EnableIT Technologies Ltd

Government CRM

SugarCRM is a Customer Relationship Management (CRM) platform, which empowers you to create the exact CRM you need, complying with internal data security, privacy policies and government compliance mandates. SugarCRM provides complete autonomous control over your CRM system and CRM data. A government CRM, designed with government employees in mind.


  • Reporting and dashboards
  • Business process management
  • Unlimited API calls
  • Easily customisable
  • Call centre automation
  • Role-based views
  • Sales automation and forecasting
  • Mobile/remote accessibility
  • A 360-degree perspective of each individual on your database
  • Cloud or on-premise deployment


  • Unlimited online and phone support
  • Maintain control of your data
  • Capture the attention of your most promising prospects
  • Create more meaningful experiences and build lasting relationships
  • Give customers the support they need quickly and confidently
  • Manage sales processes from lead to renewal
  • Access information on multiple devices, from anywhere in the world
  • Automate processes to save valuable time
  • Integrate with other business critical platforms
  • Get started with a system designed to work for you


£48 to £80 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jbushnell@enable.services. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 6 7 6 2 6 1 7 8 5 5 3 3 2 1


EnableIT Technologies Ltd Joseph Bushnell
Telephone: 01473618980
Email: jbushnell@enable.services

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
EnableCloud is limited to web applications that list Linux among their supported platforms.
System requirements
An active license is required for each user

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support response times

Service level agreement response times • Priority 1 response time: 30 minutes response, 1 hour target fix, 2 hours max fix • Priority 2 response time: 4 hours response, 24 hours target fix, 40 hours max fix • Priority 3 response time: 8 hours response, 50 hours target fix, 70 hours max fix • Monday to Friday 7:30 am to 18:00 pm GMT, UK-based, friendly support team.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We have undergone intensive testing to alert users that a new chat has been opened and to also direct any chat visitors outside of office hours.
Onsite support
Yes, at extra cost
Support levels
We can scope, design, build and configure your automation software processes. Our talented in-house development team can architect a solution that works brilliantly for you. Our remote support team will even be able to give you; IT and tech set up assistance if required. Not forgetting our professional and friendly services team (including helpdesk and infrastructure engineers) who will be there for you every step of the way, full familiarisation time, training, and ongoing support. Training can be onsite or remote sessions - we're flexible. We want you to utilise your automation software capabilities, so it works to its exceptional capacity for you and all your departments.
Support available to third parties

Onboarding and offboarding

Getting started
You will be assigned a dedicated project manager to ensure the systems is ready for go-live and contains all the required functionality. We provide both onsite and online training, as well as documentation and recordings of how to use the system. You will also be assigned a dedicated account manager who will be able to assist with any queries once the system is up and running.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word Documents
  • Video
End-of-contract data extraction
A full system data snapshot is provided to customers at the termination of any service.
End-of-contract process
Various terms are available which can be discussed prior to contract agreement.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our solutions have been designed to work as mobile views and mobile clients
Service interface
What users can and can't do using the API
We use a fully supported and bidirectional REST API. All information can be accessed through the API apart from

Update their account information
List current services
Request service upgrades
View usage information
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Custom fields, as well as automations and naming conventions, can be managed by the user. Any other changes such as colours and functionality can be requested and discussed with their dedicated account manager. We have an in-house team of developers to execute these.


Independence of resources
Continuous monitoring of performance metrics, analysis, and provisioning.


Service usage metrics
Metrics types
Data includes metrics such as emails sent, emails opened, emails clicked, content & campaigns created, campaign interaction, points changed, contacts created, contacts qualified.
This is not an exhaustive list.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The exporting of data can be limited by users, roles, and teams. For example, a user can only export records assigned to them, or only admin users can export any data.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • HTML
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Create security zones using subnets, gateways and access control lists.

Availability and resilience

Guaranteed availability
Availability and contractual obligations thereof can form part of any contractual agreement.
Approach to resilience
Full-stack redundancy and multiple routes to the internet backbone.
Outage reporting
Public Dashboard

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
We use security groups and public key authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date
11th May 2018
What the ISO/IEC 27001 doesn’t cover
All covered
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001, ISO 9001, Cyber Essentials. We are also undergoing recertification for ISO 27018:2014. We have created a management system internally for Change Requests, GDPR Compliance, ISO Risk Register, ISO Audit Records, Information Asset Register, Access Logs and Consent Logs.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The company uses SugarCRM as it change request platform, any changes to any internal or external systems. The change request is made by either the customer or employee via a downloadable form which is then summited to the compliance officer who then forwards to the appropriate person. If the change is agreed then the applicant will receive an email authorising to carry out the change within a set period. All services are both internal and external are subject to the change management policy.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Both internal and external systems are continually scanned from both inside and external from secure scan points. Manual scans are carried out using the Metasploit framework carried out by the infrastructure. s Snort and Open VAS network intrusion detection vulnerability & prevention servers are also deployed which provide updates real-time. All Equipment are scanned and patched automatically from a central server, updates are applied on as soon as a possible but within 4 hours. The company subscribes to industry standard NGIPS list and rule sets which update automatic both the Snort, Open VAS, and Metasploit servers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Both the internal and external facing ports are scanned one a week and the internal network is scanned daily. Once a month the external port are per tested and the report export and any vulnerabilities rectified. As soon as a potential compromise is found it is dealt with within 4 hours.
Incident management type
Supplier-defined controls
Incident management approach
The company has a pre-defined policy for all incidents as laid out in our 27001/13 policy document.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£48 to £80 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Free two-week trial
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jbushnell@enable.services. Tell them what format you need. It will help if you say what assistive technology you use.