Format14CRM Limited

CRM CMS: SugarCRM software subscription, implementation, consultancy and support services

We are an Advanced SugarCRM partner specialising in implementing Cloud based Citizen CRM and Case Management applications.

We have extensive knowledge of open standards technologies providing innovative products & solutions across a wide range of public & private sector organisations.

Our key focus is business transformation creating increased operational effectiveness.


  • Full Open REST API
  • Fully Accessible Source Code
  • True Cloud Technology – your choice of cloud deployment/vendor-hosted
  • SugarBPM™ (Business Process Management) easy-to-use workflow automation tools
  • Extensive catalogue of ready-to-go 3rd Party Application integrations
  • Highly configurable application with intuitive configuration tool set
  • Unique Innovations: Customer Journey Add-on, Hint AI, Google G-Suite Application
  • Modern CRM vendor innovating for User Productivity and Experience


  • Give users a Single Comprehensive View of Citizens/Customers/Clients
  • Automate complex workflows, remove human error, increase productivity
  • Connect any number of modern applications using Open Standards
  • A single source of truth where and when it's needed
  • Provide people with clear, easy to understand and information-rich screens
  • Manage complex processes involving multiple contributors easily
  • Reinforce secure, compliant customer data management practices with dedicated functionality


£32 to £120 per person per month

Service documents

G-Cloud 11


Format14CRM Limited

Chris Slade


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Format14CRM consulting services can be used for the analysis and design of complex government applications, our experienced consultants are security cleared.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None
System requirements
  • Vendor-hosted version requires internet access and supported web browsers
  • Private Cloud requirements:

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Format14CRM provides the following Support Levels in our Standard Support Package:

P1 (Critical) e.g. more than 50% of users are unable to access the application, a key component has failed, any security-related incident: response time within 30 minutes, target resolution time is as soon as possible.
P2 (Important) e.g. access is permitted but the system is significantly degraded: response time within 2 hours, target resolution time within 8 hours
P3 (Normal): User account maintenance: response time within 8 hours, target resolution within 2 days

Support is charged annually and is typically calculated as 15-25% of the implementation cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our Services start with a Consultative Phase where we interact with the customer to gain an understanding of the business requirements.
We then prepare an individualised plan which looks at the Analysis, Design and Parameterisation needed to implement the SugarCRM into the organisation.
We tend to recommend an Agile, Interactive Approach, defining User Stories.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • MS Word
  • MS Powerpoint
  • Wiki
End-of-contract data extraction Prior to the end of the Subscription Term, User organisations will instruct us of their intention to export their data.
We will then provide support to enact the planned migration wherever possible.
End-of-contract process At the end of the Subscription Period, Customer data is purged.
> This services is included as part of the Annual Subscription

If additional Data Recovery and Transition is required the these Services can be priced on a Man Day / part thereof basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The SugarCRM mobile application is available for download for Android and iOS devices.
Service interface No
What users can and can't do using the API SugarCRM has extension capabilities enabling interoperability with other applications via an Open API.

SugarCRM provides comprehensive documentation on using the Sugar API, available here:

SugarCRM provides detail on fair user in their Master Subscription Agreement, available here:
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Sugar CRM application is fully customisable.
Users can parameterise/configure the CRM using its Studio tools (with no coding required) and it is fully customisable through code-level changes. Parametisations/Configurations can be applied without coding knowledge, code level changes should be undertaken by a certified Sugar developer.


Independence of resources Cloud Hosting Service provides additional resources when overall demand is high. This is dynamically allocated.


Service usage metrics Yes
Metrics types Licensing Metrics > We provide real time information on Numbers of Users

SugarCRM also provides an Interactive Reporting and DashBoard Tools,
enabling real time analysis of the data mart.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold SugarCRM

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export data from each module using the provided Export function. Users can export all selected data from each module.
Export function is dependant upon the user role privilege.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats JSON Format for API data
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats JSON format

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SugarCRM commits to 99.5% availability. Actual availability for EU data centres is typically 99.991%-100%
Approach to resilience SugarCRM Hosted Cloud Services are provided using AWS datacentres.

Format14CRM also works with Google Cloud Platform.

Both of these have Industry Leading Resilience statistics and provide a robust and reliable platform for availability - further information can be obtained from Amazon Web Services.
Outage reporting > Email alerts are sent to affected customers.

> SugarCRM provides publicly accessible Cloud status pages that makes customers aware of any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels User Access Restrictions are based upon Team and Role Privileges.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Format14CRM plans to apply for ISO 27001 certification as soon as possible. Prior to actioning, we have a comprehensive plan which is coordinated by a designated Head of Security/Risk Officer, reporting to the Board.
His work encompasses maintaining formal inventories of information assets requiring protection, setting out roles and responsibilities.
All employees have to comply with security policies and have received security awareness training.
All Format14CRM security policies cover logical and physical access controls.
Information security policies and processes Format14CRM has integrated security into the Development Life Cycle with non conformance being escalated to Head of Security / Risk Management for review.
We have an established Incident Management Methodology to respond to identified risks and measure compliance by detecting incidents and reporting these to Head of Security > this process defines at a high level how to handle and resolve Security Trouble Tickets.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Format14CRM provides a continuous Change Management Process reflecting the Ongoing Requirements for each project >

Our ability to meet the functional and ongoing contractual commitments is key, as well as insuring that security is never compromised.
To this end Format14CRM provides a high level of assurance reviewing that functional objectives as well as security are periodically reviewed and correctly set.
Components include:
- Planning, Developing and Documenting Lifetime Aims & Objectives.
- Defined Governance. Organisation Structure, Roles & Responsibilities.
- Leadership. From the Top and Across the Organisation
- Stakeholders ( Informed )
- Aligned workers ( Motivated )
Vulnerability management type Supplier-defined controls
Vulnerability management approach Format14CRM relies on SugarCRM's extensive testing capability to protect against potential threats and identified vulnerabilities.

Through rigorous testing, configuration and change management issues can be identified when they unexpectedly change security properties.

Monitoring of attacks and unauthorised activity are immediately reported and preventative measures taken.

Where there are known vulnerabilities to services SugarCRM will make updates available asap.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Format14CRM relies on SugarCRM's extensive Protective Monitoring Measures to protect against potential threats and identified vulnerabilities.

Once Format14CRM is made aware of a potential compromise we immediately inform effected customers and begin a process of protection.

Customer notification happens shortly after identification of compromise.
and preventative measures taken.

Where there are known vulnerabilities to services SugarCRM will make updates available asap.
Incident management type Supplier-defined controls
Incident management approach Format14CRM has a Cloud Based Customer Incident Application

Users log into the Online Incident Portal to log all incidents.
Acknowledgement of Incident is sent to the user, and Format14CRM begins its predefined process to identify seriousness and impact.

In parallel the Format14 Customer Incident Application escalates to its Head of Security/Risk Officer.

After establishing severity Format14CRM initiates communication with all effected users.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £32 to £120 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Cloud Based trial is available on request: Whether you're new to CRM or looking to switch, Sugar offers an innovative, intuitive platform to help your operation save time.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑