Webcurl Ltd

CRM Web Portal

The CRM web portal exposes Microsoft Dynamics 365, Northgate Enterprise and SugarCRM data via its portal technology. We have vertical solutions ranging from Customer Service, Partner portals and Case Management frameworks.

Powered by Drupal, it also comes with a free hosted deployment of the best in class Open Source CMS.


  • open source
  • open source cms
  • drupal cms
  • sugarcrm integration
  • dynamics 365 integration
  • CRM
  • Open Source CRM
  • real-time data entry
  • real-time data retrieval
  • best in class CMS


  • manage content on the move
  • record data in CRm
  • securely held data
  • iso27001 accredited provider
  • GDPR compliant
  • provides channel shift
  • out of the box Case Management Solution
  • out of the box partner portal
  • put of the box customer service solution
  • tightly integrated with corporate website


£4000 per instance per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9


Webcurl Ltd

Colin Sherry

01865 741762


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Sugar CRM
Microsoft dynamics 365
Northgate Enterprise
Cloud deployment model Private cloud
Service constraints Cloud based Software as a Service but may be available on-premise for larger enterprise customers.
System requirements
  • Linux
  • Open Source
  • Anti virus
  • CMS
  • MYSQl
  • NGINX web server

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 hours - Mondya - frodat
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Our support packages are based on time used and is billed in 15 minute increments. The cost of a support contract is determined by the amount of time purchased in advance and is detailed below.

Time Block
Cost per block

10 Hours - £ 1,000
20 Hours - £ 1,850
30 Hours - £ 2,600
50 Hours - £ 4,200
100 Hours - £ 7,750

200 Hours
£ 14,000

Webcurl provides an initial response within 2 hours for critical tickets with a proposed action and resolution timescale being posted within 4 working hours. Other tickets will be acknowledged within a maximum of 4 hours with a proposed action and resolution timescale being posted the same day.

Webcurl provide help-desk support via telephone, e-mail and the online portal during the hours of 9.00am to 5.00pm UK time (excluding weekends and days which are public holidays in England).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training and documentation are provided for the solution

Development work and training is provided on an ad-hoc basis and is for a set amount of days.

Additional help is provided via our support agreement and is detailed further in the support agreement.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data will be returned to the customer via a backup of the MYSQL database the product uses.

As we use open source technology this data can be accessed freely by restoring the database to the given product.
End-of-contract process Contract includes hosting of the portal connector and CMS platform. An initial 10 hours of support is included in the package.

Additional hours of support and consultancy work can also be added as an extra.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Manly layout and re-organistion of data on screens.
Accessibility standards WCAG 2.0 AAA
Accessibility testing We have used third party eye tracking companies to test the usability of our software.
Customisation available Yes
Description of customisation Look and feel
As we use the Open source platform Drupal most customisations and configurations can be performed using standard Drupal coding practices


Independence of resources Due to our services being in the cloud we can add additional resources to a tenant as and when required.

We also monitor neighbouring tenants to ensure they are not abusing the rights to use the service.


Service usage metrics Yes
Metrics types Visitors and access to the site, last logged in etc.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach A full backup of a MYSQL database will be provided ion demand.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Webcurl agrees to provide Licensee with access to the currently published SaaS version of the Licensed Software via the Internet. During any calendar month, the Licensed Software shall be available to Licensee 99.9% of the time via the Internet except for:
(i) the time during which the Licensed Software is unavailable so that Webcurl or the hosting provider can perform maintenance for security and system integrity purposes and provide Upgrades, also known as "Planned Maintenance Downtime";
(ii) downtime caused by circumstances beyond Webcurl’s control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, acts of terror, war, third party strikes and other labor problems, or other events of force majeure;

iii) general Internet outages, failure of Licensee's infrastructure or connectivity, computer and telecommunications failures and delays not within Webcurl’s control; and

(iv) network intrusions or denial-of-service attacks.

n the event that Webcurl fails to maintain the foregoing availability of the Licensed Software during any calendar month of the subscription, Licensee's sole and exclusive remedy shall be to request a service credit in the following percentages of
the prorated monthly fees
99.9%, but greater than 99.5% 10%;
99.5%, but greater than 99.0%25%;
99.0%, a service credit of 50%.
Approach to resilience Available on Request
Outage reporting Via a pro-active monitoring tool available for access by our clients.

This provides downtime, current issues and previous outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted via a 2 factor authentication process to our software solutions
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Awaiting iso27001 approval

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All policies are documented and explained to staff during the on-boarding process.

A clearly defined escalation path is documented to handle non compliance

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All our change management is handled by the software repository GIT. this provides us with documented evidence of when changes were processed and who completed the change.

All changes are run through standard security tests before being deployed in a live environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Threats to our system are assessed by our security team.

As we are extending third party software we are reliant to some degree of them notifying us of issues. the Open Source community is very good at releasing security updates, usual weekly, and these are applied automatically to our solutions.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We actively monitor and are notified of any security issues from all the technology vendors we have in our stack.
Incident management type Supplier-defined controls
Incident management approach All security incident resolution is fully documented and actioned immediately.

Users can report incidents via the help desk portal and these will be reviewed and categorised accordingly.

Reports are available via our portal on all incidents past and present.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4000 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial No limitations, access to the full software will be given for 30 days


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑