CACI UK Ltd

Cygnum Digital Workforce Management and Resource Planning

Cygnum is an innovative, intelligent digital solution that adapts to your changing needs. Delivering workforce management, case management and financial management in a single joined up solution, Cygnum helps to maximise efficiency and minimise costs. Empower your organisation to work smarter, improve services, reduce risk and be ready for change.

Features

• Sophisticated multi-resource scheduling including optimisation and digital wallchart view
• Implement casework and process with digital forms, contact and workflow
• User definable business rules to model triggers, actions and outcomes
• Manage financial planning, timesheets, expenses, pay & billing
• Utilise a scalable, highly performant and extensible single data source
• Report on live operational data with interactive dashboards and drilldown
• Use standard browsers on multi-devices for web and portal access
• Cygnum Mobile app accessing functionality in the field and offline
• Integrate with third-party systems using Open APIs and RESTful web-services
• Secure access including 2FA, single sign-on, and role-based authorisation

Benefits

• Reduce time on workforce scheduling and increase operational efficiency
• Ensure business processes are followed, delivering high quality output
• Easily model software to reflect specific or localised business practice
• Have assurance that your numbers are matching operational reality
• Single version of the truth for all operational data
• Make business decisions based on real-time data insight and analysis
• Access and use the system easily and intuitively
• View and capture data wherever you go regardless of signal
• Easily fit Cygnum into your IT landscape and share data
• Rest assured that your data is secure and accessed correctly

£66,332 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

518820771944264

Contact

CACI Digital Marketplace Sales Team
0207 602 6000
digital.marketplace@caci.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None, other than internet access. Planned maintenance is carried out with the client's knowledge at a time to ensure no or minimal disruption to the client's service.
• System requirements:
  • Web application: HTML5 web browser and connection to internet.
  • Mobile application: Android or iOS device and connection to internet.
  • For inTOUCH application: Android device and connection to the internet.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions can be submitted online at any time through CACI's support ticketing system. CACI application and technical support are available to respond 09:00 to 17:30 Monday to Friday, and at other times by special arrangement.; ; Whilst CACI will always endeavour to respond to questions as soon as practicable, specific SLAs for response times are as follows:; ; Priority 0: Loss of service: 15 minutes; Priority 1: Service failure with no workaround: 30 minutes; Priority 2: Service failure with practicable workaround: 48 hours; Priority 3: Application fault with minor impact, or general query: 4 weeks
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Microsoft publish compliance information regarding Teams and other products' compatibility with assistive technology here: https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/; ; CACI has not conducted any testing of Teams or other Microsoft products with assistive technology.
• Onsite support: Yes, at extra cost
• Support levels: CACI's standard support level, included in our pricing, provides a full solution support desk operated by CACI's Customer Care Team 09:00 to 17:30 Monday to Friday excluding bank holidays. ; ; Our standard SLA for fault resolution is:; ; Priority 0: Loss of service: 15 minutes response, 4 hour resolution; Priority 1: Service failure with no workaround: 30 minutes response, 10 working day resolution; Priority 2: Service failure with practicable workaround: 48 hours response, 8 week resolution; Priority 3: Application fault with minor impact: 4 weeks response, 12 week resolution; ; Enhanced SLAs can be arranged on request.; ; All clients will have a dedicated account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: CACI will confirm all customer requirements for configuration and implementation including training during requirements gathering and implementation. ; ; Typically, we offer an initial onsite kick-off meeting with the customer at a suitable location (onsite or nearby) and agree the method and types of users to receive training, this will depend on the customer service needs, number and location of users that require training. ; ; Cygnum training sessions are designed to be interactive and are delivered by knowledgeable and experienced consultants, with in-depth knowledge of the solution. Full training documentation will be supplied, as well as user and how-to guides, regular advice notices and webinars.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: DOCX (Microsoft Word)
• End-of-contract data extraction: The embedded reporting tools allow for full data extraction by the user. Where applicable and as needed, CACI can be commissioned to assist with the extraction as agreed on a case by case basis. As an option, CACI can provide additional (costed) services for Certified Drive Erasure or Disk Destruction through independent 3rd parties.
• End-of-contract process: As part of the contract discussions with new clients we would be happy to discuss and agree an exit plan from the contract if required. If a customer chooses not to renew their contract, and once written confirmation is received, we will then implement any processes agreed as part of that plan.; ; If it has been agreed as part of that plan that all customer data will be extracted from Cygnum and the client requires assistance doing this, then there will be an additional charge. Upon confirmation that all is in order, we then clear the customer instance of Cygnum and shut it down, providing written confirmation to the customer that this has taken place and that we have securely destroyed all their data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functionality presented through the Cygnum web application is available on mobile and desktop. When using the application on mobile or tablet, the user interface is optimised as follows:; ; - Larger font; - Screen estate optimisation - reduction of top bar and remaining application top bar "rolls away" when scrolling down the app; - Reduction on need for keying by pick-up list shown by default (where applicable); ; Cygnum Mobile is specifically designed for mobile devices and uses native interface controls. It is designed to work seamlessly in and out of signal, synchronising automatically with Cygnum.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users access the Cygnum service through an HTML5 compatible web browser. No client-side installation is required.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Internal testing has been carried out during the development of Cygnum to optimise access and usability for customers, i.e. colour schemes, fonts and page layouts. Cygnum is fully compatible with the accessibility features of the leading web browsers; Internet Explorer, Firefox and Chrome. CACI has experience of tailoring visual displays for users with visual impairment, and can discuss specific requirements on a customer-by-customer basis.
• API: Yes
• What users can and can't do using the API: Cygnum has been designed to be open and interoperable, its integration and analytics engines allow bi-directional third-party integration and data extraction. Cygnum uses an engine based on open API 3.0 REST standards with capability to expose transactions as a RESTful web service. ; ; Cygnum transactions can be easily converted to RESTful API interfaces and this information can be imported or exported to a 3rd party solution, in order to make changes.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Cygnum can be customised during implementation to include a number of different modules, generate specific reporting, dashboards, user permissions and role-based settings etc. During the implementation phase the CACI project team will work with the client to understand their business requirements and advise on the best combination of modules and related functionality.; User roles and access can also be customised. The security module allows the creation of multiple roles. Each role created is assigned permissions to determine the actions allowed for the role at individual screen level. Access permissions for each screen can be deny access, read only, edit existing records, add new records etc. Users can also customise their personal dashboard, generate specific reports and include / remove certain windows and sections of information based on relevance to the user's work. After training users will be able to define their own business rules, workflows and edit and build Input and Output forms for data collection. Dependent on the permissions a user has for example, input form software allows a trained user to create their own electronic forms to capture non-standard data. Output forms allows a creation of formatted documents from any data held in the Cygnum database.

Scaling

• Independence of resources: The service is provided as a dedicated tenant for each user. Therefore, the demand of one user does not affect other users.

Analytics

• Service usage metrics: Yes
• Metrics types: CACI provide metrics on service availability, incident response and resolution times.; ; Note that CACI monitor metrics from infrastructure and security components in order to pro-actively maximise availability and minimise incidents.; ; The Cygnum application includes a dashboard for customers to monitor the health of key service components. This includes email alerting where service performance falls below configurable thresholds.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The embedded reporting tools allow enable data to be exported by the user in Excel or CSV format.; ; Where applicable and as needed, CACI can be commissioned to export data as agreed on a case by case basis, including to other formats such as XML and JSON.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLXS - standard Excel format
  • SLK - Open format for excel documents
  • PDF - applicable for Output Forms only
  • RTF - Open format for word documents
  • HTML - data exported in standard stylesheet
  • Customised formats (upon request)
  • XML - default XML schema, users can create their own
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • ODBC sources
  • TXT
  • XML
  • REST

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: System availability is over 99.5%. ; ; Anticipated downtime for upgrades and other planned maintenance is agreed in advance with the customer to avoid any impact during busy periods. This proactive approach enables communications to be sent to the user base prior to release. Any service credits agreed for not meeting the system availability will be negotiated during contract discussions.
• Approach to resilience: CACI Cloud solutions use AWS and have at least two connections terminating on different devices at a single location. Such a topology helps in the case of the device failure at a location but does not help in the event of a total location failure. For additional resilience clients, use multiple dynamically routed, rather than statically routed, connections to AWS at multiple AWS Direct Connect locations. This will allow remote connections to fail over automatically. Dynamic routing also enables remote connections to automatically leverage available preferred routes, if applicable, to the on-premises network. Highly resilient connections require redundant hardware, even when connecting from the same physical location. If high resilience is required, clients should avoid relying on a single on-premises device connecting to a single AWS Direct Connect device. Also, avoid relying on AWS Managed VPN as backup for connections that are greater than 1Gbps.; The cost of the solution provided will depend on the level of resilience required.
• Outage reporting: In the unlikely event of service outage an email alert would be sent to the user(s) from CACI Customer Care Team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Cygnum is governed throughout by role-based security, including specific user actions such as who can publish and who can access specific data fields for reporting. Cygnum’s inbuilt security functionality is extensive, robust and highly configurable. Using a parent/child hierarchy principle, users have security settings applied by default based on their position in the organisational breakdown structure. Security can apply to menu paths, screens, and reports, only allowing certain staff to access certain functions as appropriate. Cygnum defines functional permissions at a hierarchical security group level, to which individuals’ user accounts are linked.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified by the British Standards Institute (BSI) for ISO 27001.
• ISO/IEC 27001 accreditation date: Original Registration Date:11th April 2006 – last re-certification date was on the 6th July 2021 .
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers all CACI services, offices, and data centres.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001 - this includes additional elements regarding security
  • Data Seal - DS 27001/1-2014
  • Registered with the ICO - Network and Information Systems Directive

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CACI also holds Data Seal.; CACI are registered with the ICO under the Network and Information Systems (NIS) Directive.; Additionally, CACI holds ISO/IEC standards in 9001:2015 Quality Management Systems (QMS), ISO/IEC 20000-1 Service Management System (SMS) and ISO/IEC 14001 Environmental management (EMS).
• Information security policies and processes: CACI have implemented an Information Security Management System (ISMS) containing a set of policies, procedures, and technical controls for systematically managing sensitive data, systems, and processes. The foundation of our ISMS is designed in accordance with the ISO27000 series of international standards, industry best practices and regulatory controls. ; We have also adopted the security best practices detailed within the National Cyber Security Centre’s 14 Cloud Security Principles, 10 Steps to Cyber Security and 12 Supply Chain Prin-ciples along with the Government’s Technology Code of Practice into our Information Securi-ty Management System (ISMS) and these form part of business-as-usual operations.; CACI maintains a Risk Management program to mitigate and manage risk companywide. Risk assessments are performed at least annually to ensure appropriate controls are in place to help reduce the risk related to the confidentiality, integrity, and availability of sensitive in-formation.; We maintain ongoing initiatives intended to help minimise the risks associated with human error, theft, fraud, and misuse of facilities. These initiatives include screening, confidentiality agreements, security awareness education and training, and enforcement of disciplinary actions.; Regular audits and a large number of KPI metrics are used to monitor and demonstrate compliance and the continued effectiveness of CACI’s ISMS.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the Change Advisory Board which delivers support to Change Management team who approve, assess, prioritise.; All changes are subject to our Change Control Policy. Where there is the possibility of an impact to user activity, stakeholders are notified for feedback.; Changes are then forwarded to Change Managers for CAB approval, who append plans when appropriate.; Robust systems acceptance testing processes have been established for all new information systems, upgrades, and new versions, conducted by a dedicated Quality Assurance team, ensuring no security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CACI has a comprehensive vulnerability management program that includes conducting weekly vulnerability scans on critical systems and applications. ; New patches are promptly risk assessed and prioritised based on the severity of the vulnerability and the threat intelligence available.; Where an Emergency patch poses an imminent threat to the network it is installed without undue delay. ; All other Windows patches are installed within 14 days of receipt. ; Our system administrators subscribe to alerts and publications to ensure new are emerging threats are countered promptly and effectively and that new Technologies and security best practices are assessed and adopted where appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Robust security logging and alerting controls are in place to capture events in order to prevent security incidents and malpractices, including Active Directory, Intrusion Protection System (IPS) and Data Loss Prevention (DLP). ; Solutions are also in place to monitor systems and alert administrators of possible capacity, and resource problems.; Logs are stored centrally and reviewed on a daily basis. ; CACI has robust and mature incident response plans and processes and business continuity management to minimise the impact of a cyber-security attack or incident. ; Our Security Teams consultants are available 24/7 to react and respond to critical security and infrastructure events.
• Incident management type: Supplier-defined controls
• Incident management approach: All employees are required to report any real, perceived, or potential security incidents that may affect the confidentiality, integrity, or availability of data. ; All Security Incidents are recorded in-line with our Security Incident Policy and Response Procedure, for each incident a root cause analysis is conducted, a corrective action undertaken, and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future.; CACI’s cyber security management programme includes cyber incident response plans, advanced technical controls, operation resilience and business continuity management to minimise the impact of a cyber-security attack or incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a supplier primarily of professional IT services, CACI’s environmental impact is minimal. However, we are constantly looking at how we can operate more efficiently in our fight towards climate change. We are working towards a Net Zero Carbon business model through our delivery to our customers as promoting this to our supply chain. ; This commitment is demonstrated by our achievement of ISO14001 accreditation, which we have held for nine years. To attain this standard, we ensure our Environment Management System (EMS) met the following requirements:; -Awareness of environmental impact through procedures and controls; -Acceptance of responsibility through environmental management systems; -Reducing harmful impacts via environmental policies; -Displaying community responsibility via staff training and awareness; ; We are fully committed to working towards a circular economy approach and where practically possible CACI select the most sustainable means to operate its facilities We remain aware of any and all opportunities to share, lease, reuse, repair, refurbish and recycle existing materials and products. That includes using recycled paper, enforcing double sided printing, and using Energy Star devices. Our recycling policy includes energy/water consumption, waste materials and paper use.; CACI has an agreed Carbon Reduction Plan (CRP) which is in implementation and is published on our website. This includes a set of carbon reduction targets up until 2040, with a baseline period set from July 2020 to June 2021.

  Tackling economic inequality

  CACI is dedicated to creating employment opportunities, working with local suppliers and hiring local people. We adjust our recruitment and training processes to focus on attributes rather than qualifications, which could exclude those from a disadvantaged background or deprived areas. Inclusivity and accessibility are encouraged via unconscious bias education and positive and inclusive designs, accessible capabilities, and inclusivity in gathering requirements for digital services. For example, we work closely with the National Autistic Society and Autism at Work to create an inclusive recruitment process, actively supporting neurodiverse candidates to flourish.; CACI works with a number of outreach organisations to develop and attract individuals from minority groups into the cyber security sector, including CyberFirst. A number of our employees volunteer as Ambassadors to this NCSC led government outreach programme. This is a reflection of our belief in the programme’s mission, to develop a sustainable and diverse talent pipeline into the cyber security industry. The majority of the programme’s focus is on students in UK schools, to improve issues with massive student dropout from IT education.; ; CACI has pledged to promote equality of opportunity within our supply chain, and work with a diverse range, including specialist Small and Medium Enterprise (SME)s. Our network is diverse and wide ranging in terms of skill set, age of business, make up of employees, geographical location, and therefore varying business cultures and diversity of individuals.; We are focussed on creating opportunities from the following groups who experience barriers to employment :; -Long term unemployed; -Armed forces veterans; -Mothers returning to work; -Care leavers

  Equal opportunity

  CACI’s Equal Opportunities policy formalises our approach to not discriminate against any employee on the basis of sex or sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy or maternity or other characteristics defined in anti-discrimination legislation (Protected Characteristics), or trade union membership or the fact that they are a part-time worker or a fixed-term employee. Our employees and applicants for employment with CACI are not disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. ; CACI is dedicated to ensuring our work environment, operational delivery and recruitment processes accommodate people with disabilities. Adjustments are made to ensure that those with disabilities are included and supported in our workplaces. ; Our Workplace Adjustment Passport (WAP) enables employees to declare a disability, workplace adjustments are driven at company level. ; CACI has signed up to the Disability Confident Scheme, formalising our commitment to play a lead role in changing attitudes for the better. We aim to successfully employ and retain disabled people and/or those with health conditions. When designing internal training or selecting an external partner, staff are consulted to capture any specialist needs to tailor sessions, including location, means of delivery and materials. This ensures all staff can develop in a comfortable and accessible environment . ; CACI also works closely with the National Autistic Society to create an inclusive recruitment process, partnering with their Autism at Work programme; actively supporting neurodiverse candidates to flourish.; CACI have funded the creation of a number of staff networks, where employees with protected characteristics have time and resources to share ideas and support in a safe private environment. CACI have also offered specific training and talks from speakers related to these characteristics.

  Wellbeing

  CACI has a range of comprehensive support initiatives that have been implemented to aid the health and wellbeing of our workforce (including contractors). Below is a comprehensive list, with specific reference to the six standards of Mental Health at Work commitment.; Promotion of an Open Culture around Mental Health:; -Team of 18 Mental Health First Aiders; -Conduct regular drop-in sessions for all staff, delivered by a Mental Health First Aider Team, focus on a particular element of Mental Health; ; Prioritising Mental Health in the Workplace by developing and delivering a systematic programme of activity:; -Regular check-ins for staff and our contractor workforce; -Annual Staff Satisfaction Survey, which includes a section on Health & Wellbeing; -Free 24/7 professional counselling ; -Private healthcare and health and wellbeing plan (extendable to family members/dependents); -Employee Assistance Programme; -Discounted gym memberships; -Physiotherapy; -Medical services; -Mental Health First Aider programme; -Stress assessments; ; Proactively ensure work design and organisational culture to drive positive mental health outcomes; -Comprehensive property and facilities management, ensuring modern, comfortable and state of the art technology for all employees; -Distributed Working Programme, allowing employees and contractors to structure their working week in a way that suits their preference and personal commitments whilst delivering against their work accountabilities; -Open and honest communications at all levels throughout the organisation; ; Increased organisational confidence and capability:; -Dedicated area of our company intranet for mental health and wellbeing, including various supporting resources and colleagues; -Line Managers and Career Coaches trained in aspects of mental health; ; Provide mental health tools and support:; -Formal Mental Health First Aid Programme including a team of MHFAs; Increase transparency and accountability through internal and external reporting: ; -Publish the results of our annual staff satisfaction survey to all staff. Includes Mental Health and Wellbeing, actions taken and areas for improvement

Pricing

• Price: £66,332 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.