Agilyx UK Ltd

Unit4 Business World Enterprise Resource Planning

Business World is the world’s leading people-centric software solution for organisations in the public, private and not-for-profit sectors. Business World is a highly modular solution, and features the following fully-integrated modular components:
Corporate Financial Management
Human Resources, Payroll
Planning, Budgeting, Forecasting
Project Management
Procurement Management
Field Service & Asset Management


  • Real-time reporting
  • Remote access
  • Mobility
  • Flexible configuration
  • Fully integrated modules
  • ISO 27001 certified
  • Industry Good Practice Business Processes
  • Fully Managed Hosted Service
  • Sector Specific Functionality
  • Comprehensive Integration Capabilities


  • Publish content from multiple devices
  • Quickly manage content on the move
  • Software that empowers people
  • Enables business users to model and remodel their applications
  • Low total cost of ownership
  • Simple user experience through smart interface
  • make changes when you want
  • Single system access


£7.59 per user per month

Service documents

G-Cloud 11


Agilyx UK Ltd

Andrea Williams

+44 1628 637059

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints N/A
System requirements
  • Most recent browser update
  • Microsoft .NET 4.5.2
  • Windows 7 or above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard support extends to 8:30am to 5:30pm Monday to Friday BST
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As a part of the subscription, Agilyx provides users access to the following tier based support model:

Tier 1 Support: Customer & Agilyx Super Users - Customer Business World Super Users act as the first-line of internal support and as the primary point of contact with the Agilyx Customer Service Team.

Tier 2 Support: Agilyx Customer Experience - The Agilyx Customer Service Team acts as the second level of support and works closely with both customer Super User(s) and the Agilyx Account Manager.

Tier 3 Support: Unit4 Support - Unit4 acts to resolve any technical issues with the software that are not otherwise resolvable by Tier 2 Support or that require specialised developer knowledge of Unit4 software to resolve.

Agilyx Account Manager - The Account Manager will be available to assist any customer to fully realise the potential of Business World. The Account Manager will provide consistent, personal, and proactive communication and be a conduit to Agilyx management wherever required.

Agilyx can also offer Extended Support Services at an additional cost. This includes Extended Support, Technical and Reporting, Advisory, System Administration and Database and Network Infrastructure services.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started A holistic training approach will be used to build end user understanding and skills. A blended approach will tailor training based on system access roles and the needs of each audience group. It will provide content that is not only used in training but can also be used for ongoing support and reference.
Create Training Strategy - specification, by impacted group, of the objectives and scope of what should be learned and what end users should be capable of after training.
Develop & Pilot Training Materials - Some groups may prefer face to face training, courses will also need to be completable online (both facilitated and self-paced) to suit learning needs of attendees and to enable completion at times to suit availability of participants.
Conduct Train the Trainer - Enable classroom training at go-live, post go-live support and ongoing business as usual training post project go-live.
Conduct Training Delivery - e-Learning; classroom based sessions; one-on-one group sessions; and on-the-job training.
Post Go-Live User Support - The training and support materials developed to support end-user training can also be leveraged to provide support to end users, trainers and super users as they start to user the new system and processes.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The Agilyx Cloud Service delivers several unique capabilities
Portability: The customer-specific data-schema provides the ability to take the entire application from on premise to the cloud – or from one cloud to a different cloud.
Transparency: The Azure cloud platform is built on the premise that for you to control your own customer data in the cloud, you require visibility into that data. You must know where it is stored. Microsoft Azure regularly undertakes third-party audits (i.e. British Standards Institute) that confirm set standards are met.
A 90 day ‘retention period’ upon termination in which to extract data or renew your subscription.
End-of-contract process A 90 day ‘retention period’ upon termination of the contract in which to extract data or renew your subscription.

Our plan includes:

Planning and staging actions;
Assignment of customer actions and creation of responsibility management matrix;
Communications and reporting initiatives;
The transfer of functions to the customer or its Nominated Service Provider(s) over the Disengagement Period;
Data cleansing and/or data migration services needed to transfer the Service Data stored in the Solution to a replacement solution provided by the customer or Nominated Service Provider(s);
The transfer to of all backup media used to stored Service Data backed up from the Solution;
Where appropriate, the transfer of Personnel to customer or its Nominated Service Provider(s);
The assignment or novation of contracts to the customer and/ or its Nominated Service Provider(s); and
The provision of Service Documentation and Service Data as required;
Demobilisation actions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Business World offers mobile apps for Apple and Android devices that cover key user self service functions.

Tasks App – allows workflow tasks (e.g. invoice approval) to be viewed and actioned
Timesheet App – Add, edit or delete timesheets
Expenses App – Calculate, categorise and submit an expense claim, including photographed images
Reports App – Create your own library of reports that can be updated and viewed via Smart phone.
Unit4Me app - Brings together all of the mobile applications mentioned above, to provide a single point to access all your information and tasks.
Service interface No
What users can and can't do using the API The Business World API is the gold-standard for integration between systems. The API allows hosted public API scripts to be configured from Business World’s management console. Administrators can manage access to the API and returned information from within Business World.
APIs allow interconnectivity without the need for custom code and data can be exchanged in either JSON or XML format allowing interoperability with most modern software platforms. Currently there are four public API types available:

- Objects API retrieves objects from the database for example, a list of employees, a list of cost centres, a list of accounts.
- Query API retrieves objects and their associated objects for example supplier information with address detail.
- Customers API retrieves customer information from Business World and supports GET, DELETE, POST, PATCH functions, for example, update customer information or create a new customer.
- Supplier API retrieves supplier information from Business World and supports GET, DELETE, POST, PATCH functions, for example, update supplier information or create a new supplier.

Because of the open database approach taken in the design of Business World, interfaces can easily be established with other mission-critical software applications using one, or many, of the above integration methods.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The configurable design of the Business World software eliminates the need to change the application code and therefore provides our customers with a very cost-effective way to maintain their software configuration as business needs change.
One method of adapting the software is by making use of the utilities built into the application to add new menus, add fields/relations, create tables and views, etc.
Use of the utilities found in the application generally do not require any technical or programming skills as they are mostly configuration type options used to adjust system behaviour and access to features. This is a particular strength of Business World.
Business World also includes a rapid application development toolset called Business World Customisation Tools that allows the system to be tailored using any one of the .NET programming languages. A large variety of modifications can be made to the behaviour of the Business World system using the .NET objects, properties, events and methods. Because the code is external to the core Business World code, supporting the software or subsequent upgrades is usually a non-issue regardless of who makes the modifications.


Independence of resources Our model, which is comparable to many other industry standard SaaS delivery models, provides software based on a shared, one-to-many infrastructure model with logical (software-based) divisions separating each customer’s data and deployment of Business World. This is achieved through virtualisation and we refer to the approach as the dedicated ‘shared cloud’.

There is also the option of pursuing a dedicated ‘private cloud’ delivery model, which will provide a physical division of resources. This approach is significantly more expensive but is nevertheless available if there is a requirement for it.


Service usage metrics Yes
Metrics types Within Unit4 Business World it is possible to create both global or private dashboards for managers. These dashboards can be comprised of graphs, indicators or tables and use the same data control as the rest of the system to limit access to data. This means that it is possible for a manager to only see data for employees in their reporting line. There is unlimited capability for dashboard creation and any browser report or graph can be used in a dashboard.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Unit4

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Business World Excelerator is an add-in developed by Unit4 that combines Microsoft Excel functionality with the Business World data structures. It allows for seamless data exchange between Business World and Excel, meaning that software applications which can produce information in Excel or .csv format can integrate with Business World through Excelerator. There is also data exports in .xls, .csv or xml
Data export formats
  • CSV
  • Other
Other data export formats
  • Txt
  • Xlsx
  • PDF
  • Docx
Data import formats
  • CSV
  • Other
Other data import formats
  • Xlsx
  • Docx
  • Txt

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability (Defined as ability for the customer to reach the Unit4 Business World login page) is 99.8% for the production environment.
Exclusions of this calculation includes service any unavailability for the following reasons:
• Planned Maintenance;
• Unplanned Preventative Maintenance;
• failure of any circuits or connections provided by third party telecommunication providers or common carriers;
• failure of any external internet service provider or an internet exchange point;
• acts or omissions of the Customer or any Users permitted to access the Production Service;
• behaviour of Customer applications, equipment or managed operating systems;
• Force Majeure events (as described in the SMA).
Approach to resilience Available upon request
Outage reporting Business World itself does not handle communication and shutdown of the constituent parts of the application. Business World operates as one part of the entire solution, built up from file servers, database server, client PCs, etc. In the event of a power outage for example, a network attached UPS system will notify the participants in a system that the environment will shortly be shutdown and will initiate the steps necessary to gracefully shutdown. Business World itself respects these shutdown notifications, from a UPS or the Windows operating system and can shut down/stop services.

As mentioned above, a UPS is typically the component of the system that handles all power related aspects of an Business World business environment.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Business World has various means to control user access to the system. This is achieved in Business World by defining users and assigning those users to one or more roles. The roles are defined by the customer; who then assigns users to one more roles. Roles can be connected to one person, a group, or to all persons; users may have one or more roles. This allows you to define different roles for users (e.g. system administrator, finance officer, department head, accounts payable data entry, etc.); each with their own access to modules, menus, specified screens and reports.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 2015
What the ISO/IEC 27001 doesn’t cover Sales and Marketing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As a trusted provider of services Agilyx is committed to ensuring an appropriate level of security is applied to protect the confidentiality, integrity and availability of its information, including its customers’ valuable information. To achieve this, Agilyx is Information Security Management System (ISMS) certified across all business activities, in accordance with the International Standard ISO 27001:2013.

The Agilyx ISMS is implemented, continuously monitored and reviewed to ensure it satisfies the company and customers’ requirements, and to achieve the following Information Security Objectives:

Ensure that the resources needed for the information security management system are available

Comply with applicable legislation and contractual obligations

Maintain the confidentiality, integrity and availability of staff and customers’ confidential information, by implementing the approved security controls across all IT systems and business processes

Respect the customers' SLAs, by ensuring the availability of different information resources needed by various business activities

Ensure that the information security management system is continuously improved to achieves its intended outcomes

Promote a culture of innovation in managing Information Security within Agilyx Group

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Agilyx uses Promapp, a business process management tool to track and maintain change management throughout their lifetime, and uses Jira to seamlessly identify, categorise, prioritise and manage issues inherent in both the planning and upgrade phases. The use of Jira leverages the power of our subject matter experts to aggregate and manage the resolution of issues with complete visibility to the project team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability testing is conducted regularly by the Agilyx Cloud Service team ensuring known vulnerabilities are assessed and addressed accordingly.

Agilyx engages a third party to conduct penetration testing on our information system to ensure our networks are kept secure and up to date. Any risks will be discussed within a dedicated Security Committee and logged to the vulnerability management register. The committee will then manage the implementation of mitigation actions within the appropriate teams.

Agilyx does not publish audit reports and security test results externally.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Agilyx maintains a 24x7 monitoring program to detect and resolve infrastructure and application issues. The following monitoring is maintained:
Infrastructure Monitoring (Level 1)
• Hardware availability (Servers, disk, Networking and other physical components)
Application Monitoring (Level 2)
• Hardware utilisation (CPU, Memory, I/O, Network traffic)
• Application services
• Event Logs (Operating System, Application, Systems and Security)
• Database performance (CPU, Query Time, Locks, Batch requests)

Level 1 High Priority alerts are responded to by the Data Centre Operations team 24x7. All other alerts are responded to within appropriate timescales.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Security Incident Management
The Agilyx ISMS also includes a security incident management regime. This ensures that where Agilyx has access to any client data, an incident management system will operate to allow appropriate corrective action to occur. Data hosting providers are subject to the same requirements as part of the ISO:IEC 27001:2013 accreditation.

Business World features sophisticated system administration and incident logging features. These features will enable Super Users to implement an appropriate security incident management regime with the organisation.

Users who notice an incident will report this to the Information Security Officer who will initiate the incident management process.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £7.59 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑