The University of Edinburgh Health and Safety team use a system called Cardinus to manage certain workplace risk across the organisation. 

The Cardinus Risk Management system is a SaaS Cloud hosted solution. The primary use of the system is for managing ergonomic Display Screen Equipment (DSE) assessments across the University, although there are some other ergonomic risks  assessments such as laboratory managed through Cardinus.   

The project will develop a technical solution to authenticate UoE staff and visitors to use the Cardinus Risk Management system. In essence, the solution will enable new members of the organisation access to the Cardinus Risk Management system automatically without the need for manual intervention or data entry by local administrative teams.  



In scope: 

  • Integration of the Cardinus system within UoE incorporating 
    • Authentication to the Cardinus system through SSO 
    • All current staff and visitors will be automatically maintained with the Cardinus system on a daily basis
  • As there is personal data being utilised, there will be the requirement to 
    • Complete a Data Protection Impact Assessment (DPIA)
    • Confirm use of the specified data from the Golden Copy owners 

Out of scope:

  • The upgrade to the latest version of Cardinus, as this will be completed as a pre-requisite prior to this project
  • The integration of the Cardinus system will not cater for either Post Graduate Students or Undergraduate Students 



Priority – M = Must Have; S = Should Have; C = Could Have; W = Want 

  • M = has to be satisfied for the final solution to be acceptable in terms of delivery dates, compliance, viability etc. 

  • S = high-priority requirement that should be included if possible -workarounds may be available 

  • C = a nice-to-have requirement 

  • W = want but will not be part of this project 


  • O = Objective 

  • D = Deliverable


Ref. Objectives and Deliverables Priority Owner 
O1 System Design    
D1.1 Documented interface and integration requirements  M Software and Technical Development 
O2 Undertake GPRR checks     
D2.1 Completed  relevant GDPR checks M Project Sponsor 
O3 Implement System integration     
D3.1 Implementation of data interface and SSO  M Software and Technical Development 



  • All UoE staff and visitors will automatically be granted access to the Cardinus Risk Management system once their credentials have been completed in the appropriate down stream systems 
  • Local administrative staff will no longer be required to manually grant individuals access to new visitors or UoE employees to the system
  • Opportunity to improve overall compliance rate of as administrative time could be used to audit and monitor completion


Success Criteria

  • A Fully completed and authorised Data Protection Impact Assessment (DPIA)
  • The automatic transfer of user configuration data to the Cardinus system 
  • User authentication with SSO

Project Milestones

Stage Milestone Due Date 
Plan Planning 11-Oct-2019
Design Complete Design 25-Oct-2019
Build Complete Build 08-Nov-2019
Accept Complete UAT 13-Dec-2019
Deliver Deploy to Live 10-Jan-2020
Deliver DSOR 24-Jan-2020
Close Close 31-Jan-2020


Project Info

Cardinus SSO and Account Provisioning
Health & Safety (HAS)
Management Office
Project Manager
Andrew Stewart
Project Sponsor
Candice Schmid
Current Stage
Start Date
Planning Date
Delivery Date
Close Date
Overall Priority