CRM CMS: SugarCRM software subscription, implementation, consultancy and support services
We are an Advanced SugarCRM partner specialising in implementing Cloud based Citizen CRM and Case Management applications.
We have extensive knowledge of open standards technologies providing innovative products & solutions across a wide range of public & private sector organisations.
Our key focus is business transformation creating increased operational effectiveness.
- Full Open REST API
- Fully Accessible Source Code
- True Cloud Technology – your choice of cloud deployment/vendor-hosted
- SugarBPM™ (Business Process Management) easy-to-use workflow automation tools
- Extensive catalogue of ready-to-go 3rd Party Application integrations
- Highly configurable application with intuitive configuration tool set
- Unique Innovations: Customer Journey Add-on, Hint AI, Google G-Suite Application
- Modern CRM vendor innovating for User Productivity and Experience
- Give users a Single Comprehensive View of Citizens/Customers/Clients
- Automate complex workflows, remove human error, increase productivity
- Connect any number of modern applications using Open Standards
- A single source of truth where and when it's needed
- Provide people with clear, easy to understand and information-rich screens
- Manage complex processes involving multiple contributors easily
- Reinforce secure, compliant customer data management practices with dedicated functionality
£32 to £120 per person per month
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Format14CRM consulting services can be used for the analysis and design of complex government applications, our experienced consultants are security cleared.|
|Cloud deployment model||
|Email or online ticketing support||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Format14CRM provides the following Support Levels in our Standard Support Package:
P1 (Critical) e.g. more than 50% of users are unable to access the application, a key component has failed, any security-related incident: response time within 30 minutes, target resolution time is as soon as possible.
P2 (Important) e.g. access is permitted but the system is significantly degraded: response time within 2 hours, target resolution time within 8 hours
P3 (Normal): User account maintenance: response time within 8 hours, target resolution within 2 days
Support is charged annually and is typically calculated as 15-25% of the implementation cost.
|Support available to third parties||Yes|
Onboarding and offboarding
Our Services start with a Consultative Phase where we interact with the customer to gain an understanding of the business requirements.
We then prepare an individualised plan which looks at the Analysis, Design and Parameterisation needed to implement the SugarCRM into the organisation.
We tend to recommend an Agile, Interactive Approach, defining User Stories.
|Other documentation formats||
|End-of-contract data extraction||
Prior to the end of the Subscription Term, User organisations will instruct us of their intention to export their data.
We will then provide support to enact the planned migration wherever possible.
At the end of the Subscription Period, Customer data is purged.
> This services is included as part of the Annual Subscription
If additional Data Recovery and Transition is required the these Services can be priced on a Man Day / part thereof basis.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The SugarCRM mobile application is available for download for Android and iOS devices.|
|What users can and can't do using the API||
SugarCRM has extension capabilities enabling interoperability with other applications via an Open API.
SugarCRM provides comprehensive documentation on using the Sugar API, available here:
SugarCRM provides detail on fair user in their Master Subscription Agreement, available here: https://support.sugarcrm.com/Resources/Master_Subscription_Agreements/Current/index.html
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The Sugar CRM application is fully customisable.
Users can parameterise/configure the CRM using its Studio tools (with no coding required) and it is fully customisable through code-level changes. Parametisations/Configurations can be applied without coding knowledge, code level changes should be undertaken by a certified Sugar developer.
|Independence of resources||
Cloud Hosting Service provides additional resources when overall demand is high. This is dynamically allocated.
|Service usage metrics||Yes|
Licensing Metrics > We provide real time information on Numbers of Users
SugarCRM also provides an Interactive Reporting and DashBoard Tools,
enabling real time analysis of the data mart.
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||SugarCRM|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Users can export data from each module using the provided Export function. Users can export all selected data from each module.
Export function is dependant upon the user role privilege.
|Data export formats||
|Other data export formats||JSON Format for API data|
|Data import formats||
|Other data import formats||JSON format|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||SugarCRM commits to 99.5% availability. Actual availability for EU data centres is typically 99.991%-100%|
|Approach to resilience||
SugarCRM Hosted Cloud Services are provided using AWS datacentres.
Format14CRM also works with Google Cloud Platform.
Both of these have Industry Leading Resilience statistics and provide a robust and reliable platform for availability - further information can be obtained from Amazon Web Services.
> Email alerts are sent to affected customers.
> SugarCRM provides publicly accessible Cloud status pages that makes customers aware of any outages.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||User Access Restrictions are based upon Team and Role Privileges.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Format14CRM plans to apply for ISO 27001 certification as soon as possible. Prior to actioning, we have a comprehensive plan which is coordinated by a designated Head of Security/Risk Officer, reporting to the Board.
His work encompasses maintaining formal inventories of information assets requiring protection, setting out roles and responsibilities.
All employees have to comply with security policies and have received security awareness training.
All Format14CRM security policies cover logical and physical access controls.
|Information security policies and processes||
Format14CRM has integrated security into the Development Life Cycle with non conformance being escalated to Head of Security / Risk Management for review.
We have an established Incident Management Methodology to respond to identified risks and measure compliance by detecting incidents and reporting these to Head of Security > this process defines at a high level how to handle and resolve Security Trouble Tickets.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Format14CRM provides a continuous Change Management Process reflecting the Ongoing Requirements for each project >
Our ability to meet the functional and ongoing contractual commitments is key, as well as insuring that security is never compromised.
To this end Format14CRM provides a high level of assurance reviewing that functional objectives as well as security are periodically reviewed and correctly set.
- Planning, Developing and Documenting Lifetime Aims & Objectives.
- Defined Governance. Organisation Structure, Roles & Responsibilities.
- Leadership. From the Top and Across the Organisation
- Stakeholders ( Informed )
- Aligned workers ( Motivated )
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Format14CRM relies on SugarCRM's extensive testing capability to protect against potential threats and identified vulnerabilities.
Through rigorous testing, configuration and change management issues can be identified when they unexpectedly change security properties.
Monitoring of attacks and unauthorised activity are immediately reported and preventative measures taken.
Where there are known vulnerabilities to services SugarCRM will make updates available asap.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Format14CRM relies on SugarCRM's extensive Protective Monitoring Measures to protect against potential threats and identified vulnerabilities.
Once Format14CRM is made aware of a potential compromise we immediately inform effected customers and begin a process of protection.
Customer notification happens shortly after identification of compromise.
and preventative measures taken.
Where there are known vulnerabilities to services SugarCRM will make updates available asap.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Format14CRM has a Cloud Based Customer Incident Application
Users log into the Online Incident Portal to log all incidents.
Acknowledgement of Incident is sent to the user, and Format14CRM begins its predefined process to identify seriousness and impact.
In parallel the Format14 Customer Incident Application escalates to its Head of Security/Risk Officer.
After establishing severity Format14CRM initiates communication with all effected users.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£32 to £120 per person per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Cloud Based trial is available on request: Whether you're new to CRM or looking to switch, Sugar offers an innovative, intuitive platform to help your operation save time.|
|Link to free trial||http://format14crm.com/contact-us/|