Cardinus Risk Management Limited

Health & Safety DSE Software

Cardinus provide on line risk assessment and e-learning solutions for Health & Safety training

DSE
Ergonomics
DSE Assessor
Laboratory Ergonomics
Driving
Fire
Manual Handling
Stress
Lone-working
Travel
Induction
Bribery
Return to Work
Safety for Line Managers
Data Protection
Security
Environmental Essentials
Driver Training
Online
Homeworking
Hybrid

Features

• User Profiling
• Configurable E-Learning
• Configurable Risk Assessment
• Multi Course Safety Training Platform
• Self Help Tools
• Real-Time Management System
• Email scheduler
• Configurable Emails
• Sophisticated Reporting Tools
• Audited Task Management

Benefits

• Efficency Gain for Organisation
• Cost Savings
• Legal Compliance
• Comprehensive Audit Trail
• Increase In Wellbeing For Employees
• Improved Health
• Improved Productivity
• Reduced Absenteeism
• Delivers Tailored E-Learning
• Better Management Information

£1.50 to £1.50 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.furlong@cardinus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

193831769615160

Contact

Andy Furlong
0207 469 0200
andy.furlong@cardinus.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Standard Web Browser, which must have JavaScript enabled
  • Edge, Firefox, Chrome, Safari 3+, with JavaScript
  • For Authoring: IE11, Firefox, Chrome and Safari.
  • Hardware - no other requirements
  • Mobile Phones - 10” tablets 1024 x 768

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: First line support is available Monday to Friday excluding public holidays as follows:; 09.00 – 17:30 (UK); Most requests are dealt with immediately with 95% being responded to within 1 hour. Issues that cannot be resolved immediately are escalated for further analysis before being referred to the development team if necessary. If the issue requires development work or configuration then a schedule for completion is agreed with the customer.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided either by telephone and email and is included in the support fee of any proposal. Each customer has an account manager and customer services manager. Further support can be delivered onsite at a cost determined by the requirements. ; Subject to the payment by the Customer of all applicable Fees, Cardinus will host the Software on the Production Environment and make the Software Services available for access by the Customer from the Start Date. ; Cardinus’s Production Environment is designed for high security including protection by twenty-four (24) hour monitored alarms and fire detection with further access restrictions to the server rooms via logged card access doors. Full security details are available on request.; Cardinus will use reasonable endeavours to ensure that the Software Services will be available for not less than 99.5% of each calendar month. ; The “Core Service Hours” during which Cardinus’s service desk will be manned are as follows:; ; • UK service desk: Between 09.00 – 17.30 (GMT/BST) Monday to Friday, excluding bank and public holidays in the UK; ; ; The Customer may contact Cardinus’s service desk by email (support@cardinus.com) at any time or by telephone during Core Service Hours ((UK) 0207 469 0201
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A project manager is appointed to the client who works alongside the account manager to scope business requirements. These are developed into a project plan with timescales for the delivery of the individual elements. Project Management is carried out on-site as is training on the Management System. Further training can be delivered either on-site or as remote training subject to client requirements. We also deliver management system training remotely free of charge on a monthly basis. Full user guides are provided to administrators of the system.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Cardinus will either return the data to the client either as an excel spreadsheet or delete the data on your instruction via a SFTP site.
• End-of-contract process: The contract will cover user licenses, PACE database license, project management, configuration, training and automatic imports - these costs are normally one off costs unless further configuration, project management or training is required. The ongoing cost is the annual support fee.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service can work on mobile devices but is more effective on desktop or laptop devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: An administrator can create access credentials for the API via PACE system configuration. Once authenticated the API exposes the following functionality:; ; 1. Querying and downloading the data for:; • Users; • User’s progress through their programmes; • Assessment records; • Tasks; • Training history; 2. The creation and update of users without having to create them through the PACE web interface.; 3. Run reports with data returned in either CSV or JSON format. We have 19 generic reports available at launch with the potential for running bespoke reports via the API (Requires development time for implementation).; ; Creation of record types other than users won’t be supported in the first release of the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our solutions come with a built in editing tool where images and text can be changed easily. The client's logo will be added to the course and there are several options for branding of course content. Email templates can be configured to include headers, footers, logos and images. ; Master administrators will be provided with training so that they can carry out basic editing of the course. Further customisation requirements can be quoted for and these changes will be completed by our support and development teams.

Scaling

• Independence of resources: Service is continually monitored and extra capacity can be added on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Dashboards & reports through the PACE administration system.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The management system has a reporting tool that allows users to run reports and export to excel, HTML or PDF.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: If in any calendar month, Cardinus does not meet the availability target of 99.5%, the Customer will be entitled to a service credit against the next payable instalment of the Hosting and Support Services Fee. The deduction of service credits will be the Customer’s sole and exclusive remedy for Cardinus’s failure to meet the relevant availability target.; ; A (%) = (X - Y) ÷ (X - planned outages) x 100; ; “A" = the availability of the Software Services (expressed as a percentage);; “Y” = minutes of downtime in the relevant month which is attributable to any breach of contract or failure on the part of Cardinus or its service providers; ; “X” = total minutes in the calendar month (or in the case of the first calendar month during which the Software Services are provided, the total minutes from the Start Date until the end of the month).; ; If at the end of month availability is less than 99.5% the following service credits shall be payable; ; Availability Credit ; 99.00-99.49% 2.5%; 97.00-98.99% 5%; 95.00-96.99% 7.5%; 90.00-94.99% 10%; under 89.99% 12.5%
• Approach to resilience: All equipment is set up in a n+1/high availability configuration. Further information is available on request
• Outage reporting: Any outages are available via a public dashboard - http://status.cardinus.com; ; Planned outages are detailed in email alerts to the client base.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the management system is provided with a secure password system dependant on roles and responsibilities of the individual. Support is provided by dedicated staff with relevant sign off from the management team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 26/4/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001:2017 accreditation, managed by the IT Security Control Team (which includes board directors).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are requested through the Access/System Change Request process, requiring authorisation from senior IT management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Avoidance – abstaining from any activity which allows a threat to take advantage of vulnerability. ; Transfer – placing the onus of the consequence upon another person or organisation taking out insurance against loss or damage. This strategy is only useful for a subset of risks;; Treatment – minimising or reducing the consequences by implementing protective countermeasures against threats and having contingency plans in place to alleviate the consequences when they occur; or; Acceptance – reducing the risks (by mitigation or transfer) to an acceptable level which balances the cost of mitigation/transfer against the cost of the consequences.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Cardinus is committed to ensuring that the appropriate procedures are followed during any information security incident.; Any incident is notified to the IT Security Team immediately; We will assess each incident and follow the following steps in cases referring to the Information Security policy for details at each stage:; Preparation – identify the responsible manager, appropriate escalation process,contact list.; Identification – nature,escalation required; Containment – scope, required containment of issue; Eradication – removal,decision on requirement for preservation of evidence; Recovery – steps to return to BAU; Post Mortem – report on incident,decisions on areas for improvement
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: If you are aware of an actual or suspected incident you must contact the IT Security Control Team immediately. The IT Security Control Team is responsible for contacting third parties including THB Partners LLP (LLP) IT.; You should not attempt to resolve the issue on your own but ensure you provide the IT Security Control Team with detailed information of the incident together with any supporting information such as error logs.; IT Security Control Team will log all incidents in the Incident Register. The Incident Register is regularly reviewed by the Cardinus management team. Reports are produced from the register.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Our Healthy Working software provides detailed advice on how to work more comfortably whilst at your place of work, whether this is at home, office or agile working.; Following the training we also risk assess the users on whether they are in any discomfort which will then relate to their wellbeing. Further advice is then provided, again improving the user's wellbeing where appropriate.

Pricing

• Price: £1.50 to £1.50 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The Cardinus sales process is extremely transparent and we work to ensure our partners customers receive an outstanding experience working with Cardinus. We offer a free-of-charge evaluation with up to 5% of your global workforce.This evaluation provides return-on-investment data and a very transparent review by the delegates.
• Link to free trial: Please request this via www.cardinus.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.furlong@cardinus.com. Tell them what format you need. It will help if you say what assistive technology you use.