RM Education Ltd

RM Finance

RM Finance is an intuitive and straightforward online financial management system for administering school finances and budgeting.
Please refer to onboarding and offboarding section for exit plan details.


  • Accounts payable transactions
  • Cash management
  • Financial summaries
  • Purchase orders
  • BACS
  • CFR return
  • Role-based access
  • 24/7 access
  • Automatic backups
  • Comprehensive reporting system


  • It’s easy to use and saves valuable time
  • It meets strict accounting and audit requirements
  • It has straightforward transaction processing
  • Powerful and flexible reporting
  • Accessible from anywhere with an internet connection
  • Secure data storage with automatic backup is also available
  • No formal financial background is required
  • Remote support is available


£740 to £1250 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

2 7 8 0 3 5 9 7 8 7 5 8 8 8 8


RM Education Ltd

RM Education Ltd

08450 700300


Service scope

Software add-on or extension
What software services is the service an extension to
RM Unify. A free (Basic) licence is offered with RM Finance.
Additional Accounts such as Fund Account can be added.
Cloud deployment model
Public cloud
Service constraints
Requires an internet connection.
System requirements
  • Latest Internet Browser
  • Supports Firefox, Chrome, Internet Explorer and Edge
  • Internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
During working hours within a day. No response outside of this.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We have 1st, 2nd, 3rd and 4th line support. Support costs are included in the price of the software. No technical account managers or cloud support engineers are provided.
Support available to third parties

Onboarding and offboarding

Getting started
RM Finance is simple to use. As part of the initial sale we provide onsite training. We can also offer online training.
A comprehensive help system is provided with the product.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data can be exported to csv or printed on reports.
End-of-contract process
We send the customer a reminder at least 1 month before the end of the service to let them know it will end and how to renew.
There are no additional costs to decommission the service.
At the end of the contract, access to the service is lost and the data is deleted 60 days later. The end of contract process is managed to let the customer know what is happening at each stage of the process.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The service will work on internet connected Tablets that support modern browsers. It does not have a user interface suitable for mobile phones
Service interface
Customisation available
Description of customisation
The system can be customised to suit the user. This includes, cheque printing layouts, transactional options, levels of access to different areas and the Chart of Accounts.


Independence of resources
The product is hosted in Microsoft Azure and is able to auto-scale according to service utilisation. The monitors are able to react within 30 minutes.
We monitor and report on user APDEX scores to ensure that the service is fast and responsive for customers.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can print, export to CSV/Excel or PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • CSV
Data import formats
  • CSV
  • Other
Other data import formats
None available

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
No fixed SLA though we do aim for >99.5 % uptime
Approach to resilience
Available on request
Outage reporting
Internal monitoring, email alerts and a public Status dashboard.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
RM Finance uses a custom Roles based permissions system for management and support teams.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security across RM is governed by the Group Security & Business Continuity Committee. All staff are required to abide by Group security policies which are available on an internal security portal. There is a Group security compliance function that oversees security management across the RM Group.
Information security policies and processes
RM has the following security policies:
RM Group Security Policy.
Acceptable Usage Policy and Security Guidelines ("AUP").
Backup Policy.
Data Classification and Handling.
Data Protection.
Policy & Guidelines.
Cryptographic Policy.
Incident Reporting Management & Forensic Readiness.
Legislative Compliance (Security) Policy.
Physical Access.
Protective Monitoring.

All staff are required to read and acknowledge the AUP on an annual basis, as well as having security clauses in their contracts.

Core functions, e.g. IT and HR, are subject to regular internal and external audit.

There is a network of Local Security Officers and the Group Security and Business Continuity Committee monitors compliance with polices.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All deliverables are logged and tracked in Change Control tickets with implementation steps, an approval workflow, priority and rollback information where required. Issues affecting the security of the platform are peer reviewed by the Operations team and CAB.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All public-facing IP addresses are subject to 3rd party vulnerability scanning on a quarterly basis. The results of these scans are reviewed by the development team and patches installed, the timescale of which will be governed by recorded priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Operational service monitoring is undertaken through quarterly vulnerability scanning from an independent CREST approved vendor. Each issue is then tracked and given an appropriate priority by the Operations Manager. High priority issues will be reported within hours and dealt with as soon as possible, ie hours or days. Medium or Low priority issues will be prioritised within weeks.
Incident management type
Supplier-defined controls
Incident management approach
All security incidents are reported on an internal logging system. The log records nature and impact of incident, as well as potential preventative measures. All reported incidents are reviewed by senior management and evaluated at either divisional or Group security forums. Major security incidents would be managed according to a defined major incident management process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£740 to £1250 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
We can provide full access to the system to try it out for up to 3 months.

Service documents

Return to top ↑