Overview
Background
The University of Edinburgh Health and Safety team use a system called Cardinus to manage certain workplace risk across the organisation.
The Cardinus Risk Management system is a SaaS Cloud hosted solution. The primary use of the system is for managing ergonomic Display Screen Equipment (DSE) assessments across the University, although there are some other ergonomic risks assessments such as laboratory managed through Cardinus.
The project will develop a technical solution to authenticate UoE staff and visitors to use the Cardinus Risk Management system. In essence, the solution will enable new members of the organisation access to the Cardinus Risk Management system automatically without the need for manual intervention or data entry by local administrative teams.
Scope
In scope:
- Integration of the Cardinus system within UoE incorporating
- Authentication to the Cardinus system through SSO
- All current staff and visitors will be automatically maintained with the Cardinus system on a daily basis
- As there is personal data being utilised, there will be the requirement to
- Complete a Data Protection Impact Assessment (DPIA)
- Confirm use of the specified data from the Golden Copy owners
Out of scope:
- The upgrade to the latest version of Cardinus, as this will be completed as a pre-requisite prior to this project
- The integration of the Cardinus system will not cater for either Post Graduate Students or Undergraduate Students
Objectives
Priority – M = Must Have; S = Should Have; C = Could Have; W = Want
-
M = has to be satisfied for the final solution to be acceptable in terms of delivery dates, compliance, viability etc.
-
S = high-priority requirement that should be included if possible -workarounds may be available
-
C = a nice-to-have requirement
-
W = want but will not be part of this project
-
O = Objective
-
D = Deliverable
| Ref. | Objectives and Deliverables | Priority | Owner |
| O1 | System Design | ||
| D1.1 | Documented interface and integration requirements | M | Software and Technical Development |
| O2 | Undertake GPRR checks | ||
| D2.1 | Completed relevant GDPR checks | M | Project Sponsor |
| O3 | Implement System integration | ||
| D3.1 | Implementation of data interface and SSO | M | Software and Technical Development |
Benefits
- All UoE staff and visitors will automatically be granted access to the Cardinus Risk Management system once their credentials have been completed in the appropriate down stream systems
- Local administrative staff will no longer be required to manually grant individuals access to new visitors or UoE employees to the system
- Opportunity to improve overall compliance rate of as administrative time could be used to audit and monitor completion
Success Criteria
- A Fully completed and authorised Data Protection Impact Assessment (DPIA)
- The automatic transfer of user configuration data to the Cardinus system
- User authentication with SSO
Project Milestones
| Stage | Milestone | Due Date |
| Plan | Planning | 11-Oct-2019 |
| Design | Complete Design | 25-Oct-2019 |
| Build | Complete Build | 08-Nov-2019 |
| Accept | Complete UAT | 13-Dec-2019 |
| Deliver | Deploy to Live | 10-Jan-2020 |
| Deliver | DSOR | 24-Jan-2020 |
| Close | Close | 31-Jan-2020 |