CACI UK Ltd

CACI Impulse - Education Management Information System

Impulse is a modular, web-based education management system that enables greater efficiency by using a centralised, core pupil record. Impulse provides a holistic view of a child's educational activity and their family circumstances, through advanced reporting functionality, portals and dashboards with optimised mobile accessibility.

Features

  • Single database application with a centralised core pupil record
  • Flexible, modular offering fulfilling specific education department requirements
  • Management information system with analytics and powerful reporting
  • Information portals for parents, school, local authorities to access
  • Web-based, mobile optimised with self-service and service redesign
  • Secure, compliant system enabling multi-user access and information dashboards
  • Admissions, Transfers, Appeals, SEND, Social Inclusion, Early years
  • Education Psychology, Child Protection, Results & Tracking, Governors
  • Welfare Benefits, Specialist Support Services & Music modules
  • Powerful HUB data-matching engine that collaborates, synchronises, cleanses data

Benefits

  • Dramatically improves internal processes, affordably and efficiently
  • Broadens view of child’s journey through the education system
  • Improves integration and quality of data from other agencies
  • Robust, mature system which works excellently at scale
  • Multi-professional case management; supports better collaboration to safeguard children
  • Intensive support provided by Trusted Advisors with domain expertise
  • Excellent value for money with tangible time-saving results
  • Experienced people, methodology and values; more effective implementation
  • Rapid data entry toolkit to save staff time and effort
  • Meaningful analytics, dashboards, visualisations using live data (with drilldown)

Pricing

£35000 per licence per year

  • Education pricing available

Service documents

G-Cloud 11

209305438031207

CACI UK Ltd

CACI Digital Marketplace Sales Team

0207 602 6000

digital.marketplace@caci.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None, other than internet access
System requirements Appropriate browser enabled device and connection to the internet.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times CACI provide web support and a helpdesk portal 24/7 to process customer issues, requests for support and software changes.

ChildView is a highly secure and available system and several aspects of the application are business-critical, so we aim to deliver maximum uptime.

Application and technical support is available 08:00 to 1800 and at other times by arrangement. If a serious fault (Severity 1 & 2) is reported, and the system is not available or unusable, we will immediately respond and diagnose the issue using our technical consultants. This is typically within two hours if it relates to the software.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing CACI have reviewed inclusive features in Skype for Business:

- Users with vision impairments can get shared content on their own devices. This lets them use their favorite assistive technologies, such as a screen reader or magnifier.
- Users with hearing impairments can get transcription services in real time, through Communication Access Realtime Translation (CART).
Onsite support Yes, at extra cost
Support levels All CACI’s customers receive a comprehensive support package as standard. This is included in the annual support and maintenance charge. Support is an area CACI is confident it over performs in; it’s constantly cited as one of the reasons why our customers partner with us, and why they stay with CACI.

All first line customer care consultants are attuned to practice issues and know how important it is, and are committed to, turning technical issues around quickly when they are affecting a child’s life.

Although our Service Level Agreement (SLA) is focused on service requests, >80% of our support time is spent providing advice to help customers optimise their use of Impulse and its diverse features. We are proud of this level of engagement and certain this is a uniquely beneficial feature of our service, compared to other providers.

Another popular benefit is CACI’s regular engagement with our userbase. We hold regional user conferences, webinars, workshops and actively encourage our userbase to engage with each other, both to help with best practice and to communicate in relation to CACI’s services and the development of Impulse.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started CACI will confirm all customer requirements for configuration and implementation including training as well as a service start date.

Typically, we offer an initial onsite kick-off meeting with the customer at a suitable location (onsite or nearby) and agree the method and types of users to receive training, this will depend on the customer service needs, number and location of users that require training.
Impulse training sessions are designed to be interactive and are delivered by knowledgeable and experienced consultants, with in-depth knowledge of the solution. Full training documentation will be supplied, as well as user and how-to guides, regular advice notices and webinars.

We continuously improve our software design, implementation, testing and deployment processes. We provide a complete service to manage Impluse, software upgrades and data backups, for example, to fully comply with statutory application and security requirements etc. Three service pack updates are scheduled in consultation with the customer annually.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Onboarding documentation is available on-line, complimentary to our on-site, specialist training package. Off boarding documentation is available on request.
End-of-contract process If a customer chooses not to renew, and once written confirmation is received, we will agree a date on which we are to carry out the data extract. Once carried out it is then securely provided to the customer.

Upon confirmation that all is in order, we then clear Impulse and shut it down, providing written confirmation to the customer that this has taken place and that we have securely destroyed all their data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The standard ChildView service works on mobile devices, such as tablets. Extensions to ChildView, for example Search, Capture and Analytics, are fully optimised to work on mobile phones and tablets.
Service interface Yes
Description of service interface There is a secure, device-adaptive web browser interface to the service.
Accessibility standards WCAG 2.1 AAA
Accessibility testing Testing has been carried out in order to meet specific customers requirements to assist their users with specific accessibility needs e.g. JAWS. CACI has experience of tailoring visual displays for users with visual impairment, for example. Upon contract start CACI's team will discuss any specific requirements before Impluse is implemented.
API Yes
What users can and can't do using the API Impulse can interface and integrate with a range of modern systems.

CACI can reference examples of similar interfacing and integration, for example, automatic updating of education training attendance and attainment, care status and looked after children's placements, police notifications etc.

In addition to offering generic interfacing and inter-operability with other 3rd party systems, Impulse provides a web service application programming interface. We have also developed RESTful interfacing with Impulse to enable interfacing with mobile software devices as well as for other purposes.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Impulse can be customised at a service level to include a number of different modules, generate specific reporting, dashboards, user permissions and role-based settings.

Users can also customise their personal dashboard, generate specific reports and include / remove certain windows and sections of information based on relevance to the users work.

We also offer systems integration options. These are configured as options and require the Impulse Hub matching and systems integration product. The number and type of feeds to Local, Regional and Government systems is virtually unlimited.

Scaling

Scaling
Independence of resources Regular testing and enhancements to our service and hardware are conducted. Up-time and performance assurances are provided in our SLAs.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service metrics can be provided on usage of Impulse with various user-defined variables.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach ChildView uses an integrated reporting and filtering system for users to define precisely the data that users want to extract themselves.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network CACI use a mixture of these protection protocols across the CACI network, relating to different projects and the scale / security levels required.

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99% availability, using the following definitions:

• Network resilience is defined as recovery in less than 2 hours
• Physical Machine resilience is defined as less than 5 minutes
• Virtual Machine resilience is defined as less than 15 minutes
• Data Center recovery is defined as less than 1 hour (if secondary site option purchased)
Approach to resilience CACI has various contingencies in place including:

- N+1 best practice and physical arrangements in our accredited UK data centres.
- Environmental protection includes gas and fire suppression systems, N+1 air-conditioning systems with nothing combustible stored on site.
- CACI also operate contingent power, computing and network capacity which includes highly resilient HP RAID technology.

Further information about resilience of our service is available on request.
Outage reporting Email alerts and phone calls.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Username and password plus internal processes, audited in accordance with ISO 9001 and ISO 27001 protocols.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 19-07-2016
What the ISO/IEC 27001 doesn’t cover Not applicable
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 9001 - this includes additional elements regarding security
  • Data Seal - DS 27001/1-2014
  • Cyber Essentials certification - CES-CSR-10006

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Security Plus
Information security policies and processes CACI provides systems integration, software applications and consultancy services to customers from across the public and private sectors. We manage sensitive data on behalf of our customers ensuring that the confidentiality, integrity and availability of information is maintained always.

CACI is dedicated to protecting all customer data and systems using industry best practise for security. We have implemented an Information Security Management System (ISMS) containing policies, procedures and robust technical controls to systematically manage sensitive data, systems and processes in accordance with ISO 27001:2013.

Our customers demand the highest levels of data security, and our ISMS is subject to regular rigorous internal & external audits by our customers. CACI has been certified by the British standards Institute to ISO 27001 since 2006, cert # IS501477, covering all CACI offices and data centers, demonstrating our commitment to information security. We also hold Data Seal, cert # DS 27001/1-2014 and Cyber Essentials certification, cert # CES-CSR-10006.

All our systems are installed on highly available hardware in CACI owned data centres, backed up nightly on offsite encrypted media, patched regularly, while being protected by high-end firewall systems, intrusion detection and antivirus systems. Complete network penetration tests are performed annually by independent third parties.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the change advisory board (CAB) which delivers support to a change management team by approve, assess, prioritise the requested changes.

All changes are subject to our Change Control Policy. Where there’s the possibility of an impact to user activity, the appropriate stakeholders are notified for feedback.

Changes are forwarded to Change managers for CAB approval, who may append plans when appropriate.

Robust systems acceptance testing processes have been established for all new information systems, upgrades and new versions, conducted by dedicated quality assurance team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Independent penetration testing is conducted annually. Regular vulnerabilities scans are conducted utilising the Nessus vulnerability scanning product. CACI’s in-house cloud hosting solution has an independent IT Health Check and approved for government PSN standards.

Deployment of service packs / updates are in accordance with ISO27001 policy; first to a test group then after a successful testing period deployed to the remainder. Critical patches are applied immediately. Systems / applications are routinely updated/ patched to the latest release levels to ensure best practices for security via leading security applications, alerts, publications to counter new / emerging threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Active Directory event logging is enforced and captures all appropriate events to prevent security incidents and malpractices. Systems are additionally monitored via Quest Change Auditor software, a dedicated security logging tool, which audits the activities taking place within our infrastructure and delivers detailed information about vital changes and activities as they occur to all peer administrators, including the IP address of the originating workstation, where and when it occurred, along with before and after values.

Checkpoint's SmartCenter and HP Systems Insight Manager (HP SIM) is used to monitor systems and alert administrators of possible security, capacity or resource problems.
Incident management type Supplier-defined controls
Incident management approach All Security Incidents are recorded and documented in-line with our security incident policy and response procedure, for each incident a root cause analysis is conducted and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future. A Security Incident Support call is raised to the Projects & Security team within the Technology Department. The support call requires analysis, corrective action and preventative action to be recorded.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Other
Other public sector networks CACI provide connectivity to DfE eligibility checking service.

Pricing

Pricing
Price £35000 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑