CACI UK Ltd

CACI Inview Data Warehouse [SW6]

Inview is a cloud based data warehouse that provides a single, consolidated, coherent source of operational, management and performance management information. It has been designed to the data standards of the NHS through extensive user consultation, and is therefore aligned with the Health Informatics processes within the NHS.

Features

  • Data Warehouse comprises several fully integrated and intuitive features
  • Extract, Transform, Load (ETL layer) data from all sources
  • Proprietary data warehouse (star schema data warehouse design)
  • Defined data items used for reporting (semantic layer)
  • End user reporting (graphical reporting interface)
  • Ability to integrate data from multiple systems, including SLAM
  • Grouping and pricing integration
  • Statutory reporting including SUS and Unify Submissions

Benefits

  • Provides a single, governed version of the truth
  • Drives consistent numbers to use in decision making
  • Enables financial measurement, forecasting and the sharing
  • Real time data feeds
  • Distributed and devolved analytic applications
  • Contributes to transformational outcomes
  • Proven pre-built solution reduces costs and deployment time
  • Inview strategic development roadmap focused on NHS R&D

Pricing

£50,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 1 6 8 4 2 5 6 2 9 7 2 8 7 3

Contact

CACI UK Ltd CACI Digital Marketplace Sales Team
Telephone: 0207 602 6000
Email: digital.marketplace@caci.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No.
System requirements
None.

User support

Email or online ticketing support
Email or online ticketing
Support response times
CACI’s standard Service Level Agreement (SLA) for 'Severity 1 - Critical issues' includes a response time of 1 hour. Resolution, if not achieved immediately when CACI responds, depends on the complexity and severity of the enquiry. Typically this is within 24-48 hours with CACI’s team working on a basis of 'continuous working (within service cover time) until fixed or a workaround delivered'.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
CACI operates a comprehensive managed service that provides customers with access to a dedicated team responsible for answering any queries or resolving any incidents encountered in relation to CACI supported software and solutions.

The managed service, which is included in the price quoted, provides:

- Access to Service Desk
- Defined SLA for Incident Response and Resolution
- Documented Scope of Service and Statement of Work
- Service Delivery Plan
- Service Reporting
Support available to third parties
No

Onboarding and offboarding

Getting started
For all implementations CACI take a collaborative approach with the customer and users to promote knowledge transfer at all stages. This ensures users are able to effectively utilise Inview, maximising its value. Included in the services offered are:

- Onsite (or offsite) classroom based training courses including full training materials
- Software installation documents are with assistance available via the managed services desk
- Table schemes and mapping documentation is provided to help data load process.

Before commencing and implementation, a Project Initiation Document (PID) will be written to agree and outline the deployment approach. A joint team will be agreed with clearly defined roles. The implementation will be phased, allowing for regular deployment of integrated data to be loaded to the data warehouse. The agreed phases will take into consideration each customers’ organisational requirements. A typical integration is split in to deliverables per module or modules grouped in to areas, e.g. based on source system.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Excel
End-of-contract data extraction
A data migration procedure can be run. This extracts the data in CSV format which is then availiable via FTP
End-of-contract process
At the end of a contract, either due to the customer not wishing to renew or cancellation, the date on which the termination will take effect will be agreed and confirmed with the customer. Data will then be extracted from Inview on the cancellation date and is then securely provided.

Once confirmation is received from the customer that all the required data has been received (transferred or extracted) the system is then cleared and shut down. This is then communicated to the customer in writing with confirmation that CACI is no longer in possession of any customer data.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The following can be customised by users within the Inview Data Warehouse:

- Local rules for income and activity calculations can be implemented
- Local data items can be added alongside the product provided ones.
- Users are able to compliment and present non-integrated data at the reporting layer to augment analysis for their organisation
- InView can present data to any reporting tool of choice.

Scaling

Independence of resources
Every customer is allocated a dedicated resource in cloud environment to prevent any performance issues when using the solution.

Analytics

Service usage metrics
Yes
Metrics types
Reports can be provided to customers on usage of Inview with various user defined variables.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can connect to the Inview data warehouse using a tool of choice, subject to security, which will then allow them to extract the data to any location required.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Relational databases (via ODBC: SQL Server, Postgres, MySQL etc.)
  • Txt
  • CSV
  • Excel
  • REST

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Data is protected in its own segregated environment with industry leading firewalls in CACI's UK data centre. Additionally 2 factor authentication security is in place.

Availability and resilience

Guaranteed availability
System availability is over 99%. 

Anticipated downtime for upgrades is agreed in advance with customers to avoid any impact during busy periods. This proactive approach enables communications to be sent to the user base prior to the release of upgrades or patches.
Approach to resilience
Inview is hosted on an IL3 hosting environment within CACI's UK based data centre which has robust physical, technical and environmental controls to protect data.

All systems are backed up nightly on offsite encrypted media, patched regularly, protected by high-end firewall systems, intrusion detection and antivirus systems, dedicated to the secure environment.

The solution utilises the latest HP blade systems and HP 3PAR all flash SANs with redundant networks. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure.

Climate control is in place to maintain a constant operating temperature for servers and other hardware. The Data centre is conditioned to maintain atmospheric conditions at optimal levels.

Further information is available upon request.
Outage reporting
In the unlikely event of service outage an email alert would be sent to the user(s) from CACI Customer Care Team.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
CACI operates a layered, segregated and separated environment with role based multi-factor authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
06/07/2018
What the ISO/IEC 27001 doesn’t cover
Not applicable.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Data Seal and Cyber Essentials certification
Information security policies and processes
CACI have implemented an Information Security Management System (ISMS) containing a set of policies and procedures for systematically managing sensitive data, systems and processes. The foundation of our ISMS is designed in accordance with the ISO27000 series of international standards, industry best practices and regulatory controls.

Overall responsibility for the design, coordination, implementation and verification of the programme is centralised within the organisation.

CACI's Information Security objectives are defined at board level and managed day to day by the Projects and Security team. KPI's are produced against our security objectives and reported back to the executive board. Each team has an Information Asset Owner (IAO) responsible for its assets. A number of suitable trained Security Officers provide guidance across the organisation.

Risk Assessments are conducted upon all services in accordance with our Risk Assessment Methodology document to identify and address all associated risks. CACI actively employs a policy of least provisioning, where employees are only granted the minimum system access to perform their assigned job.

CACI has implemented a comprehensive security awareness programme. Information security training is provided upon induction, on-going security training and updates are provided thought employment. All Information Security Policies are published on our intranet site.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change management is covered by CACI's ISO 27001 ISMS. This is managed through Agile Project Management proceses, any changes and enhancements are implemented as they are reviewed and approved by our software developers and product owners.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Systems and application are routinely updated and patched to the latest release levels to ensure best practices for security.

Deployment of service packs and updates is in accordance with CACI’s ISO 27001 Patching Policy. All operating system patches are deployed within 30 days to enable testing before full release. Critical patches are applied immediately.

Vulnerabilities scans are conducted on critical systems and applications by our network team utilising the Nessus vulnerability scanning product and vulnerabilities addressed accordingly. CACI’s system administrators subscribe to alerts and publications to ensure new are emerging threats are countered promptly and effectively.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
CACI use Checkpoint firewalls with the Intrusion Prevention System (IPS) blades.

By default, any websites that are accessible directly over the Internet are protected by F5 Application Security Manager (ASM)/ Web Application Firewalls (WAF).

Protections include blocking anomalous behaviour, preventing the exploit of known vulnerabilities, enforcing geolocation-based blocking, protecting commonly used APIs and dynamic policy development (learning desirable traffic and usage).

CACI has robust and mature incident response plans and processes and business continuity management to minimise the impact of a cyber-security attack or incident. Security events are promptly reported to our security team, critical events are responded too immediacy.
Incident management type
Supplier-defined controls
Incident management approach
CACI has Cyber Incident Response Plans and processes to help promptly detect a cyber-incident on CACI networks, systems or infrastructure. This enables consistent and effective approach in containing the attack, hasten the recovery times and provide plans for responding to a number of potential attack scenarios.

All employees are required to report any real, perceived or potential security incidents to the central Security Department. All Security Incidents are recorded and documented in-line with our Security Incident Policy and Response Procedure. A Security Incident Support call is raised and requires analysis, corrective action and preventative action to be recorded.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Pricing

Price
£50,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digital.marketplace@caci.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.