CACI Impulse Education Management Information System

IMPULSE is a modular, single database, web-based education management system that allows greater efficiency by using a centralised, core pupil record. This innovation provides a holistic view of a child's educational activity and their family circumstance, through using advanced reporting functionality, portals, dashboards with mobile-optimised accessibility.


  • Single database application with a centralised core pupil record
  • Flexible, modular offering fulfilling specific education department requirements
  • Management information system with analytics and powerful reporting
  • Information portals for parents/school/local authorities to access
  • Web-based, mobile optimised with self-service and service redesign
  • Secure, compliant system enabling multi-user access and information dashboards
  • Admissions, Transfers, Appeals, SEND, Social Inclusion, Early years,
  • Education Psychology, Child Protection, Results & Tracking, Governors,
  • Welfare Benefits, Specialist Support Services & Music modules.
  • Powerful HUB data-matching engine that collaborates/synchronises/cleanses data


  • Dramatically improves internal processes, affordably and efficiently
  • Broadens view of a child’s journey through the education system
  • Continually improves the integration/quality of data from other agencies
  • Robust,mature system which works excellently at scale
  • Multi-professional case management - supports better collaboration to safeguard children
  • Intensive support provided by Trusted Advisors who are domain experts
  • Excellent value for money with tangible time-saving results
  • Experienced people, methodology and values - more effective implementation
  • Rapid data entry toolkit to save staff time and effort
  • Meaningful Analytics/Dashboards/Visualisations using live data (with drilldown)


£10000 to £1000000 per unit

  • Education pricing available

Service documents

G-Cloud 10



CACI Sales Team

0207 602 6000

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide a web support and helpdesk portal to process customer issues, requests for support and software changes. Impulse is a highly secure and available system and several aspects of the application are business-critical, so we aim to deliver minimal downtime. When a serious fault (Severity 1 & 2) is reported, and the system is not available or unusable, we will immediately respond and diagnose the issue using our technical consultants. In our experience, this is typically within a couple of hours if it relates to the software. Responding to a severe fault requires collaboration with your IT services.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All of our customers have the same comprehensive support package. The cost is included in the annual support and maintenance charge. Support is an area we are confident that we over-perform in and is constantly cited as one of the reasons our customers appreciate the service CACI offers so much. Our customer care team fully understand multi-agency practice and the inner-workings of Education Departments. They are attuned to practice issues and know how important it is to turn technical issues around quickly when they are affecting service delivery. Although our service level agreement is based around fixes to the software, over 80% of our support time is spent providing information and advice about better utilisation of the solution. We are proud of this level of engagement and certain this is a uniquely beneficial feature of our service, compared to other suppliers. Another popular benefit is CACI’s regular engagement with our user base. We regularly hold regional user conferences, webinars and workshops, and actively encourage our user base to engage with each other, both to help with best practice and to communicate in relation to our services and product development.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Once the initial on-site kick-off meeting is held, it will be decided if it is possible to train on-site or nearby, depending on the size of the team and facilities available. Full user documentation is also supplied with online manuals, user and how-to guides, regular advice notices and also webinars for specific issues. We are continuously improving our software design, implementation, testing and deployment process. We provide a complete service to manage applications, 3rd party software upgrades and data backups, for example, to fully comply with security requirements. This is organised annually, or as part of our hosting service. In the last 18 months we have delivered a fast and lightweight customer installer. This enables incremental enhancements to be available and for these to be applied more frequently, as preferred. It also significantly reduces time and effort installing test, training and live instances of the application on site. In time we have plans to provide a fully-automated application test and deployment process. Furthermore, we can also offer appropriate technical expertise to advise on networking, software and hardware environments including health check services and robust arrangements for data backup and resilience.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The embedded reporting tools in the software allow for full data extracts by the client. Where applicable and as needed, CACI can be commissioned to assist with the extraction as agreed on a case by case basis.

Optionally we can provide additional (costed) services for Certified Drive Erasure or Disk Destruction through independent 3rd parties.
End-of-contract process If a client chooses not to renew, and once written confirmation is received, we will agree a date on which we are to carry out the data extract. Once carried out it is then securely provided to the client. Upon confirmation that all is in order, we then clear the system and shut it down, providing written confirmation to the client that this has taken place and that we are no longer in possession of any of their data that we once held.

Using the service

Using the service
Web browser interface Yes
Supported browsers Internet Explorer 11
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All the case management and database functionality is designed to run on a desktop.

Capture, Reporting Dashboards and Portals are all optimised and able to be view on devices such as mobile telephones and tablets etc.
Accessibility standards None or don’t know
Description of accessibility We are legally compliant regarding accessibility for people with special educational needs and/or disabilities. CACI ensures that appropriate assessments are carried out to assist people who need specific accessibility and that every effort is made available for anyone that requires additional help.
Accessibility testing We have experience of tailoring visual displays for people with visual impairment, for example. We would ensure that appropriate assessments, testing and developments were carried out and that any of our software products were developed to suit the needs of our customers.
What users can and can't do using the API Impulse offers a range of tried and tested interfacing and integration with other modern systems. We can reference examples of similar interfacing and integration, for example, automatic updating of education training attendance and attainment, care status and looked after placements, police notifications etc. In addition to offering generic interfacing and inter-operability with other 3rd party systems, Impulse provides a web service application programming interface. We have also developed RESTful interfacing with Impulse to enable interfacing with mobile software devices as well as for other purposes.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation The Impulse system can be customised at a service level to include a number of different modules, generate specific reporting, dashboards, user permissions and role-based settings. Users can also customise their personal dashboard, generate specific reports and include/remove certain windows and sections of information that are either relevant or not relevant to their work. Also if bought in association with the Impulse Hub product, the number and type of feeds to different government services can be customised.


Independence of resources Regular testing and enhancements to our service and hardware are conducted. Up-time and performance assurances are provided in our SLAs.


Service usage metrics Yes
Metrics types Upon request we can report on usage of the system with various user-defined variables.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export certain data via reporting and analytics capabilities that they have themselves. Full data extraction would have to be considered as a service that was charged for.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Any of these protection methods are available. This would need to be specified in line with customer requirements at the start of a new sales process and costed accordingly.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network We use a mixture of these protection protocols across the CACI network, relating to different projects and the scale/security level required. This would be specified at the start of talks with any new provider to ensure that we also meet their requirements.

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% up-time
Approach to resilience At CACI, keeping client data secure is our first priority. Security is addressed holistically and systematically from the very beginning of all solutions and services provided by CACI. All development and project work is connected in accordance with our Secure Engineering Development Principles document, which ensures security is central during the entire life-cycle of a solution and in accordance with our legal and contractual obligations. Following these principles ensures that security is central during the entire life-cycle of a solution and in accordance with security best practices and our legal and contractual obligations. Privacy by design is embedded within all CACI projects.
Outage reporting Email alerts and phone calls.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Username and password plus internal processes, audited in accordance with ISO 9001 and ISO 27001 protocols.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 19/7/2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 9001 - this includes additional elements regarding security
  • Data Seal - DS 27001/1-2014
  • Cyber Essentials certification - CES-CSR-10006

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes CACI provides systems integration, software
applications and consultancy services to organisations
from across the public/private sectors. We manage
sensitive data on behalf of our clients ensuring that the
confidentiality, integrity and availability of information is
maintained at all times.
CACI is dedicated to protecting all customer data and
systems using industry best practise for security.We have implemented an Information Security
Management System (ISMS) containing policies,
procedures and robust technical controls to
systematically manage sensitive data, systems and
processes in accordance with ISO 27001:2013.
Our clients demand the highest levels of data security,
and our ISMS is subject to regular rigorous
internal & external audits by our customers.
CACI has been certified by the British Standards
Institute to ISO 27001 since 2006, cert # IS501477,
covering all CACI offices and data centers,
demonstrating our commitment to information security.
We also hold Data Seal, cert # DS 27001/1-2014 and
Cyber Essentials certification, cert # CES-CSR-10006.
All our systems are installed on highly available
hardware in CACI owned data centres, backed up
nightly on offsite encrypted media, patched regularly,
while being protected by high-end firewall systems,
intrusion detection and antivirus systems. Complete
network penetration tests are performed annually by
independent third parties.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the change advisory board (CAB) which delivers support to a change management team by approve/assess/prioritise the requested changes. All changes are subject to our Change Control Policy. Where there’s the possibility of an impact to user activity, the appropriate stakeholders are notified for feedback. Changes are then forwarded to Change managers for CAB approval, who may append plans when appropriate. Robust systems acceptance testing processes have been established for all new information systems, upgrades and new versions, conducted by dedicated quality assurance team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Independent penetration testing conducted annually on all external/critical systems. Regular vulnerabilities scans conducted on systems/applications utilising Nessus vulnerability scanning product. CACI’s in-house hosted solution has an independent IT Health Check and approved for government PSN standards. Deployment of service packs/updates are in accordance with ISO27001 Policy, first to a test group then after a successful testing period deployed to the remainder of the enterprise, within 30 days, automatically utilising windows WSUS. Critical patches are applied immediately. Systems/applications are routinely updated/patched to the latest release levels to ensure best practices for security via leading security applications/alerts /publications to counter new/emerging threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Active Directory event logging is configured/enforced by group policy and captures all appropriate events to prevent security incidents and malpractices. Systems are additionally monitored via Quest Change Auditor software,a dedicated security logging tool, which audits the activities taking place within our infrastructure and delivers detailed information about vital changes and activities as they occur to all peer administrators, including the IP address of the originating workstation, where and when it occurred, along with before and after values. Checkpoint's SmartCenter and HP Systems Insight Manager (HP SIM) is used to monitor systems and alert administrators of possible security/capacity/resource problems.
Incident management type Supplier-defined controls
Incident management approach All Security Incidents are recorded and documented in-line with our security incident policy and response procedure, for each incident a root cause analysis is conducted and a preventative action will be implemented to prevent or reduce the probability of the incident reoccurring in the future. A Security Incident Support call is raised to the Projects & Security team within the Technology Department. The support call requires analysis, corrective action and preventative action to be recorded.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)


Price £10000 to £1000000 per unit
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑