A2Z CLOUD LTD

Zoho books

Zoho Books is online cloud based accounting software that manages your finances, gets you VAT ready, automates business workflows, and helps you work collectively across departments.

It features contact management, invoices, expenses, sales and purchase orders, project time tracking and inventory management.

Features

  • End-to-end accounting
  • VAT compliance
  • negotiate deals, raising sales orders, send invoices
  • Chase payments easily with payment reminders
  • online payment options and get paid faster
  • Capture cross-border and overseas trade with precision.
  • generate VAT returns
  • sign up for MTD submit returns directly to HMRC.
  • Client portal to view estimates, invoices and make online payments
  • PCI & GDPR Compliant

Benefits

  • Access from multiple devices, integrate core business applications
  • Schedule reports and get real time data
  • Automate business workflows & routine tasks
  • Seamless flow of data to finance & 3rd party applications
  • Electronically sign documents through Zoho Sign
  • Store documents in one place and assign to transactions
  • Raise invoices, estimates purchase orders and track payments
  • Accounting on the go using mobile applications
  • Flexible pricing
  • integration with Zoho Inventory to sold items

Pricing

£0 to £18 a licence a month

Service documents

Framework

G-Cloud 12

Service ID

1 9 7 8 7 6 6 7 2 6 9 5 6 9 0

Contact

A2Z CLOUD LTD Lucy Beck
Telephone: 01722480300
Email: gcloud_12@a2zcloud.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Zoho One, Zoho CRM, Zoho Mail, Zoho Desk, Zoho Finance suite, Zoho Books, Zoho Projects, Zoho Analytics, Zoho Campaigns, applications available on the Zoho Marketplace ( Xero, Mailchimp, Hubspot, Zapier, RingCentral, Google, Microsoft, etc.) , third-party applications that have an API (Application Programming Interface) integration.
Cloud deployment model
Public cloud
Service constraints
Any planned maintenance activities will be announce beforehand and will be performed during non-business hours and weekends without affecting major functionalities.

Operating System - Windows / Linux / Mac OS X

Web Browsers - Safari 9 and above / Google Chrome 49 and above / Mozilla Firefox 44 and above / Internet Explorer 11 and above / Opera 45 and above

Other requirements
Enable JavaScript
Enable Cookies
Install Flash plug-in

It is necessary to use browsers, APIs, and Plugins that support TLS v1.2.

IOS: Requires iOS 9.0 or later. Compatible with iPhone, iPad, and iPod touch.
Android:Android 4.1 and above
System requirements
  • Windows / Linux / Mac OS X
  • Safari 9 and above
  • Internet Explorer 11 and above
  • Google Chrome 49 and above
  • Mozilla Firefox 44 and above
  • Opera 45 and above
  • Enable JavaScript & cookies
  • Install Flash Plug-in
  • Necessary to use APIs, and Plugins that support TLS v1.2.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Support with SLA criteria are chargeable starting from £2000 per annum for a response time of 8 working hours based on a 5 day week. Higher lever support agreements are available on request.

Weekend and other out of hours cover is available on request at extra cost.

Short-term agreements are available for critical / specified periods when required.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
We've worked with a visually impaired (70% sight loss) web developer for over 12 months. He was able to use the system with a help of a monitor specially designed to assist users with visual difficulties.

More information is available on request.
Onsite support
Yes, at extra cost
Support levels
First month post go-live - free support.

For full year around support - we offer subscription based service agreement that allows subscribers to avail our services on demand at a reduced price.

Depending upon the extent of support needed customer can choose to pay a monthly subscription starting from £200/month. Unused money from the current month will roll over to the next month and can be used for product support, customisations, additional features, etc. More information is available on request.

Levels of Support offered by A2Z Cloud

Level 1 support​ - Any questions / queries that can be resolved directly on the phone call/ emails / ticket by the support agent is a Level 1 support.

Level 2 support​ - If the clarification requires a closer look at the system, the support agent will create a ticket and assign it to the relevant person (developer / account manager/trainer)

Level 3 support​ - When a request for modification or additional requirement to the system is raised then the change management process is followed. We will start with gathering the requirements, offer an implementation plan, develop, test and implement the solution.

Each customer will be mapped to an account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our deployment process starts with a series of design workshops to capture processes targeted at facilitating and/or automating. Based on the requirements shared during these sessions, we will work on the overview of the system.

This will enable us to understand the current processes and help our customers envision the future system of how various components interact in multiple ways within the system and how they interact with external elements.

Based on the process workshops and requirements shared, we would work on the Implementation plan. Once the plan is signed off the implementation begins.

Once the implementation reaches the final stages, we start with demos, training of users (admins and standard users). Post implementation (go-live) we offer online / onsite training as required for an additional fee.

Post this, our customers can make use of the support plan available. If not part of the support plan, customers can still reach out to us through emails and calls for support which will be chargeable depending on the requirement. Documentation is made available on request.

We use different training methods for onboarding bespoke to client needs. We provide required training on the specific modules purchased, to enable both users and System Administrators.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • .csv
  • .xls, .xlsx
  • .doc, .docx
  • .ppt, .pptx
  • Will meet required specification as far as possible
End-of-contract data extraction
You can do a full back up of the system. All the data will be delivered in the form of multiple .CSV files that can be downloaded using the link that will be made available within 24 hours of request.

The downloaded files are available in .zip format. The number of files depend on the data on the system.

Users can opt to export the data onto excel sheets, .csv files and upload the data into their system of choice.

We will agree the end of the contract process as part of the onboarding process for ease of understanding. Other data formats can be agreed by request and we provide full instructions on how to download the data.

Also, Zoho reserves the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days. In the event of such termination, all data associated with such user account will be deleted. Prior notice of such termination will be communicated and the option to back-up your data will be available. Each Service will be considered an independent and separate service for calculating the period of inactivity.
End-of-contract process
At the end of the contract, if the customer chooses to continue using the system, they can renew the licenses on a periodic basis. This will ensure all customisations done on top of the system specific for the customer continues to exist without any modification.

If the customer would prefer not to continue using the system/shutdown, a full download of data existing on the system can be done by one of the users of the system (usually admin / super admin). A2Z Cloud will help the customer with the documentation on data back if requested.

Post the termination of contract, the customer has the right to erasure of data as Zoho is GDPR compliant. So the users can request to delete data permanently through email and Zoho will comply with the request.

The price of the contract includes the license fees.

Additional fees will be charged for the implementation process which involves but is not limited to requirements gathering, proposal solution documents, implementation of the proposal, handover and support.

The contract also does not include training, data migration and anything not mentioned above.

The Rate Card offers more information on our implementation costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Close to 90% parity of the browser based application is available on the mobile services.
Service interface
Yes
Description of service interface
The Zoho Books API allows you to perform all the operations that you do with our web client.

More information is available at https://www.zoho.com/books/api/v3/
Accessibility standards
WCAG 2.1 A
Accessibility testing
We've worked with a visually impaired (70% sight loss) web developer for over 12 months. He was able to use the system with a help of a monitor specially designed to assist users with visual difficulties. More information is available on request.
API
Yes
What users can and can't do using the API
Freely available, well documented RESTful services is available.

https://www.zoho.com/books/api/v3/ offers extensive information on the different functionalities the API supports.

Zoho Books API is built using REST principles which ensures predictable URLs that makes writing applications easy. This API follows HTTP rules, enabling a wide range of HTTP clients can be used to interact with the API.

Every resource is exposed as a URL. The URL of each resource can be obtained by accessing the API Root Endpoint.

Users can setup the API service between Books and the required application using any of the following SDKs - Java / Python / PHP / C# / Node Js / Ruby and Android/iOS for mobile applications.

Users can retrieve, insert, update, search, delete, convert, attach, download - records, fields, files and photos.

API calls are limited to provide better quality of service and availability to all the users. The limits on total calls are illustrated below:

Paid Organization - 2500 API calls/day and 100 API calls/minute
Free Organization - 1000 API calls/day and 100 API calls/minute
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Zoho Books can be customised to set up the Chart of accounts (Account receivables, payables ) for each organisations, set up email templates to be used when sending out estimates and invoices, link with bank account to track live payments and so on.

This can be further integrated with Zoho CRM to understand the payments made by each client.

Workflows can be setup to send out automated invoices and follow-up emails to ensure payment is done.

Invoices and estimates can further be customised to show the low and company details as required.
Once VAT details are configured, it can be used to file VAT returns.

Scaling

Independence of resources
We have project mangers who asses, assign and assist developers to ensure timely service.

We also offer support services where tickets are raised and categorised based on their priority to offer the best user experience.

In line with digital resources - All customer data is segregated and protected via our SaaS framework. There is no sharing of customer data as it exists in multi-user architecture. Zoho operates in a tested environment and has proven robust contingency plans in place to ensure peak demand is covered.

Using the cloud, Zoho can scale horizontally meeting each customer’s performance needs.

Analytics

Service usage metrics
Yes
Metrics types
Zoho Books can be integrated with Zoho Analytics to provide advanced Analytics reports

You can create custom reports or choose from Zoho Analytics’ 75+ financial reports. Reports and dashboards that you create in Zoho Analytics can also be embedded in your own website or application. The integration can prove extremely useful if you want to create reports from multiple sources or even multiple organisations from Zoho Books itself.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Zoho Corp.

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
At rest: Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service (KMS). We provide additional layers of security by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
This is a straight forward process and can be done by any user with appropriate access rights. It can take around 30 minutes for you to receive the backup link from the time you’ve initiated a backup.
The download link sent to your email address will expire 30 days post the date of your backup.

Data backup needs to be done individually for each service. Zoho Books allows you to export your complete organisational data as a single compressed file. The compressed file will consist of CSV files that belong to various modules of Zoho Books.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Between you and Zoho:

Zoho follows the latest TLS protocol version 1.2/1.3 and uses certificates issued by SHA 256 and ciphers (AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism). Zoho also implements perfect forward secrecy and enforce HTTPS Strict Transport Security (HSTS) across all sites.

Between Zoho and third parties:

Zoho follows the https protocol during our communication with third parties. For transactions that involve sensitive data and use cases, Zoho use asymmetric encryption, which utilizes a system of public and private keys to encrypt and decrypt data.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Zoho offers a service uptime of over 99%. There are no defined SLAs from Zoho at this point in time. The availability of the service can be checked at https://status.zoho.eu/

However, the last service interruption for Zoho CRM happened on July, 2019 which lasted for less than 2 minutes.

Application data is stored on resilient storage that is replicated across data centers. Data in the primary DC is replicated in the secondary in near real time. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimal or no loss of time. Both the centers are equipped with multiple ISPs.

Zoho has power back-up, temperature control systems and fire-prevention systems as physical measures to ensure business continuity. These measures help achieve resilience. In addition to the redundancy of data, we have a business continuity plan for our major operations such as support and infrastructure management.
Approach to resilience
Application data is stored on resilient storage that is replicated across data centers. Data in the primary DC is replicated in the secondary in near real time. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimal or no loss of time. Both the centers are equipped with multiple ISPs.

All the components of Zoho's platform are redundant. Zoho uses a distributed grid architecture to shield the system and services from the effects of possible server failures. If there's a server failure, users can carry on as usual because their data and Zoho services will still be available to them.
Zoho additionally uses multiple switches, routers, and security gateways to ensure device-level redundancy. This prevents single-point failures in the internal network.

At Zoho's Data Centers, a co location provider takes responsibility of the building, cooling, power, and physical security. Access to the Data Centers is restricted to a small group of authorized personnel. Additional two-factor authentication and biometric authentication are required to enter the premises. Access logs, activity records, and camera footage are available in case an incident occurs.

More information is available on request.
Outage reporting
https://status.zoho.eu/ is a publicly available URL that can be accessed on the internet which offers a real time status on the response time for all their applications.

The website also shows incident details on all previous outages specific to each application.

Zoho has a dedicated incident management team. Zoho will notify you of the incidents in the environment that apply to you, along with suitable actions that you may need to take. Zoho tracks and closes the incidents with appropriate corrective actions. Whenever applicable, Zoho will identify, collect, acquire and provide you with necessary evidence in the form of application and audit logs regarding incidents that apply to you. Furthermore, Zoho implements controls to prevent recurrence of similar situations.

We respond to the security or privacy incidents you report to us through incidents@zohocorp.com, with high priority. For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address of the Organisation administrator registered with us).

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Firewall access is monitored on a strict, regular schedule. A network engineer reviews all changes made to the firewall everyday. Additionally, these changes are reviewed every three months to update and revise the rules.

In-house Key Management Service (KMS) creates, stores and manages keys across all services. The master key remains in a physically separate and secure server.

An Access Control List (ACL) allows only selected services to access selected keys. Regular audits of these logs help monitor the process.

This is also a key rotation system where we change the Root Master key periodically, which ensures additional security.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
In-house Key Management Service (KMS) creates, stores and manages keys across all services:

Data Encryption Key(DEK): The key used to convert the data from plain text to cipher text, or the key used to encrypt the data.

Key Encryption Key (KEK): The key used to encrypt the DEK, and is service-specific. It provides an extra layer of security.

Master Key: used to encrypt the KEK. This key is stored in an isolated server for safety.

All types of encryption are according to the AES 256 algorithm.

The servers are only accessed through an isolated, restricted, monitored and logged protected network.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standard Institute
ISO/IEC 27001 accreditation date
22/08/2016
What the ISO/IEC 27001 doesn’t cover
The ISO/IEC 27001:2013 certificate specifies the requirements for establishing, implementing, maintaining, and improving information security management within an organisation. The Information Security Management System covers all products and services of Zoho Corporation.

The audit included all our cloud offerings (Zoho, ManageEngine and Site24x7), that is, all the application software that we operate and offer in the cloud (software-as-a-service).
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self Assessment
PCI DSS accreditation date
July 2018
What the PCI DSS doesn’t cover
Payment card industry (PCI) compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. PCI compliance is enforced by the PCI Standards Council, to ensure that all businesses that store, process or transmit credit card data electronically do so in a secure manner that helps reduce the likelihood that cardholders would have sensitive financial data stolen.
Other security certifications
Yes
Any other security certifications
  • ISO/IEC 27017:2015
  • ISO/IEC 27002
  • ISO/IEC 27018
  • SOC 2 Type II compliant
  • GDPR
  • TRUSTe Review
  • Signal spam

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 27017 and ISO 27018 certified. And Zoho is also SOC 2 Type II compliant in Security, Confidentiality, Processing Integrity , Availability, and Privacy.
Information security policies and processes
For UK & Europe, Zoho complies by the widely recognised standards ISO 27001, ISO 22301 and ISO 9001ISO 27001.

For data centres in the USA, Zoho complies by SOC 1 TYPE II, SOC 2 TYPE II, HIPAA, PCI DSS & SOC 3.

For data in transit, Zoho uses TLS protocol version 1.2/1.3 and certificates issued by SHA 256 and ciphers (AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism).

We also implement perfect forward secrecy and enforce HTTPS Strict Transport Security (HSTS) across all sites.

Depending on the sensitivity of data:

Level 1- This is the default level of encryption that we do for data from all Orgs. our KMS allots a key to each org.

Level 2- We do this level of encryption for sensitive and Personally Identifiable Information (PII). This category includes fields like Bank account numbers, Identification numbers and biometric data.

In this level, the KMS generates a unique key to each column in the table. All data in a particular column will be encrypted using the key generated for that column. These keys are again encrypted using a master key and stored in a separate server.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Zoho is ISO/IEC 27001:2013 certified. So all change management processes are done in compliance with the standards.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Dedicated periodic Network vulnerability scans and Application penetration tests are performed that actively scans for security threats using a combination of certified third-party scanning tools and in-house tools, and with automated and manual penetration testing efforts.

The security team actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis to spot security incidents that might affect the company’s infrastructure.

Once a vulnerability requiring remediation is identified, it is logged, prioritised according to the severity, and assigned to an owner.

Summary reports shared on signing an NDA.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Firewalls are used to prevent our network from unauthorised access and undesirable traffic. Firewall access is monitored with a strict, regular schedule. A network engineer reviews all changes made to the firewall everyday. Additionally, these changes are reviewed every three months to update and revise the rules.

Systems supporting testing and development activities are hosted in a separate network from systems supporting Zoho's production infrastructure.

All crucial parameters are continuously monitored using our proprietary tool and notifications are triggered in any instance of abnormal or suspicious activities in our production environment.

All data on www.zoho.eu resides in EU(Netherlands & Ireland).
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Comprehensively covered in ISO 27001:2013 and SOC 2 TYPE II audits, users are notified of the incidents in the production environment that is applicable to them, along with suitable actions that they may need to take.

Incident reported by users at incidents@zohocorp.com is responded to with high priority.

For general incidents, users are notified through blogs, forums, and social media. For incidents specific to an individual user or an organisation, the concerned party is notified through email (using their primary email address of the Organisation administrator registered with us).

Furthermore, controls are implemented to prevent recurrence of similar situations.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0 to £18 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Zoho Books offers a 14 day free trial. No credit card required.

Users can signup for a free account at https://www.zoho.com/uk/books/kb/subscription/trial-signup.html
Link to free trial
https://www.zoho.com/uk/books/kb/subscription/trial-signup.html

Service documents