CACI UK Ltd

MooD 16 and MooD 17 Licence (MBA and MAE)

MooD 16 & MooD 17 software components provides a collection of software tools for deployment on-premises or via private / hybrid cloud environments.​​ MooD Business Architect and MooD Active Enterprise components can be used to build bespoke MooD Cloud Solutions.

Features

• A desktop tool allowing users to create architectures/operating models
• No-code mechanism
• Produce/manage a live, operational architecture-driven web application
• A repository management tool
• Application users share models created; controlled through role-based permissions
• Build sophisticated queries to analyse the architecture
• Import, Export and Integrate with current data sources

Benefits

• Creation of a Business Architecture or Enterprise Architecture.​
• Provides single version of the truth
• Draws a line-of-sight from operational activity to business outcomes
• Exposes key views and user journeys for different stakeholders​
• Amalgamates data from different services.​
• Provides governance over other architecture programmes
• Import capabilities for Visio and ArchiMate.​
• Replaces manually crafted documentation and presentations with automatically generated reports​
• Enables evidence-based, data-driven decision making.​
• Surfaces relationships, information flows and complex interdependencies

£180 to £220 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

108908102822590

Contact

CACI Digital Marketplace Sales Team
0207 602 6000
digital.marketplace@caci.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Services can work in parallel with other services.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Requires specified versions of software. Also Chrome and MS Edge
• System requirements:
  • Microsoft SQL
  • Microsoft Windows

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response to email is due within 4 hours on Monday to Friday from 09:00 to 17:00 excluding national holidays. Immediate response to phone and online requests business hours Monday to Friday. Online support portal available 24/7. Dedicated customer account manager available business hours. Enhanced levels of support are also available at extra cost
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Onsite support is available through a Managed Service, pricing is dependent on the number of end users and support levels defined. A Technical Account Manager will be provided as will a Customer Account Manager. Additional services include but are not limited to training, modelling support, model definition, design, configuration and test services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The user is fully supported through an online support capability, user documentation and onsite training can be provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Office
  • Microsoft Visio
• End-of-contract data extraction: At contract end CACI deliver a full transition and close down service. All exportable data will be provided on removable media.
• End-of-contract process: Administrative rights permit data export following which service is terminated.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web interface onto desktop
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: Within limits using custom SQL, JSON, JavaScript, HTML and CSS.

Scaling

• Independence of resources: Self-governed. The user will configure the software to meet their own requirements.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Not applicable.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Administrative rights permit data export through the user interface of the tooling.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • Word
  • PowerPoint
  • PDF
  • ODBC sources
  • XLS
  • ArchiMate
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • MS Project
  • XMI
  • Visio

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: The customer will configure the software to meet their own requirements.
• Data protection within supplier network: Other
• Other protection within supplier network: The customer will configure the software to meet their own requirements.

Availability and resilience

• Guaranteed availability: Not applicable.
• Approach to resilience: Available on Request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Full security permission model, details available on request.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified by the British Standards Institute (BSI) for ISO 27001.
• ISO/IEC 27001 accreditation date: Original Registration Date: 11th April 2006 – last re-certification date was February 2022
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers all CACI services, offices, and data centres.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CACI holds Data Seal.
  • Registered with the ICO - Network and Information Systems Directive
  • ISO 9001 - this includes additional elements regarding security

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CACI have implemented an Information Security Management System (ISMS) containing a set of policies, procedures, and technical controls for systematically managing sensitive data, systems, and processes. The foundation of our ISMS is designed in accordance with the ISO27000 series of international standards, industry best practices and regulatory controls. ; We have also adopted the security best practices detailed within the National Cyber Security Centre’s 14 Cloud Security Principles, 10 Steps to Cyber Security and 12 Supply Chain Principles along with the Government’s Technology Code of Practice into our Information Security Management System (ISMS) and these form part of business-as-usual operations.; CACI maintains a Risk Management program to mitigate and manage risk companywide. Risk assessments are performed at least annually to ensure appropriate controls are in place to help reduce the risk related to the confidentiality, integrity, and availability of sensitive in-formation.; We maintain ongoing initiatives intended to help minimise the risks associated with human error, theft, fraud, and misuse of facilities. These initiatives include screening, confidentiality agreements, security awareness education and training, and enforcement of disciplinary ac-tions.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the Change Advisory Board which delivers support to Change Management team who approve, assess, prioritise.; All changes are subject to our Change Control Policy. Where there is the possibility of an impact to user activity, stakeholders are notified for feedback.; Changes are then forwarded to Change Managers for CAB approval, who append plans when appropriate.; Robust systems acceptance testing processes have been established for all new information systems, upgrades, and new versions, conducted by a dedicated Quality Assurance team, ensuring no security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Controls need to be in place by the cloud hosting provider, application vulnerability is controlled and managed via CACI MooD vulnerability and patch management process (more details available on request).
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Customer managed.
• Incident management type: Supplier-defined controls
• Incident management approach: All employees are required to report any real, perceived, or potential security incidents that may affect the confidentiality, integrity, or availability of data. ; All Security Incidents are recorded in-line with our Security Incident Policy and Response Procedure, for each incident a root cause analysis is conducted, a corrective action undertaken, and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future.; CACI’s cyber security management programme includes cyber incident response plans, advanced technical controls, operation resilience and business continuity management to minimise the impact of a cyber-security attack or incident

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain. ; This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:; -Awareness of environmental impact through procedures and controls; -Acceptance of responsibility through environmental management systems; -Reducing harmful impacts via environmental policies; -Displaying community responsibility via staff training and awareness; ; We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.; CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2040, with a baseline period set from July 2020 to June 2021

  Tackling economic inequality

  CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services. For example, we work closely with the National Autistic Society and Autism at Work to create an inclusive recruitment process, actively supporting neurodiverse candidates to flourish.; CACI works with a number of outreach organisations to develop and attract individuals from minority groups into the cyber security sector, including CyberFirst. A number of our employees volunteer as Ambassadors to this NCSC led government outreach programme. This is a reflection of our belief in the programme’s mission, to develop a sustainable and diverse talent pipeline into the cyber security industry. The majority of the programme’s focus is on students in UK schools, to improve issues with massive student dropout from IT education.; ; CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.; We are focussed on creating opportunities from the following groups who experience barriers to employment :; -Long term unemployed; -Armed forces veterans; -Mothers returning to work; -Care leavers

  Equal opportunity

  CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. ; CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces. ; Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level. ; CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment . ; CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.; CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.

  Wellbeing

  CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.; Promotion of an Open Culture around Mental Health:; -Team of 18 Mental Health First Aiders; -Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health; ; Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:; -Regular check-ins for staff and our contractor workforce; -Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing; -Free 24/7 professional counselling ; -Private healthcare and health and wellbeing plan (extendable to family members/dependents); -Employee Assistance Programme; -Discounted gym memberships; -Physiotherapy; -Medical services; -Mental Health First Aider programme; -Stress assessments; ; Proactively ensure work design and organisational culture to drive positive mental health outcomes; -Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees; -Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities; -Open and honest communications at all levels throughout the organisation; ; Increased organisational confidence and capability:; -Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues; -Line Managers and Career Coaches trained in aspects of mental health; ; Provide mental health tools and support:; -Formal Mental Health First Aid Programme including a team of MHFAs; Increase transparency and accountability through internal and external reporting: ; -Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

• Price: £180 to £220 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: One month free trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.