related to their accounts.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service uptime is monitored publicly and can be seen at https://status.intelligentlilli.com/. We do not provide an SLA for the service.
• Approach to resilience: Our service infrastructure is designed to be resilient, utilising a multi-layered approach for robustness. It is deployed on Amazon Web Services (AWS). It utilizes AWS's global services such as S3, Caching, and Lambda, distributing resources across multiple Availability Zones within geographic zones to ensure redundancy and fault tolerance. Additionally, we implement horizontal scaling through Elastic Beanstalk and Elastic Container Service (ECS), which permits automatic and manual adjustments in response to changing demands, thus ensuring seamless workload management.; Our databases are optimized for high demand by operating on read-only workloads from backup copies to enhance scalability and maintain service continuity.; CloudFlare integration further protects our REST APIs, offering scalable low-latency DNS, edge caching for faster data delivery and reduced backend load, and efficient edge node data processing to minimize AWS queries.; Our Web, Android, and iPhone apps employ secure client-side caching to reduce server queries and enhance performance, ensuring service continuity in poor network conditions.; This comprehensive approach provides numerous benefits, including effectively limitless scalability within data centers, fault-tolerance through multiple Availability Zones for high availability, AWS outage mitigation and reduced AWS load through Cloudflare protection, and caching that improves app reliability and user experience.
• Outage reporting: A service status dashboard, which shows the live status of the platform and a historical record of any outages, is available at https://status.intelligentlilli.com. Should there be any interruptions, our Customer Success team will directly communicate with clients to provide updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password (with strength rules enforced and common passwords disallowed), with the option to mandate multi-factor-authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials, NHS DSPT
• Information security policies and processes: Our information security reporting structure is hierarchical: Engineering and IT teams report to the CTO, who, along with the Senior Management Team, reports to the Board on information security.; ; Lilli is certified in Cyber Essentials to address common cyber threats, the Digital Technology Assessment Criteria (DTAC) for digital health service safety and usability, and the NHS Data Security and Protection Toolkit (DSPT) to ensure data protection compliance.; ; Our key ISMS policies safeguard systems and customer information:; InfoSec manages our Information Security Program; Access Control regulates access to data and systems; BYOD governs personal device use; Change Management controls system and process changes; Incident Management manages security incidents; Cryptography manages cryptographic keys and security; Logging & Monitoring manages telemetry for security incident diagnosis; Network Security secures networks to maintain integrity.; Lilli keeps a formal Risk Register and applies a robust Information Risk Assessment & Treatment Methodology.; We conduct continuous teammate training and workshops on security best practices, annual penetration tests to assess system vulnerabilities, and thorough evaluations of software suppliers to ensure they meet our security standards. Our product development is driven by these security policies to manage vulnerabilities effectively.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes in Lilli systems are systematically managed. Each component is supported by a live Technical Design Document. Automated tests ensure ongoing service reliability. Source code and configurations are managed and versioned together. Furthermore, runtime telemetry provides continuous performance insights, and the monitoring of CPU, memory, and network usage optimises performance. Automated testing continuously validates APIs and web applications.; ; Changes are all assessed for potential security impacts. Versioning, peer reviews of source code and testing help identify security risks. Controlled environment testing detects performance discrepancies before deployment. Post-production analysis identifies and mitigates service vulnerabilities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The CIO and CTO jointly oversee information security and vulnerability management, supported by a monthly risk register review. Internal telemetry monitors for unusual behaviours, flagging potential risks. Our engineering teams prioritise continuous improvement, peer-reviews, versioned source-code and documentation alongside automated testing.; ; Regular audits and adherence to Cyber Essentials, DTAC, and DSPT standards are supplemented by annual independent assessments. We proactively manage vulnerabilities through: direct CVSS list monitoring; regular deployment of patches for OSs and firmware, ensuring that updates are tested and incrementally rolled out; bolstering security awareness through internal forums and continuous professional engagement to enhance development and security practices.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Data collection involves capturing AWS infrastructure and web traffic/threat metrics in CloudWatch, Prometheus, and CloudFlare. For data visualisation, dashboards display data including errors, user interactions, and uptime statistics.; ; Intrusion detection alerts are based on consumption patterns, network traffic, and unauthorised data access are captured via email and Slack notifications. CloudFlare provides DDoS and bot protection, along with a Web Application Firewall.; ; Our structured response process involves assessment, communication and mitigation steps. Target response times are between 30 minutes to 48 hours, depending on severity. We monitor the mean time to detect (MTTD) for quality improvement.
• Incident management type: Supplier-defined controls
• Incident management approach: Lilli has a robust incident management system. We utilise well-documented, regularly updated protocols for managing common incidents such as outages and breaches, all housed in our knowledge base. Users can report incidents through email or phone; these reports are swiftly triaged and assigned to the relevant teams based on their severity and are tracked using our internal systems.; Detailed reports are sent to stakeholders to ensure transparency; these reports outline the incident's nature, impact, root cause, actions taken, and preventive measures. Follow-ups include post-incident reviews and regular sessions to discuss improvements and lessons learned.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Lilli is committed to environmental sustainability. We maintain a green travel policy, have all teammates working remotely by default, and advocate for electric vehicle use to reduce carbon emissions. We have a Cycle Scheme benefit in place. Our operations prioritise recycling and the use of sustainable products and our hardware is sanitised and repackaged to ensure minimal electronic waste. Our service helps customers operate more efficiently, indirectly helping meet their own carbon reduction targets.

  Covid-19 recovery

  The Lilli service supports COVID-19 recovery by enhancing care for individuals with long-term health conditions. Our discreet, technology-enabled solution helps prevent conditions from escalating, thereby reducing hospital admissions or transfer into communal-living environments. Lilli helps alleviate the strain on the wider healthcare system and therefore contributes to its ability to deal with COVID-19.

  Tackling economic inequality

  The Lilli service supports removing inequality as it facilitates better care provision regardless of location or economic status. By enabling improved efficiency it allows more people to receive the services that they require. As a fully remote organisation, we capitalise on the absence of geographic constraints to offer employment opportunities nationwide. This enables us to draw talent from across the country, including from economically disadvantaged areas, helping to stimulate local economies and reduce regional disparities.

  Equal opportunity

  Lilli supports diversity and inclusion wholeheartedly, and explicitly commits to offering equal opportunities to all. Our recruitment policies and current workforce makeup reflects this commitment, and this has been recognised by independent workforce makeup and workplace culture evaluation services. We have a DE&I statement on all of our job posts. Our service is provided to all based on service user needs and entirely without bias.

  Wellbeing

  Our software supports wellbeing as it allows people to be supported regardless of their location. The purpose of the service is to improve the quality of lives of people who receive the service.; Lilli provides all teammates with access to counselling and therapy services through a distinguished external provider, fostering a supportive work environment. Lilli is proactive in promoting health and fitness among our team through a variety of internal events, such as walking challenges, and hosts numerous activities throughout the year aimed at enhancing physical, mental, and emotional health.

Pricing

• Price: £59.40 to £99.00 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@intelligentlilli.com. Tell them what format you need. It will help if you say what assistive technology you use.