This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Embridge Consulting (UK) Ltd are still valid.
Embridge Consulting (UK) Ltd

UNIT4 Business World (Agresso) Cloud Hosting & Managed Services

Embridge in partnership with cloud hosting supplier to provide Unit4 U4BW Agresso Cloud hosting and technical managed services, supported by our dedicated Inhouse experts and delivering a secure, rapid, reliable, highly available and robust system to users offering a cost effective alternative to on-premise ERP solutions.

Features

  • Fully automated 24/7 monitoring for pro-active support
  • Maximum security, backed by impressive accreditations
  • 99.9% availability, backed by service credits
  • Cutting edge platform, with VPN and MPLS links as standard
  • Agile deployments; new systems provisioned within 48 hours
  • Unlimited U4BW (Agresso) restores / environment refreshes
  • Advanced Disaster Recovery services
  • Unlimited OS, RDBMS & Agresso updates, upgrades and patching
  • Lightning fast performance on ERP-optimised hardware

Benefits

  • Low total cost of ownership & cost effective solution
  • Expert Agresso Technical Managed Service Support
  • Massive scalability - no system to big or too small
  • Database and system performance tuning as standard
  • Continuous knowledge-share with in-house teams
  • Accessible via web browser, desktop PC or mobile devices
  • Unlimited off-site backups for 'bulletproof' audit accountability
  • Exceptional business continuity cover for total service coverage
  • Hosting of Agresso / non-Agresso systems wherever necessary
  • Enterprise SLA's backed by service credits

Pricing

£10,000 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

1 0 6 7 6 0 2 0 6 1 7 5 5 6 2

Contact

Embridge Consulting (UK) Ltd Emma O'Brien
Telephone: 01474555505
Email: enquiries@embridgeconsulting.com

Service scope

Service constraints
When hosting Unit4 Business World, SQL Server is the only supported RDBMS in this cloud solution. Oracle is not supported.
System requirements
  • A modern PC with internet connectivity is required
  • Desktop users will require the Citrix Receiver client
  • VPN's (if required) require customer firewall
  • Power users will require Excel on their desktop machine

User support

Email or online ticketing support
Email or online ticketing
Support response times
Embridge's SLA agreement is shown for reference. The response and resolution times are based on the help desk open hours, however in most cases we provide significantly faster response times. Response times are included within the SLAs, whereas the resolution times are indicative and are not included in the SLAs. Monthly reports are produced demonstrating compliance and any breaches in SLA. Urgent; Respond by:30 minutes; Resolution by:6 hours High; Respond by 1 hour; Resolution by: 12 hours Medium; Respond by 2 hour; Resolution by: 14 hours Low; Respond by 4 hours; Resolution by: 20 hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users have the ability to screen share, upload files securely and chat to our support team.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
Support is available 8.30-4.30pm Monday to Friday excluding weekends and bank holidays - although cover can be extended by prior arrangement subject to additional cost. Support is usually available on a remote basis, however on-site consultancy support can be arranged at additional cost. We offer three levels of support: Level 1 support service is aimed at customers who are already live with U4BW and covers the following functions: User assistance such as training new staff. Daily, weekly and monthly task processing including setting up new staff as users or resources, timesheet/sales orders/purchase order processing and process maintenance, monitoring of items to followup and batch input. Level 2 support service and consultancy covers issue investigation and other system tasks such as system optimisation, environment maintenance and minor system changes. Level 3 support - Remote consultancy service is aimed at customers who are either in the build phase of a new implementation and need additional support or are already live with U4BW and need development support including Project support, remote testing, development of test scripts, off site testing and patches, post go live support, amendments to excelerator reports, build and configurations, writing browser reports, additional functionality evaluation, configuration of additional flexi-fields.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A bespoke customer system reference document is provided. This details all the resources available to users, the URL's and how to access and use them. It also includes training for in-house IT teams to support users (which is delivered via distance training; telephone or online tools).
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
This is entirely up to the users, but we support full database backups, full SFTP transfer of files / resources or the user can simply export their data directly from the system using web services or other online tools that we provide.
We can also provide the Gcon4 MFL tool for data migration at extra cost.
End-of-contract process
All end of contract off-boarding exercises are covered under the contract. The data will ultimately be destroyed, but if it is still required it can be provided to a third-party or to the customer directly via database backup, SFTP file transfer or any other method required. The data can also be obtained on a self-service basis by the customer directly if they utilise the web API's.

Using the service

Web browser interface
Yes
Using the web interface
The web interfaces are developed by Unit4 (for Unit4 Business World) and Citrix (for Citrix web interface). Users can log into the application(s) and can access all the functionality available to them via these web interfaces.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
UNIT4 has developed a product reading list in braille for the blind and visually impaired, which sits in front of the user’s keyboard and mirrors the user’s screen text line by line. Text to speech function is available making it easy and quick to listen to the text that’s written on the screen. For the visually impaired, the text has been adapted to provide enhanced readability through stronger contrasts and increased size.
Web interface accessibility testing
Unit4 (the software vendor for Unit4 Business World software) has been awarded a European CSR award for its work with Blindeforbundet, the Norwegian Association for the Blind and Partially Sighted (NABP) to make its Enterprise Resource Planning (ERP) software available to blind and partially sighted people.
API
Yes
What users can and can't do using the API
The API's allow changes to be made to the core application, such as adding, deleting or viewing users, projects, purchase orders, invoices, etc. Users need programming skills to utilise these API's. The API's are built into the Unit4 Business World product. These are published to users that need to utilise them.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools
The API's are open to use through any automation software
API documentation
Yes
API documentation formats
Other
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
CAS(t) accreditation to OFFICIAL (IL2). This is required to provide secure networking and hosting services to the UK Government and public sector organisations. These are as follows: CESG CAS(t) IL 2-2-4 CESG Assured Service (Telecoms) Scheme – Impact Level 2-2-4 525 CESG CAS(t) IL 2-2-4 CESG Assured Service (Telecoms) Scheme – Impact Level 2-2-4 Encryption Overlay Service Slice for Off-Net Services 526 CPU / disk contention is also kept to a minimum (and throttled), with all customers enjoying dedicated RAM.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Other
Other metrics
  • Core user numbers
  • Custom application metrics
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Quick Think Cloud

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Oracle Databases
  • Files & Folders
  • Virtual Machines
  • SQL Server Databases
  • System States
  • Backup controls
Backup controls
Users identify what they would like to back up (along with a consultant) and the backups are setup with the relevant schedule.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Guarantees the functioning of all cloud server hosts including the hypervisor, with a 99.9% availability for all hosted systems. In the unlikely event of host failure, HA will automatically restart the affected VM onto a healthy host. If the service fails to meet any of these availability commitments, the Customer shall be entitled to service credits.
Approach to resilience
Available on request.
Outage reporting
Service outages are reported via email and also via the customer's online portal.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces is strictly controlled and does not include any user access. Support channels are opened to named users within the organisation. Their access / viewing options will vary depending on their role.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
17/10/2017
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
It is the intention of Embridge Consulting to commerce ISO27001 therefore, we are basing our security governance on the principles of ISO27001.
Information security policies and processes
Information security policies are fully documented and available to all members of staff. Updates are communicated to the organisation, with new starters undergoing a specific session that covers the security policy and invites them to ask questions. Typical policies and processes include blocking the use of USB devices, password changes, fully documented change control, subscribing to security news letters from our CHECK accredited security partners, etc.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change management is tracked on our customer portal, with full visibility to customers. Changes are requested, agreed upon and advertised, documented and delivered via this medium. Every change is subject to CAB approval which happens once a week (or can be put forward for an emergency change if required).
Vulnerability management type
Undisclosed
Vulnerability management approach
A detailed account of this information is available upon request. However, at a high level the threats to our services are both managed, monitored and neutralised via our IDS / IPS systems, we deploy patches regularly in a controlled manner using industry standard deployment tools and our information about potential threats comes from our CHECK certified security provider and datacentre partners.
Protective monitoring type
Undisclosed
Protective monitoring approach
This information is available upon request, but at a high-level potential compromises are identified using an industry standard IDS system, our response includes our own security procedures and includes our CHECK accredited security partner and any such threats / compromises are classified as URGENT and are investigated immediately under the highest possible SLA.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management is tightly interwoven with our service desk system. Users can report incidents via email, internet portal or telephone. Uses can run their own incident reports via this system, but these are also available upon request. We have pre-defined processes for common events (environment refreshes, etc.) and these are documented on the portal knowledge-base where appropriate.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Various - all with the necessary accreditation.
How shared infrastructure is kept separate
CAS(t) accreditation to OFFICIAL (IL2). This is required to provide secure networking and hosting services to the UK Government and public sector organisations.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£10,000 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30-day free trial is offered. This includes 1 full system with relevant infrastructure and support

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@embridgeconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.