Closure Report
Background
The University of Edinburgh Health and Safety team use a system called Cardinus to manage certain workplace risk across the organisation.
The Cardinus Risk Management system is a SaaS Cloud hosted solution. The primary use of the system is for managing ergonomic Display Screen Equipment (DSE) assessments across the University, although there are some other ergonomic risks assessments such as laboratory managed through Cardinus.
The project will develop a technical solution to authenticate UoE staff and visitors to use the Cardinus Risk Management system. In essence, the solution will enable new members of the organisation access to the Cardinus Risk Management system automatically without the need for manual intervention or data entry by local administrative teams.
Scope
- Integration of the Cardinus system within UoE incorporating
- Authentication to the Cardinus system through SSO
- All current staff and visitors will be automatically maintained with the Cardinus system on a daily basis
- As there is personal data being utilised, there will be the requirement to
- Complete a Data Protection Impact Assessment (DPIA)
- Confirm use of the specified data from the Golden Copy owners
Project Summary
The project has delivered
- An initial conversion process to replace staff id with uun's for all current user accounts
- A daily file is automatically generated to maintain active Cardinus accounts for all current UoE Staff, Visitors and PGR's whereby
- an account is created for new starts
- the account is maintained for existing users, namely name, emails address organisation level hierarchy
- the account is archived if the user is not presented on the daily file - and provides the ability to re-instate the account if the user subsequently returns
- An update log is created and electronically distributed to both Applications Management and Health & Safety functional accounts
- Cardinus authentication through Single Sign On
- In delivering this functionality, it should be noted that this proved to be more complicated than first anticipated. As opposed to the supplier providing a metadata, there was the requirement to create a metadata file using specific supplier supplied data - reverse IDP
- Consolidated access to the Cardinus application from a launch page on the Health and Safety Website to the Cardinus Hub with regards to
-
Fire Safety
-
Healthy Working (previously known as Display Screen Equipment (DSE))
-
Laboratory Ergonomics
-
Manual Handling
-
Safe Driving
-
- Completion of the relevant documentation such as
- Data Protection Impact assessment approved by the data Protection Officer
- Regular Data Feeds document confirming use of golden copy data
- System Design Specification (SDS)
- System Design Document (SDD)
- Technical Architecture Document (TAD)
The project manager would like to acknowledge the excellent technical input and support of the project team throughout the project with regards to, and in no particular order;
- Michael Sun - Development Lead
- Alister Webb - Technical Lead
- Hugh Brown - Applications Management for IDM support
- Mark McGowan - Technology Management Lead
- Candice Schmid - Project Sponsor
- Angharad Jenkins - Health and Safety
- Mark Cairney - SSO configuration
In addition, thanks should also be expressed to the
- The Applications Resource Manager, Paul McNulty for his assistance in resourcing the project from an IS perspective
- The representatives from the Cardinus Helpdesk who proved to be very helpful and responsive to questions throughout the project
Objectives
| Phase | Achieved |
| O1. System Design | Yes - System Design Specification (SDS) created |
| O2. Undertake GPRR checks | Yes - DPIA approved |
| O3. Implement System integration | Yes - SSO and Account Provisioning |
Deliverables
| Phase | Priority | Achieved |
| D1.1 | Documented interface and integration requirements | Yes |
| D2.1 | Completed relevant GDPR checks | Yes |
| D3.1 | Implementation of data interface and SSO | Yes |
Analysis of Resource Usage:
Staff Usage Estimate: 58 days
Staff Usage Actual: 74 days
Staff Usage Variance: 125%
Other Resource Estimate: £0
Other Resource Actual: £0
Other Resource Variance: 0%
Breakdown by Team
| Team | Estimate | Actual | Difference | Reason for Difference |
| Project Management | 14 | 22 | +8 | Additional effort to cover extended project time |
| Project Governance | 2 | 0 | -2 | Assigned against recorded project resources |
| Development | 23 | 30 | +7 | Additional effort was required as a result of IDM associated issues during UAT and further effort to incorporate visitor feed |
| Development Technology | 12 | 13 | +1 | |
| Applications Management | 3 | 7 | +4 | Effort to integrate with IDM through Dev, Test and Live was not planned as part of the original estimate |
| Technology Management | 2 | 2 | 0 | |
| Enterprise Architecture | 1 | 0 | -1 | No effort required |
| Total | 58 | 74 | +16 |
Explanation for variance
- The project experienced a number of unanticipated delays due to resourcing issues
- A conflict on the lead developers time was experienced during the initial build phase - ref piccl item 3
- The unavailability of technical staff during two series of industrial action in November /December 2019 and February / March 2020
- Full user testing was delayed as result of coronavirus planning being undertaken by the Health and Safety project team members
- The configuration of Single Sign On proved to be more difficult than originally anticipated due the supplier method of integration (ref piccl item 4) requiring additional time and effort from colleagues in ITI
- The period of UAT required to be extended due to a number of issues associated with data formatting as noted in piccl item 8
- During the full user acceptance testing it was observed that Visitors had inadvertently been excluded from the daily feed resulting in additional time being required to incorporate current Visitors (ref piccl item 9)
Key Learning Points
- Consultation with Applications Management team should be held during the planning phase for projects utilising existing data sources such as IDM to determine the impacts regarding time and effort
- When preparing a file according to a defined supplier layout, additional effort at the outset should be utilised to confirm details such as; format of file name, field separators, default value when field blank,
Outstanding Issues
There are no outstanding issues with this project.