CACI UK Ltd

Secure Cloud Services up to SECRET

CACI designs and implements accredited public cloud environments that meet MOD and wider HMG Cloud Security Principles and are suitable for data classified up-to and including SECRET. This includes development, test and operational environments hosting enterprise level applications.

Features

• Designed for OFFICIAL (SENSITIVE) with MOD, NCSC and CIS principles
• Monitoring and Audit solutions for security and compliance including GDPR
• Reliable, repeatable and scalable solutions
• Architectural practices aligned to Well-Architected Framework and client needs
• Scalable solutions suitable for development, test and production environments
• Solutions tailored to your specific data and security requirements
• Identity and Access Management (IDAM)

Benefits

• Secure-by-design provides greater resilience and reduced security and compliance risk
• Proven environment for building HMG solutions including MOD & NCSC
• Monitoring and audit features that contribute to GDPR compliance obligations
• Leverage the power of public cloud whilst protecting sensitive data
• Cost reduction through the ability to scale environments as required
• Reach back into the AWS partner network for specialist expertise
• Track record delivering secure, high performance, mission-critical systems for HMG
• Early and incremental delivery of benefit through Agile approach
• Cyber Essentials Plus accredited, compliance with GDS, ISO 27001/9001

£430 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

124434723996435

Contact

CACI Digital Marketplace Sales Team
0207 602 6000
digital.marketplace@caci.co.uk

Planning

• Planning service: Yes
• How the planning service works: Prior to the delivery commencing we agree outcomes for the engagement with the customer. This includes: ; ; defining success criteria and ensuring commercials are aligned; ; agreeing deliverables; ; agreeing ways of working and governance; ; defining and agreeing team size/resourcing.; ; Once onboard we work closely with the business, technology and security teams involving them in planning workshops to understand their requirements and identify risks and dependencies associated with the work. Following agile principles we will plan the engagement into a series of short iterations and define high level milestones based around key outcomes and deliverables. The plan will be reviewed in collaboration with the customer and updated at each iteration. Agile planning tools will be used to provide full visibility and track progress.; ; From a Security perspective, looking across People, Process and Technology, we will work closely with customers to understand their security position, the threats they face and the business outcomes they want to achieve from adopting cloud technology. We will also understand security constraints and the classification of data to be processed in the cloud. Working collaboratively with business, technology and security teams we will produce plans and design patterns that aim to improve security posture, enhance compliance and minimise risk.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: CACI provides comprehensive training across all provided service including cloud services, knowledge transfer, coaching and mentoring. Training can be provided on a (virtual) classroom basis, web-video training series, or by embedding in a business change representative to support the success of the userbase and act as an enabler.
• Training is tied to specific services: Yes
• Services the training service works with:
  • AWS
  • Azure

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: With the right cloud strategy, migrating applications, services and production workloads, the cloud provides an opportunity for customers to benefit from reduced cost and risk as well as increased availability and resilience.; To achieve this, CACI provides an Application Migration service for migrating applications to the cloud as part of a public, on-premises or hybrid cloud strategy. These options include:; Re-hosting;; Application Transfer;; Application Transformation (Redesign & Rebuild);; Replacement.; ; CACI also offers a specialist migration service focused on leveraging containerisation technology and related cloud services to enable customers to benefit from lower running costs, greater resilience and improved scalability.; ; The approach taken for each application or service is aligned to a customer's business requirements and cloud strategy which is determined following discovery, analysis and planning with the customer.; ; CACI designs and sets up cloud services with our agile, secure-by-design focus and we work with customers to define a cloud migration strategy that focuses on delivering value early. We help customers adopt an agile approach to migrating their services to the cloud as this enables them to learn and adapt with each migration, reducing risk and enabling benefit to be realised incrementally.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: CACI has a proven engineering mindset, delivering cloud solutions to exacting standards of performance and quality. Our ISTQB qualified Test Engineers have extensive experience, quality assuring and performance testing mission critical applications across the lifecycle. They work in agile teams, either embedded in customers' organisations or as part of a wider CACI team, bringing with them a wealth of Test Automation experience. We follow an automation-by-default approach and ensure continuous testing is undertaken to improve the quality and speed of delivery. This includes the use of automation tooling and the implementation of Continuous Integration and Delivery (CI/CD) pipelines. Our engineers have a DevSecOps mindset, focusing on quality and operational running when designing and building systems. We work closely with our customers to define a testing strategy that is designed for services running in the Cloud. Our Test Engineers work collaboratively with the business, technology and security teams to understand their requirements and associated business and technical risks. From that they define a risk based test strategy and related test plans with automation at its heart. We advise on the technology and tools that best meet the specific needs of each customer environment, integrating with existing systems as processes as appropriate.

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Other
• Other security services:
  • Security Architecture
  • Assured up to S (SECRET)
  • Secure Software Development Life Cycle
  • Cyber Threat Assessments
  • Software Assurance Maturity Model assessments

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by your organisation
• How the support service works: CACI can offer a DevSecOps Cloud Support service made up of cloud engineers responsible for looking after code and configuration throughout the development lifecycle and into operational running, breaking down the barriers that typically exist between separate development and operations teams. ; ; We adopt DevSecOps engineering practices and tools such as Continuous Delivery pipelines and automated deployments to improve the reliability and speed of releases whilst reducing the risk of change in the operational environment.; ; We typically adopt a Kanban approach to managing the response and resolution of support tickets and we work with our customers to align our support model with their operational support processes and related governance. We advise and support customers in adopting more agile and responsive support processes to enable them to benefit from the agility provided by DevSecOps working practices and tooling.; ; CACI has experience of delivering support in line with a range of services level agreements (SLAs). SLAs and the related team size will be agreed with each customer to ensure alignment with their specific business and value for money.; ; We will provide a Service Manager who will have overall responsibility within CACI for delivering the service in line with the agreed service levels.

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CACI’s standard Service Level Agreement (SLA) includes average response times to high priority (P1 / P2) enquiries within 30 minutes and 1 hour for P3 and P4 (within office and extended hours).; ; For customers providing critical services, a 24x7x365 service and tailored SLAs can be provided upon agreement at additional cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: CACI has experience of delivering support in line with a range of services level agreements (SLAs) and operational level agreements (OLAs). Service Levels and the related team size will be agreed with each customer to ensure alignment with their specific business and value for money. ; ; Where we deliver DevSecOps Cloud Support for our customers we will provide a Service Manager who will have overall responsibility within CACI for delivering the service in line with the agreed service levels.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified by British Standards Institute for ISO27001 (cert # IS501477).
• ISO/IEC 27001 accreditation date: Original Registration Date: 11th April 2006 – last re-certification date was on the 6th July 2021
• What the ISO/IEC 27001 doesn’t cover: Our ISO 27001 certification covers all CACI services, offices, and data centres.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CACI holds Data Seal.
  • Register with ICO - Network and Information Systems Directive.
  • ISO 9001 - this includes additional elements regarding security

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain. ; This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:; -Awareness of environmental impact through procedures and controls; -Acceptance of responsibility through environmental management systems; -Reducing harmful impacts via environmental policies; -Displaying community responsibility via staff training and awareness; ; We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.; CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2040, with a baseline period set from July 2020 to June 2021

  Tackling economic inequality

  CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services. For example, we work closely with the National Autistic Society and Autism at Work to create an inclusive recruitment process, actively supporting neurodiverse candidates to flourish.; CACI works with a number of outreach organisations to develop and attract individuals from minority groups into the cyber security sector, including CyberFirst. A number of our employees volunteer as Ambassadors to this NCSC led government outreach programme. This is a reflection of our belief in the programme’s mission, to develop a sustainable and diverse talent pipeline into the cyber security industry. The majority of the programme’s focus is on students in UK schools, to improve issues with massive student dropout from IT education.; ; CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.; We are focussed on creating opportunities from the following groups who experience barriers to employment :; -Long term unemployed; -Armed forces veterans; -Mothers returning to work; -Care leavers

  Equal opportunity

  CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. ; CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces. ; Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level. ; CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment . ; CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.; CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.

  Wellbeing

  CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.; Promotion of an Open Culture around Mental Health:; -Team of 18 Mental Health First Aiders; -Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health; ; Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:; -Regular check-ins for staff and our contractor workforce; -Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing; -Free 24/7 professional counselling ; -Private healthcare and health and wellbeing plan (extendable to family members/dependents); -Employee Assistance Programme; -Discounted gym memberships; -Physiotherapy; -Medical services; -Mental Health First Aider programme; -Stress assessments; ; Proactively ensure work design and organisational culture to drive positive mental health outcomes; -Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees; -Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities; -Open and honest communications at all levels throughout the organisation; ; Increased organisational confidence and capability:; -Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues; -Line Managers and Career Coaches trained in aspects of mental health; ; Provide mental health tools and support:; -Formal Mental Health First Aid Programme including a team of MHFAs; Increase transparency and accountability through internal and external reporting: ; -Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

• Price: £430 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.