CACI UK Ltd

CACI Impulse - Education Management Information System

Impulse is a modular, web-based education management system that enables greater efficiency by using a centralised, core pupil record. Impulse provides a holistic view of a child's educational activity and their family circumstances, through advanced reporting functionality, portals and dashboards with optimised mobile accessibility.

Features

  • Single database application with a centralised core pupil record
  • Flexible, modular offering fulfilling specific education department requirements
  • Management information system with analytics and powerful reporting
  • Information portals for parents, school, local authorities to access
  • Web-based, mobile optimised with self-service and service redesign
  • Secure, compliant system enabling multi-user access and information dashboards
  • Admissions, Transfers, Appeals, SEND, Social Inclusion, Early years
  • Education Psychology, Child Protection, Results & Tracking, Governors
  • Welfare Benefits, Specialist Support Services & Music modules
  • Powerful HUB data-matching engine that collaborates, synchronises, cleanses data

Benefits

  • Dramatically improves internal processes, affordably and efficiently
  • Broadens view of child’s journey through the education system
  • Improves integration and quality of data from other agencies
  • Robust, mature system which works excellently at scale
  • Multi-professional case management; supports better collaboration to safeguard children
  • Intensive support provided by Trusted Advisors with domain expertise
  • Excellent value for money with tangible time-saving results
  • Experienced people, methodology and values; more effective implementation
  • Rapid data entry toolkit to save staff time and effort
  • Meaningful analytics, dashboards, visualisations using live data (with drilldown)

Pricing

£35000 per licence per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

2 0 9 3 0 5 4 3 8 0 3 1 2 0 7

Contact

CACI UK Ltd

CACI Digital Marketplace Sales Team

0207 602 6000

digital.marketplace@caci.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None, other than internet access
System requirements
Appropriate browser enabled device and connection to the internet.

User support

Email or online ticketing support
Email or online ticketing
Support response times
CACI provide web support and a helpdesk portal 24/7 to process customer issues, requests for support and software changes.

ChildView is a highly secure and available system and several aspects of the application are business-critical, so we aim to deliver maximum uptime.

Application and technical support is available 08:00 to 1800 and at other times by arrangement. If a serious fault (Severity 1 & 2) is reported, and the system is not available or unusable, we will immediately respond and diagnose the issue using our technical consultants. This is typically within two hours if it relates to the software.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
CACI have reviewed inclusive features in Skype for Business:

- Users with vision impairments can get shared content on their own devices. This lets them use their favorite assistive technologies, such as a screen reader or magnifier.
- Users with hearing impairments can get transcription services in real time, through Communication Access Realtime Translation (CART).
Onsite support
Yes, at extra cost
Support levels
All CACI’s customers receive a comprehensive support package as standard. This is included in the annual support and maintenance charge. Support is an area CACI is confident it over performs in; it’s constantly cited as one of the reasons why our customers partner with us, and why they stay with CACI.

All first line customer care consultants are attuned to practice issues and know how important it is, and are committed to, turning technical issues around quickly when they are affecting a child’s life.

Although our Service Level Agreement (SLA) is focused on service requests, >80% of our support time is spent providing advice to help customers optimise their use of Impulse and its diverse features. We are proud of this level of engagement and certain this is a uniquely beneficial feature of our service, compared to other providers.

Another popular benefit is CACI’s regular engagement with our userbase. We hold regional user conferences, webinars, workshops and actively encourage our userbase to engage with each other, both to help with best practice and to communicate in relation to CACI’s services and the development of Impulse.
Support available to third parties
No

Onboarding and offboarding

Getting started
CACI will confirm all customer requirements for configuration and implementation including training as well as a service start date.

Typically, we offer an initial onsite kick-off meeting with the customer at a suitable location (onsite or nearby) and agree the method and types of users to receive training, this will depend on the customer service needs, number and location of users that require training.
Impulse training sessions are designed to be interactive and are delivered by knowledgeable and experienced consultants, with in-depth knowledge of the solution. Full training documentation will be supplied, as well as user and how-to guides, regular advice notices and webinars.

We continuously improve our software design, implementation, testing and deployment processes. We provide a complete service to manage Impluse, software upgrades and data backups, for example, to fully comply with statutory application and security requirements etc. Three service pack updates are scheduled in consultation with the customer annually.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Onboarding documentation is available on-line, complimentary to our on-site, specialist training package. Off boarding documentation is available on request.
End-of-contract process
If a customer chooses not to renew, and once written confirmation is received, we will agree a date on which we are to carry out the data extract. Once carried out it is then securely provided to the customer.

Upon confirmation that all is in order, we then clear Impulse and shut it down, providing written confirmation to the customer that this has taken place and that we have securely destroyed all their data.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The standard ChildView service works on mobile devices, such as tablets. Extensions to ChildView, for example Search, Capture and Analytics, are fully optimised to work on mobile phones and tablets.
Service interface
Yes
Description of service interface
There is a secure, device-adaptive web browser interface to the service.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Testing has been carried out in order to meet specific customers requirements to assist their users with specific accessibility needs e.g. JAWS. CACI has experience of tailoring visual displays for users with visual impairment, for example. Upon contract start CACI's team will discuss any specific requirements before Impluse is implemented.
API
Yes
What users can and can't do using the API
Impulse can interface and integrate with a range of modern systems.

CACI can reference examples of similar interfacing and integration, for example, automatic updating of education training attendance and attainment, care status and looked after children's placements, police notifications etc.

In addition to offering generic interfacing and inter-operability with other 3rd party systems, Impulse provides a web service application programming interface. We have also developed RESTful interfacing with Impulse to enable interfacing with mobile software devices as well as for other purposes.
API documentation
No
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Impulse can be customised at a service level to include a number of different modules, generate specific reporting, dashboards, user permissions and role-based settings.

Users can also customise their personal dashboard, generate specific reports and include / remove certain windows and sections of information based on relevance to the users work.

We also offer systems integration options. These are configured as options and require the Impulse Hub matching and systems integration product. The number and type of feeds to Local, Regional and Government systems is virtually unlimited.

Scaling

Independence of resources
Regular testing and enhancements to our service and hardware are conducted. Up-time and performance assurances are provided in our SLAs.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics can be provided on usage of Impulse with various user-defined variables.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
ChildView uses an integrated reporting and filtering system for users to define precisely the data that users want to extract themselves.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
CACI use a mixture of these protection protocols across the CACI network, relating to different projects and the scale / security levels required.

Availability and resilience

Guaranteed availability
We guarantee 99% availability, using the following definitions:

• Network resilience is defined as recovery in less than 2 hours
• Physical Machine resilience is defined as less than 5 minutes
• Virtual Machine resilience is defined as less than 15 minutes
• Data Center recovery is defined as less than 1 hour (if secondary site option purchased)
Approach to resilience
CACI has various contingencies in place including:

- N+1 best practice and physical arrangements in our accredited UK data centres.
- Environmental protection includes gas and fire suppression systems, N+1 air-conditioning systems with nothing combustible stored on site.
- CACI also operate contingent power, computing and network capacity which includes highly resilient HP RAID technology.

Further information about resilience of our service is available on request.
Outage reporting
Email alerts and phone calls.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password plus internal processes, audited in accordance with ISO 9001 and ISO 27001 protocols.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19-07-2016
What the ISO/IEC 27001 doesn’t cover
Not applicable
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 9001 - this includes additional elements regarding security
  • Data Seal - DS 27001/1-2014
  • Cyber Essentials certification - CES-CSR-10006

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security Plus
Information security policies and processes
CACI provides systems integration, software applications and consultancy services to customers from across the public and private sectors. We manage sensitive data on behalf of our customers ensuring that the confidentiality, integrity and availability of information is maintained always.

CACI is dedicated to protecting all customer data and systems using industry best practise for security. We have implemented an Information Security Management System (ISMS) containing policies, procedures and robust technical controls to systematically manage sensitive data, systems and processes in accordance with ISO 27001:2013.

Our customers demand the highest levels of data security, and our ISMS is subject to regular rigorous internal & external audits by our customers. CACI has been certified by the British standards Institute to ISO 27001 since 2006, cert # IS501477, covering all CACI offices and data centers, demonstrating our commitment to information security. We also hold Data Seal, cert # DS 27001/1-2014 and Cyber Essentials certification, cert # CES-CSR-10006.

All our systems are installed on highly available hardware in CACI owned data centres, backed up nightly on offsite encrypted media, patched regularly, while being protected by high-end firewall systems, intrusion detection and antivirus systems. Complete network penetration tests are performed annually by independent third parties.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the change advisory board (CAB) which delivers support to a change management team by approve, assess, prioritise the requested changes.

All changes are subject to our Change Control Policy. Where there’s the possibility of an impact to user activity, the appropriate stakeholders are notified for feedback.

Changes are forwarded to Change managers for CAB approval, who may append plans when appropriate.

Robust systems acceptance testing processes have been established for all new information systems, upgrades and new versions, conducted by dedicated quality assurance team.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Independent penetration testing is conducted annually. Regular vulnerabilities scans are conducted utilising the Nessus vulnerability scanning product. CACI’s in-house cloud hosting solution has an independent IT Health Check and approved for government PSN standards.

Deployment of service packs / updates are in accordance with ISO27001 policy; first to a test group then after a successful testing period deployed to the remainder. Critical patches are applied immediately. Systems / applications are routinely updated/ patched to the latest release levels to ensure best practices for security via leading security applications, alerts, publications to counter new / emerging threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Active Directory event logging is enforced and captures all appropriate events to prevent security incidents and malpractices. Systems are additionally monitored via Quest Change Auditor software, a dedicated security logging tool, which audits the activities taking place within our infrastructure and delivers detailed information about vital changes and activities as they occur to all peer administrators, including the IP address of the originating workstation, where and when it occurred, along with before and after values.

Checkpoint's SmartCenter and HP Systems Insight Manager (HP SIM) is used to monitor systems and alert administrators of possible security, capacity or resource problems.
Incident management type
Supplier-defined controls
Incident management approach
All Security Incidents are recorded and documented in-line with our security incident policy and response procedure, for each incident a root cause analysis is conducted and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future. A Security Incident Support call is raised to the Projects & Security team within the Technology Department. The support call requires analysis, corrective action and preventative action to be recorded.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Other
Other public sector networks
CACI provide connectivity to DfE eligibility checking service.

Pricing

Price
£35000 per licence per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑