CACI Cygnum Digital Workforce Management [SW10]

Cygnum is an innovative, intelligent digital solution that adapts to your changing needs. Delivering workforce management, case management and financial management in a single joined up solution, Cygnum helps to maximise efficiency and minimise costs. Empower your organisation to work smarter, improve services, reduce risk and be ready for change.


  • Sophisticated multi-resource scheduling including optimisation and digital wallchart view
  • Implement casework and process with digital forms, contact and workflow
  • User definable business rules to model triggers, actions and outcomes
  • Manage financial planning, timesheets, expenses, pay & billing
  • Utilise a scalable, highly performant and extensible single data source
  • Report on live operational data with interactive dashboards and drilldown
  • Use standard browsers on multi-devices for web and portal access
  • Cygnum Mobile app to access functionality on-the-go and offline
  • Integrate with third-party systems using Open APIs and RESTful web-services
  • Secure access including 2FA, single sign-on, data and process security


  • Reduce time on workforce scheduling and increase operational efficiency
  • Ensure business processes are followed, delivering high quality output
  • Easily model software to reflect specific or localised business practice
  • Have assurance that your numbers are matching operational reality
  • Single version of the truth for all operational data
  • Make business decisions based on real-time data insight and analysis
  • Access and use the system easily and intuitively
  • View and capture data wherever you go regardless of signal
  • Easily fit Cygnum into your IT landscape and share data
  • Rest assured that your data is secure and accessed correctly


£97,042 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 9 7 4 8 2 9 3 1 2 5 6 1 0 7


CACI UK Ltd CACI Digital Marketplace Sales Team
Telephone: 0207 602 6000

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None, other than internet access. Planned maintenance is carried out with the client's knowledge at a time to ensure no or minimal disruption to the client's service.
System requirements
Appropriate browser enabled device and connection to the internet.

User support

Email or online ticketing support
Email or online ticketing
Support response times
CACI provide web support and a helpdesk portal 24/7 to process customer issues, requests for support and software changes.
Application and technical support are available 0900 to 1730 Monday to Friday and at other times by arrangement. The cloud infrastructure is supported by 24x7x365. Calls will be responded to and reviewed as per the agreed response times, based on the severity of the requirement.

Fault type examples are:

Severity P0: Totally application failure: 15 minute response
Severity P1: Corruption of database: 30 minute response
Severity P2: Moderate adverse impact: 210 minute response
Severity P3: No material impact: 210 minute response
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Clients can chat with a Customer Care Consultant if they have access to Skype for Business.
Onsite support
Yes, at extra cost
Support levels
CACI's Customer Care Team will provide a full solution support desk from 09:00 to 17:30 Monday to Friday excluding bank holidays. This includes support for the solution underlying Infrastructure and Endpoints. When a ticket is raised it will be handled by the Customer Care Consultants. Faults on the Cloud Infrastructure can be reported 24x7x365 to a dedicated support number. CACI Customer Care Consultants are the staff responsible for managing the Business as Usual relationship between CACI and clients and will be the first point of call for any enquiry. They also have responsibility for owning support issues through to resolution as per the agreed Service Level Agreement (SLA).

CACI would be happy to discuss enhanced service levels with clients on a bespoke basis. This can include service credits for not achieving service level parameters etc. Any enhanced service levels will be charged at a premium based on the client’s requirements.

All clients will have a dedicated Customer Care Manager who will be responsible to providing regular reports of any faults and performance against the SLA. Additional onsite and remote support can be provided to clients, which will be at an agreed hourly rate as detailed in the contract.
Support available to third parties

Onboarding and offboarding

Getting started
CACI will confirm all customer requirements for configuration and implementation including training during requirements gathering and implementation.

Typically, we offer an initial onsite kick-off meeting with the customer at a suitable location (onsite or nearby) and agree the method and types of users to receive training, this will depend on the customer service needs, number and location of users that require training.

Cygnum training sessions are designed to be interactive and are delivered by knowledgeable and experienced consultants, with in-depth knowledge of the solution. Full training documentation will be supplied, as well as user and how-to guides, regular advice notices and webinars.
Service documentation
Documentation formats
End-of-contract data extraction
The embedded reporting tools allow for full data extraction by the user. Where applicable and as needed, CACI can be commissioned to assist with the extraction as agreed on a case by case basis. As an option, CACI can provide additional (costed) services for Certified Drive Erasure or Disk Destruction through independent 3rd parties.
End-of-contract process
As part of the contract discussions with new clients we would be happy to discuss and agree an exit plan from the contract if required. If a customer chooses not to renew their contract, and once written confirmation is received, we will then implement any processes agreed as part of that plan.

If it has been agreed as part of that plan that all customer data will be extracted from Cygnum and the client requires assistance doing this, then there will be an additional charge. Upon confirmation that all is in order, we then clear the customer instance of Cygnum and shut it down, providing written confirmation to the customer that this has taken place and that we have securely destroyed all their data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Functionality is designed to run on standard desktop computers/laptop. Cygnum is optimised for iPads/other tablet devices so the user is able to access Cygnum via browser. Giving users access to almost all of the functionality including reports, diaries, and input and output form information.

Additionally, we have developed mobile applications which integrate fully with Cygnum - seamlessly working whether on/offline. If a form is completed on the application, it is communicated back to Cygnum in real-time where it is stored. Designed using the Microsoft Xamarin toolset, we are able to code once and deploy multi-platform.
Service interface
What users can and can't do using the API
Cygnum has been designed to be open and interoperable, its integration and analytics engines allow bi-directional third-party integration and data extraction. Cygnum uses an engine based on open API 3.0 REST standards with capability to expose transactions as a RESTful web service.

Cygnum transactions can be easily converted to RESTful API interfaces and this information can be imported or exported to a 3rd party solution, in order to make changes.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Cygnum can be customised during implementation to include a number of different modules, generate specific reporting, dashboards, user permissions and role-based settings etc.

During the implementation phase the CACI project team will work with the client to understand their business requirements and advise on the best combination of modules and related functionality.

User roles and access can also be customised. The security module allows the creation of multiple roles. Each role created is assigned permissions to determine the actions allowed for the role at individual screen level. Access permissions for each screen can be deny access, read only, edit existing records, add new records etc.
Users can also customise their personal dashboard, generate specific reports and include / remove certain windows and sections of information based on relevance to the user's work. After training users will be able to define their own business rules, workflows and edit and build Input and Output forms for data collection. Dependent on the permissions a user has for example, input form software allows a trained user to create their own electronic forms to capture non-standard data. Output forms allows a creation of formatted documents from any data held in the Cygnum database.


Independence of resources
Regular testing and enhancements to our service and hardware are conducted. Up-time and performance assurances are provided in our SLAs. Also clients are allocated a seperate environment in the cloud to prevent any performance issues when using the solution.


Service usage metrics
Metrics types
CACI will provide metrics on the Cygnum application. This allows for comparative resource’s analysis/ proactive monitoring/retrospective fault analysis and resource utilisation projection. The metrics are retained for a rolling 3-months. VMs report statistics pertaining to the following (but not limited to):

- CPU %, CPU System %
- Disk Free Bytes,Disk Reads Per Second,Disk Used %, Disk Utilization %, Disk Writes Per Second
- Memory Free %, Memory Free Bytes, Memory Used %
- Network – Transmit Packets/Sec, Receive Packets/Sec, Transmit Dropped/Sec, Receive Dropped/Sec
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The Cygnum application uses integrated reporting functionality for users, following training, to define precisely the data they want to extract themselves.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML - default XML schema, user can create their own
  • XLXS - standard Excel Format
  • PDF - applicable for Output Forms only
  • RTF - Open format for word documents
  • SLK - Open format for excel documents
  • HTML - data exported in standard stylesheet.
  • Customised formats (upon request)
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
System availability is over 99%. 

Anticipated downtime for upgrades is agreed in advance with the customer to avoid any impact during busy periods. This proactive approach enables communications to be sent to the user base prior to release. Any service credits agreed for not meeting the system availability will be negotiated during contract discussions.
Approach to resilience
CACI Cloud solutions use AWS and have at least two connections terminating on different devices at a single location. Such a topology helps in the case of the device failure at a location but does not help in the event of a total location failure. For additional resilience clients, use multiple dynamically routed, rather than statically routed, connections to AWS at multiple AWS Direct Connect locations. This will allow remote connections to fail over automatically. Dynamic routing also enables remote connections to automatically leverage available preferred routes, if applicable, to the on-premises network. Highly resilient connections require redundant hardware, even when connecting from the same physical location. If high resilience is required, clients should avoid relying on a single on-premises device connecting to a single AWS Direct Connect device. Also, avoid relying on AWS Managed VPN as backup for connections that are greater than 1Gbps.

The cost of the solution provided will depend on the level of resilience required.
Outage reporting
In the unlikely event of service outage an email alert would be sent to the user(s) from CACI Customer Care Team.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Cygnum is governed throughout by role-based security, including specific user actions such as who can publish and who can access specific data fields for reporting. Cygnum’s inbuilt security functionality is extensive, robust and highly configurable. Using a parent/child hierarchy principle, users have security settings applied by default based on their position in the organisational breakdown structure. Security can apply to menu paths, screens, and reports, only allowing certain staff to access certain functions as appropriate. Cygnum defines functional permissions at a hierarchical security group level, to which individuals’ user accounts are linked.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO 9001 - this includes additional elements regarding security
  • Data Seal - DS 27001/1-2014
  • Cyber Essentials certification - CES-CSR-10006

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security Pus
Information security policies and processes
CACI provides systems integration, software applications and consultancy services to customers from across the public and private sectors. We manage sensitive data on behalf of our customers ensuring that the confidentiality, integrity and availability of information is maintained always.

CACI is dedicated to protecting all customer data and systems using industry best practise for security. We have implemented an Information Security Management System (ISMS) containing policies, procedures and robust technical controls to systematically manage sensitive data, systems and processes in accordance with ISO 27001:2013.

Our customers demand the highest levels of data security, and our ISMS is subject to regular rigorous internal & external audits by our customers. CACI has been certified by the British standards Institute to ISO 27001 since 2006, cert # IS501477, covering all CACI offices and data centers, demonstrating our commitment to information security. We also hold Data Seal, cert # DS 27001/1-2014 and Cyber Essentials certification, cert # CES-CSR-10006.

All our systems are installed on highly available hardware in CACI owned data centres, backed up nightly on offsite encrypted media, patched regularly, while being protected by high-end firewall systems, intrusion detection and antivirus systems. Complete network penetration tests are performed annually by independent third parties.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Documented change management systems form part of ISMS. Major/significant changes are peer reviewed and approved by the Change Advisory Board which delivers support to Change Management team who approve, assess, prioritise.

All changes are subject to our Change Control Policy. Where there’s the possibility of an impact to user activity, stakeholders are notified for feedback.

Changes are then forwarded to Change Managers for CAB approval, who append plans when appropriate.

Robust systems acceptance testing processes have been established for all new information systems, upgrades and new versions, conducted by a dedicated Quality Assurance team, ensuring no security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security will be monitored using; Symantec Cloud Workload Protection, Amazon GuardDuty, Amazon Inspector, AWS’s Config and Security Hub, and Cygnum’s Audit function, providing host-based Intrusion Detection/Prevention, real-time File Integrity Monitoring,scheduled Anti-Malware protection. It will detect any Integrated Network Intrusion, API threats/anomalies/AWS account changes. Vulnerability of the VM/application/AWS account compliance will be assessed.

Alerts will be recorded on the CACI web-portal and an appropriate incident logged. Dashboards can be created to provide a clear view of incidents and their monitoring to resolution.

Deployment of service packs/updates are in accordance with ISO27001 policy. Critical patches are applied immediately. Systems/applications are routinely updated/patched.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Security will be monitored using; Symantec Cloud Workload Protection, Amazon GuardDuty, Amazon Inspector, AWS’s Config and Security Hub, and Cygnum’s Audit function. This will provide host-based Intrusion Detection/Prevention, real-time File Integrity Monitoring and scheduled Anti-Malware protection. It will detect any Integrated Network Intrusion, API threats and anomalies and AWS account changes. The vulnerability of the VM, application and AWS account compliance will be assessed.
All alerts will be fed to and recorded on the CACI web portal and an appropriate incident logged. Incidents will be responded to in line with the agreed SLA.
Incident management type
Supplier-defined controls
Incident management approach
CACI provides a comprehensive, thoroughly tested system and process for Incident management. Cygnum is built to comply with industry standard security expectations, which have been designed and tested at CACI in an environment and security aware culture, evidenced by our security compliance certifications (ISO27001).

CACI’s systems are fully monitored, and employees are required to report any real, perceived or potential security incidents. All incidents are impact assessed and prioritised accordingly. CACI and its sub-contractors have policies and procedures in place for reporting, acting upon and escalating all incidents that could affect the security information within, or, supported by their services.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£97,042 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.