Software Application UK Hosting

CACI's service provides secure, highly available and scalable Saas like platform for software database applications. This includes rapid onboarding of local authority hosted databases and configuration of extended functions and services e.g. Data matching Hub, Data warehouse, 3rd party reporting tools, VPN connectivity, systems integration and automated data exchange.


  • Database onboarding
  • Platform Security and Resilience
  • PSN and NHSC Compliant
  • Systems Integration
  • Data Exchange
  • SaaS


  • OPEX vs CPEX
  • High Availability
  • Seamless Support
  • Continuous Application and Software Updates
  • Flexibile Systems Integration Options


£3,999 a virtual machine a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 5 0 9 3 0 2 8 7 3 8 9 4 5 4


CACI UK Ltd CACI Digital Marketplace Sales Team
Telephone: 0207 602 6000

Service scope

Service constraints
This service is for UK only hosting.
System requirements
Common browser access.

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide a web support and helpdesk portal to process customer issues, requests for support and software changes. We aim to deliver minimal downtime. When a serious fault (Severity 1 & 2) is reported, and an application is not available or unusable, we will immediately respond and diagnose the issue using our technical consultants. In our experience, this is typically within a couple of hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
CACI have reviewed inclusive features in Skype for Business / Microsoft Teams:

- Users with vision impairments can get shared content on their own devices. This lets them use their favourite assistive technologies, such as a screen reader or magnifier.
- Users with hearing impairments can get transcription services in real time, through Communication Access Realtime Translation (CART).
Onsite support
Yes, at extra cost
Support levels
All CACI’s customers receive a comprehensive support package as standard. This is included in the annual support and maintenance charge. Support is an area CACI is confident it over performs in; it’s constantly cited as one of the reasons why our customers partner with us, and why they stay with CACI. lation to our services and product development.
Support available to third parties

Onboarding and offboarding

Getting started
As applicable to the CACI application, we provide on-site training and user documentation.
Service documentation
Documentation formats
End-of-contract data extraction
We provide a Secure Data Transfer of customer data to enable customer extracting from the database
End-of-contract process
We provide a secure transfer of any database containing client information to the customer. On confirmation of receipt we will destroy the data on all hosting media and provide the customer confirmation of this.

Other services such as diassembling or extracting data on behalf of the customer will be at extra cost.

Using the service

Web browser interface
Using the web interface
Securely access database application functions according to user role.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
We are legally compliant regarding accessibility for people with special educational needs and/or disabilities. CACI ensures that appropriate assessments are carried out to assist people who need specific accessibility and that every effort is made available for anyone that requires additional help. We have experience of tailoring visual displays for people with visual impairment, for example. We would ensure that appropriate assessments, testing and developments were carried out and that any of our software products were developed to suit the needs of our customers.
What users can and can't do using the API
APIs for import, export are accessible via the application. API's for data exchange and configured on request
API automation tools
API documentation
Command line interface


Scaling available
Independence of resources
Configuration of VMs and contingency components suited to customer environment.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
Back-up virtualised environments, firewall configurations, complete virtual machines, databases
Backup controls
Back up retention is 3 months on offsite encrypted tapes.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
HTTPS ( TLS ) for webserver
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Data segregation through VLANs and strict AD NTFS permissions.

Availability and resilience

Guaranteed availability
Service availability is 99% between a 0800-1800 , Monday to Friday as standard.
Approach to resilience
Available on request.
Outage reporting
In the unlikely event of service outage an email alert would be sent to the user(s).

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Administrative access is via VPN 2-factor glass screen access only and restricted to a small number of administrators.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Other
Description of management access authentication
2-factor VPN.
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Certified by British Standards Institute for ISO27001 (cert # IS501477).
ISO/IEC 27001 accreditation date
Original Registration Date:11th April 2006 – last re-certification date was on the 6th July 2021 .
What the ISO/IEC 27001 doesn’t cover
Our ISO 27001 certification covers all CACI services, offices, and data centres.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Data Seal
  • Registered with the ICO Network and Information Systems (NIS) Directive.
  • ISO 9001 - this includes additional elements regarding security

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
CACI have implemented an Information Security Management System (ISMS) containing a set of policies and procedures for systematically managing sensitive data, systems and processes. Our ISMS uses the 27001 standard as a baseline.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are subject to our Change Control Policy, which forms part of our ISMS. All major and significant changes are peer reviewed and approved by the change advisory board (CAB) which delivers support to a change management team by approving requested changes and assisting in the assessment and prioritisation of changes.

Appropriate impacted stakeholders are notified before changes are applied.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Deployment of serves packs/updates is in accordance with our ISO27001 Patching Policy.

Patches are first deployed to a test group and only upon a successfully testing period are they deployed to the remained of the enterprise

All patches are deployed within 30 days. This is done automatically utilising windows WSUS. Critical patches are applied immediately.
Patches are first tested by Alpha and Beta testing groups before being rolled out to the organisation.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
IPS is used to identify potential threats and respond to them swiftly. It is configured to monitors network traffic, and take immediate action, based on a set of rules established by our network team. The Nessus vulnerability scanning product is used to detect vulnerabilities on systems and applications.
Incident management type
Supplier-defined controls
Incident management approach
All Security Incidents are recorded and documented in-line with our security incident policy and response procedure. For each incident, a root cause analysis is conducted and a corrective and preventative action is implemented to prevent or reduce the probability of the incident reoccurring in the future. If any incident involves data or systems belonging to a client, the account manager must inform the client within 2 working days of the incident occurring.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
Oracle VM
How shared infrastructure is kept separate
Each customer environment is installed on dedicated VMs, in dedicated VLANs.

Energy efficiency

Energy-efficient datacentres

Social Value

Fighting climate change

Fighting climate change

As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain.
This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:
-Awareness of environmental impact through procedures and controls
-Acceptance of responsibility through environmental management systems
-Reducing harmful impacts via environmental policies
-Displaying community responsibility via staff training and awareness

We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.
CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2050, with a baseline period set from July 2020 to June 2021. We project that carbon emissions for scope 1 and scope 2 will decrease over the next five years to 300 tCO2e by 2026. This is a reduction of 9% on the baseline.
CACI have purchased a licence for Carbon Expert Professional allowing tracking of Scope 1, 2 and 3 emissions, which allows us to robustly assess achievement of targets. Our CRP is reviewed and updated quarterly allowing regular tracking of emissions targets.
Covid-19 recovery

Covid-19 recovery

CACI has had to adapt significantly the COVID-19 pandemic struck. Our adaptations range widely across the business, including staff, supplier and customer engagement. By enabling remote working for staff and digital delivery from our supply chain, we have been able to continue delivering our services to customers.

In response to COVID-19, CACI has become a member of the Emergent Alliance (EA). EA is a not-for-profit community, aiming to better inform organisations, businesses and Government economic decision-making. It draws on a diverse collaboration of corporations, individuals, Non-Governmental Organisations (NGOs) and the Government.

Since the beginning of the pandemic, CACI’s immediate concern has been the safety and wellbeing of staff. As a leading business in the digital industry, we have adapted quickly to working remotely through the use of technology and training, with minimal impact on our staff or delivery of services.

CACI has implemented a range of measures by carrying out COVID-19 risk assessments, in line with government guidance, across all offices. These took account of staff numbers, layout and facilities. Steps put in place include:

-Enhanced cleaning regimes and better ventilation
-Hand sanitiser stations
-New desking plans and working regimes to maintain social distancing
-Clear COVID-19 signage located around offices
-Restrictions on communal areas, e.g. kitchens, toilets, stairs, walkways etc.
-Clear reporting and escalation protocol for breaches or reports of COVID-19.

As of today, we still maintain a hybrid working stance. We are conscious that the new-normal may mean more remote working than pre-COVID-19, and as an employer we are offering continued flexibility. This seeks to reduce travel and office occupancy.
Tackling economic inequality

Tackling economic inequality

CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services.
CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.
We are focussed on creating opportunities from the following groups who experience barriers to employment :
-Long term unemployed
-Armed forces veterans
-Mothers returning to work
-Care leavers
Equal opportunity

Equal opportunity

CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes.
CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces.
Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level.
CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment.

CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.
CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.


CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.
Promotion of an Open Culture around Mental Health:
-Team of 18 Mental Health First Aiders
-Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health

Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:
-Regular check-ins for staff and our contractor workforce
-Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing
-Free 24/7 professional counselling
-Private healthcare and health and wellbeing plan (extendable to family members/dependents)
-Employee Assistance Programme
-Discounted gym memberships
-Medical services
-Mental Health First Aider programme
-Stress assessments

Proactively ensure work design and organisational culture to drive positive mental health outcomes
-Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees
-Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities
-Open and honest communications at all levels throughout the organisation

Increased organisational confidence and capability:
-Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues
-Line Managers and Career Coaches trained in aspects of mental health

Provide mental health tools and support:
-Formal Mental Health First Aid Programme including a team of MHFAs
Increase transparency and accountability through internal and external reporting:
-Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement


£3,999 a virtual machine a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.