Free Rein Limited


SuiteCRM is an open source Customer Relationship Management system that Free Rein can develop, configure, host and support. Used by dozens of public sector, commercial and not-for-profit organisations.
Experience gained by Free Rein delivering IL3 compliant applications for BEIS/INI/Wales has been rolled back into our core services.


  • Prospect, Lead, and Opportunity management to share and track activity
  • Roles and Security Groups to control user access and capabilities
  • Campaign creation and tracking; can be measured against targets
  • Dashboards to provide real-time information in user and admin control
  • Case management to record and monitor customer interactions
  • Identify and resolve customer issues via bug tracking capability


  • Centralised and shared content with granular level security controls
  • Covers Marketing, Sales and Service needs in a collaborative environment
  • Easily expanded and many plugins available
  • Includes option for Free Rein Outlook 365 add-In
  • Aids process automation, reducing need to manually carry out tasks
  • Customisable settings, views and layouts to meet organisational needs


£95 a unit an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 6 9 5 5 4 6 3 2 7 6 6 1 0 4


Free Rein Limited Tony Addison
Telephone: 01473 810002

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Working Hours: 60 minutes
(Monday to Friday excluding bank holidays from 9 am to 5 pm)

Outside Office Hours: 4 hours
(Monday to Friday 5pm to 9 am)

Weekends: 4 hours

Bank Holidays: 6 hours
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat accessibility testing
The web chat is currently undergoing testing and validation.
Onsite support
Yes, at extra cost
Support levels
Support is available generally Mon - Fri 9am - 5pm to solve any user issue or technical problem to registered users. If we get repeated questions we would rather solve the cause than the symptom.
Optional support at other times.
Each client has a dedicated user/semi technical account manager.
Support available to third parties

Onboarding and offboarding

Getting started
Users supported initially with recommended onsite training (desk based), then online manual and optional webinars for specific needs.
Service documentation
Documentation formats
End-of-contract data extraction
Part of the contract closure arrangements include Free Rein extracting all data required and confirming what data, and when, it can be safely destroyed.
Standard CRM has full export capability for authorised users.
End-of-contract process
Data extraction and safe disposal of data if required, though is also in client control. Once client confident all data delivered, Free Rein securely delete all data and the CRM instance. Encrypted back up held for up to 12 months after unless specifically requested not to.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Length of scroll to view whole page contents.
Reduced detail in table presentations and media lists in a single screen.
Service interface
What users can and can't do using the API
As this is a specialist technical implementation, Free Rein will guide clients IT contact and provide implementation notes. As each implementation is customised, Free Rein can prepare a secure copy of the system for client IT to use as sandbox before going live.
There is no limitation on API users. Restrictions are based on clients own system configuration.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
System has extensive studio and database update features and Free Rein offer close guidance initially. System has audit facility on fields.
Clients can add and change fields, or add complete new modules.
Free Rein offer a change controlled system update service or client may run their own.


Independence of resources
Managed cluster loading of virtual servers – most automated except under DDOS conditions where manual intervention often required.


Service usage metrics
Metrics types
Client controlled dashboard, elements created as system wide or specific to a user.
Optional self generated reports to client requirements. Reports on demand in any format.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
SuiteCRM (open source) from Sales Agility

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Controls to initiate and manage contents of the data exports are provided by the web interface when enabled and access conditions are satisfied.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • XML
  • Outlook messages, embedded images and attachments (option)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
100% availability excluding planned and emergency maintenance.
Refunds automatic as double proportion of the monthly or annual contract, no claim required.
Approach to resilience
Further detail available on request.
Outage reporting
Email alerts available on a request for subscription basis for general hosting.
Client specific emails regarding any planned upgrades are included as a matter of course and upgrade date/time then to meet client needs.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Systems are initially created with a core group of users from the client organisation who will act as administrators and manage all other users in compliance with their own internal policies.
User capabilities are determined by the roles they have been assigned and the privileges granted to each role.
Support channels are limited to authorised individuals who will be granted appropriate permissions. No external management is available on support channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • We don't store payment information in the cloud services

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials accredited moving up to Plus en route for IASME
Information security policies and processes
The ISMS contains policies and processes that are critical to provide assurance that data is handled consistently and securely. These cover all aspects including asset management, application usage, accounts, emails, storage devices, access controls, and the handling of data.
Procedures exist to ensure actions comply with the defined policies and what to do in the event of non-compliance.
In the event of a suspected incident, the IT manager (or nominee) is responsible for authorising access to equipment, services and data to allow investigations to proceed.
Wherever possible, policies are enforced by automation but in many cases manual intervention is necessary. In these situations procedures define the process required to ensure each policy is being followed and the frequency the process is to be executed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
On receipt of a documented change request, a risk assessment is performed to determine the potential effect the change will have on system components, security and running costs.
Changes will then be implemented in a controlled test environment, where testing and reviews can performed. All changes are be retained within source control.
Once approved, changes will be announced and documented as required before release.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
OS and application patches are constantly monitored and when available they will be assessed and implemented. For critical patches an emergency process is in place to action quickly.
Announcements of potential threats and exploits are received through numerous notification services including CVE databases and OS maintainers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Networks and systems are monitored for abnormal performance and resource usage which may indicate a potential attack or system malfunction. Automated alerts are sent when defined thresholds have been reached.
Activity logs are retained to allow for forensic analysis of actions if an issue arrises.
AntiVirus software is used to scan incoming files and emails to the environment with regular full system scans as an extra measure.
Incident management type
Supplier-defined controls
Incident management approach
Incidents can be raised by users through the support channels or from the automated monitoring systems, all of which have a process to be followed.
Many incidents can be handled either automatically or manually by help desk staff but for complex or time critical incidents, specialist technical support staff will be assigned to ensure a timely resolution.
Incident reports will be made available upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£95 a unit an hour
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.