Unit4 Business World Enterprise Resource Planning
Business World is the world’s leading people-centric software solution for organisations in the public, private and not-for-profit sectors. Business World is a highly modular solution, and features the following fully-integrated modular components:
Corporate Financial Management
Human Resources, Payroll
Planning, Budgeting, Forecasting
Field Service & Asset Management
- Real-time reporting
- Remote access
- Flexible configuration
- Fully integrated modules
- ISO 27001 certified
- Industry Good Practice Business Processes
- Fully Managed Hosted Service
- Sector Specific Functionality
- Comprehensive Integration Capabilities
- Publish content from multiple devices
- Quickly manage content on the move
- Software that empowers people
- Enables business users to model and remodel their applications
- Low total cost of ownership
- Simple user experience through smart interface
- make changes when you want
- Single system access
£7.59 per user per month
Agilyx UK Ltd
+44 1628 637059
|Software add-on or extension||No|
|Cloud deployment model||
|Email or online ticketing support||Email or online ticketing|
|Support response times||Standard support extends to 8:30am to 5:30pm Monday to Friday BST|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
As a part of the subscription, Agilyx provides users access to the following tier based support model:
Tier 1 Support: Customer & Agilyx Super Users - Customer Business World Super Users act as the first-line of internal support and as the primary point of contact with the Agilyx Customer Service Team.
Tier 2 Support: Agilyx Customer Experience - The Agilyx Customer Service Team acts as the second level of support and works closely with both customer Super User(s) and the Agilyx Account Manager.
Tier 3 Support: Unit4 Support - Unit4 acts to resolve any technical issues with the software that are not otherwise resolvable by Tier 2 Support or that require specialised developer knowledge of Unit4 software to resolve.
Agilyx Account Manager - The Account Manager will be available to assist any customer to fully realise the potential of Business World. The Account Manager will provide consistent, personal, and proactive communication and be a conduit to Agilyx management wherever required.
Agilyx can also offer Extended Support Services at an additional cost. This includes Extended Support, Technical and Reporting, Advisory, System Administration and Database and Network Infrastructure services.
|Support available to third parties||No|
Onboarding and offboarding
A holistic training approach will be used to build end user understanding and skills. A blended approach will tailor training based on system access roles and the needs of each audience group. It will provide content that is not only used in training but can also be used for ongoing support and reference.
Create Training Strategy - specification, by impacted group, of the objectives and scope of what should be learned and what end users should be capable of after training.
Develop & Pilot Training Materials - Some groups may prefer face to face training, courses will also need to be completable online (both facilitated and self-paced) to suit learning needs of attendees and to enable completion at times to suit availability of participants.
Conduct Train the Trainer - Enable classroom training at go-live, post go-live support and ongoing business as usual training post project go-live.
Conduct Training Delivery - e-Learning; classroom based sessions; one-on-one group sessions; and on-the-job training.
Post Go-Live User Support - The training and support materials developed to support end-user training can also be leveraged to provide support to end users, trainers and super users as they start to user the new system and processes.
|End-of-contract data extraction||
The Agilyx Cloud Service delivers several unique capabilities
Portability: The customer-specific data-schema provides the ability to take the entire application from on premise to the cloud – or from one cloud to a different cloud.
Transparency: The Azure cloud platform is built on the premise that for you to control your own customer data in the cloud, you require visibility into that data. You must know where it is stored. Microsoft Azure regularly undertakes third-party audits (i.e. British Standards Institute) that confirm set standards are met.
A 90 day ‘retention period’ upon termination in which to extract data or renew your subscription.
A 90 day ‘retention period’ upon termination of the contract in which to extract data or renew your subscription.
Our plan includes:
Planning and staging actions;
Assignment of customer actions and creation of responsibility management matrix;
Communications and reporting initiatives;
The transfer of functions to the customer or its Nominated Service Provider(s) over the Disengagement Period;
Data cleansing and/or data migration services needed to transfer the Service Data stored in the Solution to a replacement solution provided by the customer or Nominated Service Provider(s);
The transfer to of all backup media used to stored Service Data backed up from the Solution;
Where appropriate, the transfer of Personnel to customer or its Nominated Service Provider(s);
The assignment or novation of contracts to the customer and/ or its Nominated Service Provider(s); and
The provision of Service Documentation and Service Data as required;
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Business World offers mobile apps for Apple and Android devices that cover key user self service functions.
Tasks App – allows workflow tasks (e.g. invoice approval) to be viewed and actioned
Timesheet App – Add, edit or delete timesheets
Expenses App – Calculate, categorise and submit an expense claim, including photographed images
Reports App – Create your own library of reports that can be updated and viewed via Smart phone.
Unit4Me app - Brings together all of the mobile applications mentioned above, to provide a single point to access all your information and tasks.
|What users can and can't do using the API||
The Business World API is the gold-standard for integration between systems. The API allows hosted public API scripts to be configured from Business World’s management console. Administrators can manage access to the API and returned information from within Business World.
APIs allow interconnectivity without the need for custom code and data can be exchanged in either JSON or XML format allowing interoperability with most modern software platforms. Currently there are four public API types available:
- Objects API retrieves objects from the database for example, a list of employees, a list of cost centres, a list of accounts.
- Query API retrieves objects and their associated objects for example supplier information with address detail.
- Customers API retrieves customer information from Business World and supports GET, DELETE, POST, PATCH functions, for example, update customer information or create a new customer.
- Supplier API retrieves supplier information from Business World and supports GET, DELETE, POST, PATCH functions, for example, update supplier information or create a new supplier.
Because of the open database approach taken in the design of Business World, interfaces can easily be established with other mission-critical software applications using one, or many, of the above integration methods.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
The configurable design of the Business World software eliminates the need to change the application code and therefore provides our customers with a very cost-effective way to maintain their software configuration as business needs change.
One method of adapting the software is by making use of the utilities built into the application to add new menus, add fields/relations, create tables and views, etc.
Use of the utilities found in the application generally do not require any technical or programming skills as they are mostly configuration type options used to adjust system behaviour and access to features. This is a particular strength of Business World.
Business World also includes a rapid application development toolset called Business World Customisation Tools that allows the system to be tailored using any one of the .NET programming languages. A large variety of modifications can be made to the behaviour of the Business World system using the .NET objects, properties, events and methods. Because the code is external to the core Business World code, supporting the software or subsequent upgrades is usually a non-issue regardless of who makes the modifications.
|Independence of resources||
Our model, which is comparable to many other industry standard SaaS delivery models, provides software based on a shared, one-to-many infrastructure model with logical (software-based) divisions separating each customer’s data and deployment of Business World. This is achieved through virtualisation and we refer to the approach as the dedicated ‘shared cloud’.
There is also the option of pursuing a dedicated ‘private cloud’ delivery model, which will provide a physical division of resources. This approach is significantly more expensive but is nevertheless available if there is a requirement for it.
|Service usage metrics||Yes|
|Metrics types||Within Unit4 Business World it is possible to create both global or private dashboards for managers. These dashboards can be comprised of graphs, indicators or tables and use the same data control as the rest of the system to limit access to data. This means that it is possible for a manager to only see data for employees in their reporting line. There is unlimited capability for dashboard creation and any browser report or graph can be used in a dashboard.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Unit4|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Business World Excelerator is an add-in developed by Unit4 that combines Microsoft Excel functionality with the Business World data structures. It allows for seamless data exchange between Business World and Excel, meaning that software applications which can produce information in Excel or .csv format can integrate with Business World through Excelerator. There is also data exports in .xls, .csv or xml|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||
Availability and resilience
Service Availability (Defined as ability for the customer to reach the Unit4 Business World login page) is 99.8% for the production environment.
Exclusions of this calculation includes service any unavailability for the following reasons:
• Planned Maintenance;
• Unplanned Preventative Maintenance;
• failure of any circuits or connections provided by third party telecommunication providers or common carriers;
• failure of any external internet service provider or an internet exchange point;
• acts or omissions of the Customer or any Users permitted to access the Production Service;
• behaviour of Customer applications, equipment or managed operating systems;
• Force Majeure events (as described in the SMA).
|Approach to resilience||Available upon request|
Business World itself does not handle communication and shutdown of the constituent parts of the application. Business World operates as one part of the entire solution, built up from file servers, database server, client PCs, etc. In the event of a power outage for example, a network attached UPS system will notify the participants in a system that the environment will shortly be shutdown and will initiate the steps necessary to gracefully shutdown. Business World itself respects these shutdown notifications, from a UPS or the Windows operating system and can shut down/stop services.
As mentioned above, a UPS is typically the component of the system that handles all power related aspects of an Business World business environment.
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||Business World has various means to control user access to the system. This is achieved in Business World by defining users and assigning those users to one or more roles. The roles are defined by the customer; who then assigns users to one more roles. Roles can be connected to one person, a group, or to all persons; users may have one or more roles. This allows you to define different roles for users (e.g. system administrator, finance officer, department head, accounts payable data entry, etc.); each with their own access to modules, menus, specified screens and reports.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||2015|
|What the ISO/IEC 27001 doesn’t cover||Sales and Marketing|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
As a trusted provider of services Agilyx is committed to ensuring an appropriate level of security is applied to protect the confidentiality, integrity and availability of its information, including its customers’ valuable information. To achieve this, Agilyx is Information Security Management System (ISMS) certified across all business activities, in accordance with the International Standard ISO 27001:2013.
The Agilyx ISMS is implemented, continuously monitored and reviewed to ensure it satisfies the company and customers’ requirements, and to achieve the following Information Security Objectives:
Ensure that the resources needed for the information security management system are available
Comply with applicable legislation and contractual obligations
Maintain the confidentiality, integrity and availability of staff and customers’ confidential information, by implementing the approved security controls across all IT systems and business processes
Respect the customers' SLAs, by ensuring the availability of different information resources needed by various business activities
Ensure that the information security management system is continuously improved to achieves its intended outcomes
Promote a culture of innovation in managing Information Security within Agilyx Group
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Agilyx uses Promapp, a business process management tool to track and maintain change management throughout their lifetime, and uses Jira to seamlessly identify, categorise, prioritise and manage issues inherent in both the planning and upgrade phases. The use of Jira leverages the power of our subject matter experts to aggregate and manage the resolution of issues with complete visibility to the project team.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Vulnerability testing is conducted regularly by the Agilyx Cloud Service team ensuring known vulnerabilities are assessed and addressed accordingly.
Agilyx engages a third party to conduct penetration testing on our information system to ensure our networks are kept secure and up to date. Any risks will be discussed within a dedicated Security Committee and logged to the vulnerability management register. The committee will then manage the implementation of mitigation actions within the appropriate teams.
Agilyx does not publish audit reports and security test results externally.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Agilyx maintains a 24x7 monitoring program to detect and resolve infrastructure and application issues. The following monitoring is maintained:
Infrastructure Monitoring (Level 1)
• Hardware availability (Servers, disk, Networking and other physical components)
Application Monitoring (Level 2)
• Hardware utilisation (CPU, Memory, I/O, Network traffic)
• Application services
• Event Logs (Operating System, Application, Systems and Security)
• Database performance (CPU, Query Time, Locks, Batch requests)
Level 1 High Priority alerts are responded to by the Data Centre Operations team 24x7. All other alerts are responded to within appropriate timescales.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Security Incident Management
The Agilyx ISMS also includes a security incident management regime. This ensures that where Agilyx has access to any client data, an incident management system will operate to allow appropriate corrective action to occur. Data hosting providers are subject to the same requirements as part of the ISO:IEC 27001:2013 accreditation.
Business World features sophisticated system administration and incident logging features. These features will enable Super Users to implement an appropriate security incident management regime with the organisation.
Users who notice an incident will report this to the Information Security Officer who will initiate the incident management process.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£7.59 per user per month|
|Discount for educational organisations||No|
|Free trial available||No|