CACI UK Ltd

Software Application UK Hosting

CACI's service provides secure, highly available and scalable Saas like platform for software database applications. This includes rapid onboarding of local authority hosted databases and configuration of extended functions and services e.g. Data matching Hub, Data warehouse, 3rd party reporting tools, VPN connectivity, systems integration and automated data exchange.

Features

• Database onboarding
• Platform Security and Resilience
• PSN and NHSC Compliant
• VPN COCO
• Systems Integration
• Data Exchange
• SaaS

Benefits

• OPEX vs CPEX
• High Availability
• Seamless Support
• Continuous Application and Software Updates
• Flexibile Systems Integration Options

£3,999 a virtual machine a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

350930287389454

Contact

CACI Digital Marketplace Sales Team
0207 602 6000
digital.marketplace@caci.co.uk

Service scope

• Service constraints: This service is for UK only hosting.
• System requirements: Common browser access.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide a web support and helpdesk portal to process customer issues, requests for support and software changes. We aim to deliver minimal downtime. When a serious fault (Severity 1 & 2) is reported, and an application is not available or unusable, we will immediately respond and diagnose the issue using our technical consultants. In our experience, this is typically within a couple of hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: CACI have reviewed inclusive features in Skype for Business / Microsoft Teams:; ; - Users with vision impairments can get shared content on their own devices. This lets them use their favourite assistive technologies, such as a screen reader or magnifier.; - Users with hearing impairments can get transcription services in real time, through Communication Access Realtime Translation (CART).
• Onsite support: Yes, at extra cost
• Support levels: All CACI’s customers receive a comprehensive support package as standard. This is included in the annual support and maintenance charge. Support is an area CACI is confident it over performs in; it’s constantly cited as one of the reasons why our customers partner with us, and why they stay with CACI. lation to our services and product development.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: As applicable to the CACI application, we provide on-site training and user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We provide a Secure Data Transfer of customer data to enable customer extracting from the database
• End-of-contract process: We provide a secure transfer of any database containing client information to the customer. On confirmation of receipt we will destroy the data on all hosting media and provide the customer confirmation of this. ; ; Other services such as diassembling or extracting data on behalf of the customer will be at extra cost.

Using the service

• Web browser interface: Yes
• Using the web interface: Securely access database application functions according to user role.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We are legally compliant regarding accessibility for people with special educational needs and/or disabilities. CACI ensures that appropriate assessments are carried out to assist people who need specific accessibility and that every effort is made available for anyone that requires additional help. We have experience of tailoring visual displays for people with visual impairment, for example. We would ensure that appropriate assessments, testing and developments were carried out and that any of our software products were developed to suit the needs of our customers.
• API: Yes
• What users can and can't do using the API: APIs for import, export are accessible via the application. API's for data exchange and configured on request
• API automation tools: Other
• API documentation: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Configuration of VMs and contingency components suited to customer environment.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Back-up virtualised environments, firewall configurations, complete virtual machines, databases
• Backup controls: Back up retention is 3 months on offsite encrypted tapes.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: HTTPS ( TLS ) for webserver
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Data segregation through VLANs and strict AD NTFS permissions.

Availability and resilience

• Guaranteed availability: Service availability is 99% between a 0800-1800 , Monday to Friday as standard.
• Approach to resilience: Available on request.
• Outage reporting: In the unlikely event of service outage an email alert would be sent to the user(s).

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Administrative access is via VPN 2-factor glass screen access only and restricted to a small number of administrators.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Other
• Description of management access authentication: 2-factor VPN.
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified by British Standards Institute for ISO27001 (cert # IS501477).
• ISO/IEC 27001 accreditation date: Original Registration Date:11th April 2006 – last re-certification date was on the 6th July 2021 .
• What the ISO/IEC 27001 doesn’t cover: Our ISO 27001 certification covers all CACI services, offices, and data centres.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Data Seal
  • Registered with the ICO Network and Information Systems (NIS) Directive.
  • ISO 9001 - this includes additional elements regarding security

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CACI have implemented an Information Security Management System (ISMS) containing a set of policies and procedures for systematically managing sensitive data, systems and processes. Our ISMS uses the 27001 standard as a baseline.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are subject to our Change Control Policy, which forms part of our ISMS. All major and significant changes are peer reviewed and approved by the change advisory board (CAB) which delivers support to a change management team by approving requested changes and assisting in the assessment and prioritisation of changes.; ; Appropriate impacted stakeholders are notified before changes are applied.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Deployment of serves packs/updates is in accordance with our ISO27001 Patching Policy.; ; Patches are first deployed to a test group and only upon a successfully testing period are they deployed to the remained of the enterprise; ; All patches are deployed within 30 days. This is done automatically utilising windows WSUS. Critical patches are applied immediately.; Patches are first tested by Alpha and Beta testing groups before being rolled out to the organisation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: IPS is used to identify potential threats and respond to them swiftly. It is configured to monitors network traffic, and take immediate action, based on a set of rules established by our network team. The Nessus vulnerability scanning product is used to detect vulnerabilities on systems and applications.
• Incident management type: Supplier-defined controls
• Incident management approach: All Security Incidents are recorded and documented in-line with our security incident policy and response procedure. For each incident, a root cause analysis is conducted and a corrective and preventative action is implemented to prevent or reduce the probability of the incident reoccurring in the future. If any incident involves data or systems belonging to a client, the account manager must inform the client within 2 working days of the incident occurring.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Oracle VM
• How shared infrastructure is kept separate: Each customer environment is installed on dedicated VMs, in dedicated VLANs.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain. ; This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:; -Awareness of environmental impact through procedures and controls; -Acceptance of responsibility through environmental management systems; -Reducing harmful impacts via environmental policies; -Displaying community responsibility via staff training and awareness; ; We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.; CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2050, with a baseline period set from July 2020 to June 2021. We project that carbon emissions for scope 1 and scope 2 will decrease over the next five years to 300 tCO2e by 2026. This is a reduction of 9% on the baseline. ; CACI have purchased a licence for Carbon Expert Professional allowing tracking of Scope 1, 2 and 3 emissions, which allows us to robustly assess achievement of targets. Our CRP is reviewed and updated quarterly allowing regular tracking of emissions targets.
• Covid-19 recovery:

  Covid-19 recovery

  CACI has had to adapt significantly the COVID-19 pandemic struck. Our adaptations range widely across the business, including staff, supplier and customer engagement. By enabling remote working for staff and digital delivery from our supply chain, we have been able to continue delivering our services to customers. ; ; In response to COVID-19, CACI has become a member of the Emergent Alliance (EA). EA is a not-for-profit community, aiming to better inform organisations, businesses and Government economic decision-making. It draws on a diverse collaboration of corporations, individuals, Non-Governmental Organisations (NGOs) and the Government. ; ; Since the beginning of the pandemic, CACI’s immediate concern has been the safety and wellbeing of staff. As a leading business in the digital industry, we have adapted quickly to working remotely through the use of technology and training, with minimal impact on our staff or delivery of services. ; ; CACI has implemented a range of measures by carrying out COVID-19 risk assessments, in line with government guidance, across all offices. These took account of staff numbers, layout and facilities. Steps put in place include: ; ; -Enhanced cleaning regimes and better ventilation ; -Hand sanitiser stations ; -New desking plans and working regimes to maintain social distancing; -Clear COVID-19 signage located around offices; -Restrictions on communal areas, e.g. kitchens, toilets, stairs, walkways etc.; -Clear reporting and escalation protocol for breaches or reports of COVID-19. ; ; As of today, we still maintain a hybrid working stance. We are conscious that the new-normal may mean more remote working than pre-COVID-19, and as an employer we are offering continued flexibility. This seeks to reduce travel and office occupancy.
• Tackling economic inequality:

  Tackling economic inequality

  CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services.; CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.; We are focussed on creating opportunities from the following groups who experience barriers to employment :; -Long term unemployed; -Armed forces veterans; -Mothers returning to work; -Care leavers
• Equal opportunity:

  Equal opportunity

  CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. ; CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces. ; Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level. ; CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment. ; ; CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.; CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.
• Wellbeing:

  Wellbeing

  CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.; Promotion of an Open Culture around Mental Health:; -Team of 18 Mental Health First Aiders; -Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health; ; Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:; -Regular check-ins for staff and our contractor workforce; -Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing; -Free 24/7 professional counselling ; -Private healthcare and health and wellbeing plan (extendable to family members/dependents); -Employee Assistance Programme; -Discounted gym memberships; -Physiotherapy; -Medical services; -Mental Health First Aider programme; -Stress assessments; ; Proactively ensure work design and organisational culture to drive positive mental health outcomes; -Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees; -Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities; -Open and honest communications at all levels throughout the organisation; ; Increased organisational confidence and capability:; -Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues; -Line Managers and Career Coaches trained in aspects of mental health; ; Provide mental health tools and support:; -Formal Mental Health First Aid Programme including a team of MHFAs; Increase transparency and accountability through internal and external reporting: ; -Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

• Price: £3,999 a virtual machine a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.