Closure Report


The University of Edinburgh Health and Safety team use a system called Cardinus to manage certain workplace risk across the organisation. 

The Cardinus Risk Management system is a SaaS Cloud hosted solution. The primary use of the system is for managing ergonomic Display Screen Equipment (DSE) assessments across the University, although there are some other ergonomic risks  assessments such as laboratory managed through Cardinus.   

The project will develop a technical solution to authenticate UoE staff and visitors to use the Cardinus Risk Management system. In essence, the solution will enable new members of the organisation access to the Cardinus Risk Management system automatically without the need for manual intervention or data entry by local administrative teams.


  • Integration of the Cardinus system within UoE incorporating 
    • Authentication to the Cardinus system through SSO 
    • All current staff and visitors will be automatically maintained with the Cardinus system on a daily basis
  • As there is personal data being utilised, there will be the requirement to 
    • Complete a Data Protection Impact Assessment (DPIA)
    • Confirm use of the specified data from the Golden Copy owners 

Project Summary

The project has delivered 

  • An initial conversion process to replace staff id with uun's for all current user accounts 
  • A daily file is automatically generated to maintain active Cardinus accounts for all current UoE Staff, Visitors and PGR's whereby  
    • an account is created for new starts 
    • the account is maintained for existing users, namely name, emails address organisation level hierarchy 
    • the account is archived if the user is not presented on the daily file - and provides the ability to re-instate the account if the user subsequently returns
    • An update log is created and electronically distributed to both Applications Management and Health & Safety functional accounts
  • Cardinus authentication through Single Sign On 
    • In delivering this functionality, it should be noted that this proved to be more complicated than first anticipated. As opposed to the supplier providing a metadata, there was the requirement to create a metadata file using specific supplier supplied data - reverse IDP 
  • Consolidated access to the Cardinus application from a launch page on the Health and Safety Website to the  Cardinus Hub with regards to 
    • Fire Safety 

    • Healthy Working (previously known as Display Screen Equipment (DSE)) 

    • Laboratory Ergonomics  

    • Manual Handling  

    • Safe Driving 

  • Completion of the relevant documentation such as 
    • Data Protection Impact assessment approved by the data Protection Officer
    • Regular Data Feeds document  confirming use of golden copy data 
    • System Design Specification (SDS)
    • System Design Document (SDD)
    • Technical Architecture Document (TAD)

The project manager would like to acknowledge the excellent technical input and support of the project team throughout the project with regards to, and in no particular order;

  • Michael Sun - Development Lead 
  • Alister Webb - Technical Lead 
  • Hugh Brown  - Applications Management for IDM support  
  • Mark McGowan - Technology Management Lead 
  • Candice Schmid - Project Sponsor 
  • Angharad Jenkins - Health and Safety 
  • Mark Cairney - SSO configuration 

In addition, thanks should also be expressed to the 

  • The Applications Resource Manager, Paul McNulty for his assistance in resourcing the project from an IS perspective 
  • The representatives from the Cardinus Helpdesk who proved to be very helpful and responsive to questions throughout the project


Phase Achieved
O1. System Design Yes - System Design Specification (SDS) created
O2. Undertake GPRR checks  Yes - DPIA approved
O3. Implement System integration  Yes  - SSO and Account Provisioning 


Phase Priority Achieved
D1.1 Documented interface and integration requirements Yes
D2.1 Completed  relevant GDPR checks Yes
D3.1 Implementation of data interface and SSO Yes

Analysis of Resource Usage:

Staff Usage Estimate: 58 days

Staff Usage Actual: 74 days

Staff Usage Variance: 125%

Other Resource Estimate: £0

Other Resource Actual: £0

Other Resource Variance: 0%


Breakdown by Team 

Team Estimate Actual Difference Reason for Difference
Project Management 14 22 +8  Additional effort to cover extended project time 
Project Governance 2 0 -2 Assigned against recorded project resources 
Development 23 30 +7 Additional effort was required as a result of IDM associated issues during UAT and further effort to incorporate visitor feed
Development Technology 12  13 +1  
Applications Management 3 7 +4 Effort to integrate with IDM through Dev, Test and Live was not planned as part of the original estimate 
Technology Management 2 2 0  
Enterprise Architecture 1 0 -1 No effort required 
Total 58 74 +16  


Explanation for variance

  • The project experienced a number of unanticipated delays due to resourcing issues
    • A conflict on the lead developers time was experienced during  the initial build phase - ref piccl item 3
    • The unavailability of technical staff during two series of industrial action in November /December 2019 and February / March 2020
    • Full user testing was delayed as result of coronavirus planning being undertaken by the Health and Safety project team members 
  • The configuration of Single Sign On proved to be more difficult than originally anticipated due the supplier method of integration (ref piccl item 4) requiring additional time and effort from colleagues in ITI
  • The period of UAT required to be extended due to a number of issues associated with data formatting as noted in piccl item 8
  • During the full user acceptance testing it was observed that Visitors had inadvertently been excluded from the daily feed resulting in additional time being required to incorporate current Visitors (ref piccl item 9)


Key Learning Points

  • Consultation with Applications Management team should be held during the planning phase for projects utilising existing data sources such as IDM to determine the impacts regarding time and effort 
  • When preparing a file according to a defined supplier layout, additional effort at the outset should be utilised to confirm details such as; format of file name, field separators, default value when field blank, 

Outstanding Issues

There are no outstanding issues with this project.


Project Info

Cardinus SSO and Account Provisioning
Health & Safety (HAS)
Management Office
Project Manager
Andrew Stewart
Project Sponsor
Candice Schmid
Current Stage
Start Date
Planning Date
Delivery Date
Close Date
Overall Priority