Agiloft Inc

Flexible Service Desk Suite

Winner of Info-Tech's Best Overall Value four years in a row, the Agiloft Service Desk Suite is top rated by users and analysts alike. Close tickets faster, improve consistency, and gain actionable insights with a customizable end user portal, full workflow engine, dashboard performance metrics, and more.


  • Suite includes internal help desk and external customer support
  • Integrated live chat, SMS, email, and Twitter
  • 24/7 self service portal
  • Charts, dashboards, and dynamic Excel reports
  • Audit logs and regulatory compliance
  • Graphical workflow editor
  • Automated alerts and escalations by SMS and email
  • OCR and full text search of database and attached files
  • Brandable interface
  • REST/Web Service APIs, Python/Perl scripting, Export/Import


  • Support internal staff, customers, and partners with one system
  • Integrate operations across multiple channels
  • Increase responsiveness and empower users while simultaneously reducing staff costs
  • Gain actionable insight into support costs, response times, and compliance
  • Ensure regulatory compliance with a full audit trail
  • Automate even the most complex routing workflows
  • Resolve issues before they become problems
  • Manage support contracts and find information instantly
  • Provide a seamless support experience that matches your brand
  • Integrate with any external systems and custom processes


£32 to £53.50 per licence per month

Service documents

G-Cloud 10


Agiloft Inc

May Quock


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Browser: IE11 Firefox 6+ Safari 2+ Chrome 1+ Edge 31+
  • Windows/Mac/Linux/Unix-based Operating system

User support

User support
Email or online ticketing support Email or online ticketing
Support response times System down: System inoperable for any reason
Response time: 15 minutes

Critical: Major program function that affects customers
Response time: 60 minutes

High: Program function affected by software error, resulting in diminished productivity.
Response time: 8 hours

Medium: Desired new functionality not working as expected, or problem occurs that is not readily reproducible, or workaround has been provided.
Response time: 2 days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Free Support - Includes support for all bug reports and 24/7 access to our online knowledgebase of FAQs.

Standard Support Package - In addition to everything in Free Support, the Standard Support Package includes telephone support during business hours and access to upgrades and enhancements. The Standard Support Package is included with the standard annual license fee.

Premium Support Package - For 25% of the annual license fee, the Premium Support Package includes everything in the Standard Support Package plus the following:
- Telephone support available 24 hours a day, 7 days a week, 365 days a
year for critical and system down issues
- A designated customer support representative, along with a priority
phone queue and case routing
- System Health Check to optimize system performance and user
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide the following services to help onboard our customers:
- Free self-paced admin level training online, complete with videos,
quizzes, and training slides.
- User documentation provided through a wiki.
- Specialized admin, staff, and end user training delivered by our
Professional Services team. Onsite training is also available.
- Full documentation on the client's system.
- Admin handover sessions to ensure a smooth transfer.
- Data import functionality that includes live and active data.
- User community for peer-to-peer discussions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • PowerPoint
  • Instructional videos
End-of-contract data extraction Data can be exported directly from Agiloft into standard formats such as Excel, XML, or tab delimited files. In addition, data may be extract through the API or SQL queries.
End-of-contract process When a contract ends, the client is sent an invoice for renewal of their licensing and support services, which they may pay if they wish to renew these services, and ignore if they do not. Failure to pay a renewal invoice is assumed to indicate a desire to terminate the agreement at the end of the contract. Terminated hosted service knowledgebases are retained for thirty days after expiration of contract, and then deleted. The client may export their data from the knowledgebase in part or full at any time until this deadline is reached.

The final price of the system includes the cost of all software licenses for the system (named or floating), the cost of support and upgrades for the system as a whole, as well as the one-time cost of services incurred during the implementation process. These include initial build-out and customization of the system, assistance with importing any legacy contracts or data into the system, and all necessary training services decided upon by the client. Additional costs include any out-of-scope work during implementation, post-implementation configuration assistance with other modules, additional licenses, or other optional services such as dedicated servers, the extended enterprise license, or additional storage packages.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile and desktop services provide the same functionality. The layout of the mobile interface varies slightly for an optimized experience.
Accessibility standards WCAG 2.0 A
Accessibility testing We have had our system tested for compliance with the WCAG standard by an outside agency.
What users can and can't do using the API Users have access to the full set of Agiloft features through our REST and SOAP APIs. Users can create, modify, read, search, and delete any records in our system through our API.

In addition, we support scripting in Python and Perl.
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our no-code platform allows users with admin credentials to quickly customize everything in their system using just a browser. For example, users can create custom fields, tables, workflows, and business rules to modify existing modules or implement new ones. Naturally, the look and feel and color are also customizable and the entire product can be custom-branded.

One user reviewer remarked: "It's always great to be in a meeting discussing new feature and functions that people would like to see and then have them implemented within hours of the discussion."

We also provide a free online admin training course so users can easily learn their options for customizing the system.


Independence of resources We offer dedicated servers for customers who require an absolute guarantee that no other company can affect their service.

Our shared servers are provisioned so the average load and utilization of resources such as CPU and I/O capacity does not exceed 25% during peak business hours.


Service usage metrics Yes
Metrics types All data within the system is tracked and users can create reports on any data that is desired. Every action is recorded with history for audit purposes.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Agiloft has API and integration functionality allowing the export of data. Agiloft also has a built-in data export wizard. Users can export their data in XML, Excel, tab-delimited text, and Agiloft's proprietary format.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel '97 spreadsheet (.xls)
  • Excel '07 spreadsheet (.xlsx)
  • XML file
  • JSON file
  • Tab-delimited text
  • Agiloft KB file
  • TXT file
Data import formats
  • CSV
  • Other
Other data import formats
  • XML file
  • Excel spreadsheet
  • .TGZ file with multiple text files/attachments
  • Tab-delimited text
  • Salesforce data
  • Other text file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability As part of the Hosted Service, we will take all reasonable measures to keep uptime at or above 99.9% (ninety-nine and nine tenths percent). If, due to our error, our hosted servers are down more than .1% (one tenth of one percent) in a given month, you will be entitled to receive a 50% (fifty percent) credit for that month. If, due to our error, our hosted servers are down more than .5% (one half of one percent) in a given month, you will be entitled to receive a 100% (one hundred percent) credit for that month.
Approach to resilience Agiloft provides multiple levels of redundancy to guarantee resilience. In addition to the native redundancy provided by AWS, we use RAID SSD hard drives and the entire server is replicated in real time to a redundant server.

We also create automated snapshots of the redundant server every four hours and auto-check them for integrity.

Further details are available on request.
Outage reporting In addition to API access, we provide proactive notifications through email alerts and, optionally, SMS alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The overall Data Security architecture, policies, and procedures are based on the CSA Enterprise Architecture. Coding standards and inspections are based on the CERT Secure Coding Standard for Java and use of the OWASP Enterprise Security API. Data input and output integrity routines are implemented at the server API level so they cannot be bypassed by hacking the GUI. Further, the Agiloft software allows the tenant system administrator to define custom rules for data validation.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 23/10/2015
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover None
PCI certification No
Other security certifications Yes
Any other security certifications
  • TRUSTe Enterprise Privacy Certification
  • Audited and approved for use by US Air Force

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Standard Best Practices, as recommended by ISO/IEC 27002.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Full audit log of changes, plus MACs, request/approval process by asset, and restriction of access.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach In addition to notifications from our vendors, we monitor a variety of infosec distribution groups, vulnerability information research companies, and exploit awareness initiatives. We have a dedicated security officer on our system administration team and relevant patches are applied immediately after compatibility testing, typically within a week of being made available. In case of a significant zero-day vulnerability, we can push a patch out to all affected servers in a matter of minutes through service automation.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We proactively monitor system health through products such as Tripwire. In addition, we continually monitor system activity and network traffic and auto-respond to suspicious activity.

We close any potential compromise, investigate and notify customers of any findings.

The response time depends upon the incident. Automated systems shut down IP access in response to suspicious activity in a matter of microseconds, while an incident that requires manual investigation might take a few hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We manage incidents through pre-defined workflows and escalation processes through standard events.

Users may report through our 24/7 emergency response line or web portal.

We provide incident reports via email, with phone follow-up where required.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £32 to £53.50 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial -Standard functionality included
-Must log in at least once every 30 days to prevent expiration
-Limited free support
-5 staff users and 5 end users limit
-48 hour rules limit
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑