Winner of the PC Magazine Editors' Choice award. Automate the complete contract life-cycle, streamline approvals, and integrate contract information with related business processes. Automatic notifications, one-click email approvals, and configurable business rules keep your organization running smoothly. Find any contract or clause instantly with full text search of contracts/attached files.
- Clause library for contract creation
- Automated document comparison and redlining
- PDF and Word print templates
- OCR and full text search of database and attached files
- Management dashboards with Excel integration
- Document revision control, check-in/check-out, and versioning
- E-signature integration with DocuSign and Adobe Sign
- Graphical workflow editor
- Audit logs and regulatory compliance
- REST/Web Service APIs, Python/Perl scripting, Export/Import
- Create a custom contract with a single mouse click
- Capture all changes to your documents and view redlined edits
- Auto-generate and email PDF contracts from Word templates
- Instantly find text in the database or attached files
- Gain actionable insight into contract costs, renewals, and revenues
- Manage access and changes to documents
- Legally compliant eSignature eliminates the time/cost of physical signatures
- Automate even the most complex approval processes
- Ensure regulatory compliance with a full audit trail
- Integrate with any external systems and custom processes
£46.50 to £86 per licence per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
System down: System inoperable for any reason
Response time: 15 minutes
Critical: Major program function that affects customers
Response time: 60 minutes
High: Program function affected by software error, resulting in diminished productivity.
Response time: 8 hours
Medium: Desired new functionality not working as expected, or problem occurs that is not readily reproducible, or workaround has been provided.
Response time: 2 days
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.0 A|
|Web chat accessibility testing||None|
|Onsite support||Yes, at extra cost|
Free Support - Includes support for all bug reports and 24/7 access to our online knowledgebase of FAQs.
Standard Support Package - In addition to everything in Free Support, the Standard Support Package includes telephone support during business hours and access to upgrades and enhancements. The Standard Support Package is included with the standard annual license fee.
Premium Support Package - For 25% of the annual license fee, the Premium Support Package includes everything in the Standard Support Package plus the following:
- Telephone support available 24 hours a day, 7 days a week, 365 days a
year for critical and system down issues
- A designated customer support representative, along with a priority
phone queue and case routing
- System Health Check to optimize system performance and user
|Support available to third parties||Yes|
Onboarding and offboarding
We provide the following services to help onboard our customers:
- Free self-paced admin level training online, complete with videos,
quizzes, and training slides.
- User documentation provided through a wiki.
- Specialized admin, staff, and end user training delivered by our
Professional Services team. Onsite training is also available.
- Full documentation on the client's system.
- Admin handover sessions to ensure a smooth transfer.
- Data import functionality that includes live and active data.
- User community for peer-to-peer discussions.
|Other documentation formats||
|End-of-contract data extraction||Data can be exported directly from Agiloft into standard formats such as Excel, XML, or tab delimited files. In addition, data may be extract through the API or SQL queries.|
When a contract ends, the client is sent an invoice for renewal of their licensing and support services, which they may pay if they wish to renew these services, and ignore if they do not. Failure to pay a renewal invoice is assumed to indicate a desire to terminate the agreement at the end of the contract. Terminated hosted service knowledgebases are retained for thirty days after expiration of contract, and then deleted. The client may export their data from the knowledgebase in part or full at any time until this deadline is reached.
The final price of the system includes the cost of all software licenses for the system (named or floating), the cost of support and upgrades for the system as a whole, as well as the one-time cost of services incurred during the implementation process. These include initial build-out and customization of the system, assistance with importing any legacy contracts or data into the system, and all necessary training services decided upon by the client. Additional costs include any out-of-scope work during implementation, post-implementation configuration assistance with other modules, additional licenses, or other optional services such as dedicated servers, the extended enterprise license, or additional storage packages.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The mobile and desktop services provide the same functionality. The layout of the mobile interface varies slightly for an optimized experience.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||We have had our system tested for compliance with the WCAG standard by an outside agency.|
|What users can and can't do using the API||
Users have access to the full set of Agiloft features through our REST and SOAP APIs. Users can create, modify, read, search, and delete any records in our system through our API.
In addition, we support scripting in Python and Perl.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
As noted by PC Magazine at https://www.pcmag.com/article2/0,2817,2488136,00.asp, Agiloft "is the most customizable contract management system."
Our no-code platform allows users with admin credentials to quickly customize everything in their system using just a browser. For example, users can create custom fields, tables, workflows, and business rules to modify existing modules or implement new ones. Naturally, the look and feel and color are also customizable and the entire product can be custom-branded.
One user reviewer remarked: "It's always great to be in a meeting discussing new feature and functions that people would like to see and then have them implemented within hours of the discussion."
We also provide a free online admin training course so users can easily learn their options for customizing the system.
|Independence of resources||
We offer dedicated servers for customers who require an absolute guarantee that no other company can affect their service.
Our shared servers are provisioned so the average load and utilization of resources such as CPU and I/O capacity does not exceed 25% during peak business hours.
|Service usage metrics||Yes|
|Metrics types||All data within the system is tracked and users can create reports on any data that is desired. Every action is recorded with history for audit purposes.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Agiloft has API and integration functionality allowing the export of data. Agiloft also has a built-in data export wizard. Users can export their data in XML, Excel, tab-delimited text, and Agiloft's proprietary format.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||As part of the Hosted Service, we will take all reasonable measures to keep uptime at or above 99.9% (ninety-nine and nine tenths percent). If, due to our error, our hosted servers are down more than .1% (one tenth of one percent) in a given month, you will be entitled to receive a 50% (fifty percent) credit for that month. If, due to our error, our hosted servers are down more than .5% (one half of one percent) in a given month, you will be entitled to receive a 100% (one hundred percent) credit for that month.|
|Approach to resilience||
Agiloft provides multiple levels of redundancy to guarantee resilience. In addition to the native redundancy provided by AWS, we use RAID SSD hard drives and the entire server is replicated in real time to a redundant server.
We also create automated snapshots of the redundant server every four hours and auto-check them for integrity.
Further details are available on request.
|Outage reporting||In addition to API access, we provide proactive notifications through email alerts and, optionally, SMS alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The overall Data Security architecture, policies, and procedures are based on the CSA Enterprise Architecture. Coding standards and inspections are based on the CERT Secure Coding Standard for Java and use of the OWASP Enterprise Security API. Data input and output integrity routines are implemented at the server API level so they cannot be bypassed by hacking the GUI. Further, the Agiloft software allows the tenant system administrator to define custom rules for data validation.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||23/10/2015|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||None|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Standard Best Practices, as recommended by ISO/IEC 27002.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Full audit log of changes, plus MACs, request/approval process by asset, and restriction of access.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||In addition to notifications from our vendors, we monitor a variety of infosec distribution groups, vulnerability information research companies, and exploit awareness initiatives. We have a dedicated security officer on our system administration team and relevant patches are applied immediately after compatibility testing, typically within a week of being made available. In case of a significant zero-day vulnerability, we can push a patch out to all affected servers in a matter of minutes through service automation.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
We proactively monitor system health through products such as Tripwire. In addition, we continually monitor system activity and network traffic and auto-respond to suspicious activity.
We close any potential compromise, investigate and notify customers of any findings.
The response time depends upon the incident. Automated systems shut down IP access in response to suspicious activity in a matter of microseconds, while an incident that requires manual investigation might take a few hours.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
We manage incidents through pre-defined workflows and escalation processes through standard events.
Users may report through our 24/7 emergency response line or web portal.
We provide incident reports via email, with phone follow-up where required.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£46.50 to £86 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
-Standard functionality included
-Must log in at least once every 30 days to prevent expiration
-Limited free support
-5 staff users and 5 end users limit
-48 hour rules limit
|Link to free trial||https://www.agiloft.com/free-trial.htm|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|