Arthur Online Limited

Arthur Online Property Management Software

Provides a cloud-based property management software that can be used for any type of property. Offers a complete solution for the tenancy journey from start to finish via both web-based and native mobile apps to the following: property managers, tenants, contractors, property owners and letting agents.


  • Remote access for all 5 different user groups
  • Document management at every level of the hierarchy
  • Certificate management
  • Maintenance workflow management
  • Real-time reporting
  • Recurring invoice generation
  • Financial statement creation
  • Record all financial data relating to property management
  • Automated and instant communication
  • Bespoke workflow automation


  • Share information to all users quickly and easily
  • Automate processes to save time and money
  • Bring all property management documentation into one place
  • Future-proof property management by making it digital
  • Offer transparency between all usergroups to remove friction
  • Manage on-the-go via functionally rich native mobile apps
  • Easily manage miscellaneous data relating to properties and tenancies
  • Auto-populate documentation through word macros
  • Remain compliant within the industry
  • Save time and improve efficiency throughout the company


£0.30 to £1.25 per unit per month

Service documents


G-Cloud 11

Service ID

4 0 7 2 6 0 1 8 4 1 1 1 5 1 1


Arthur Online Limited

Rochelle Trup


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Xero accounting software, QuickBooks Online Plus accounting software, Advanced Tenant Referencing, Zapier, StuRents, RightMove, Signable, Zoopla, FastSMS, Experian
Cloud deployment model
Public cloud
Service constraints
System requirements
Standard requirements for internet-based applications

User support

Email or online ticketing support
Email or online ticketing
Support response times
2-3 mins weekends saturday till 1

sunday no

monday -fri 9-8
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Intercomm Standards
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Contact form/email support: Response within two days.
Live chat support: Response within 15 minutes during business hours.
Online screen share support: at the discretion of the support employee
Online screen share tutorial: pre-booked, amount defined on a per month basis based on the package a user chooses. Additional sessions charged at £75+VAT
Telephone support: Available during business hours Monday-Friday
Face to Face half-day training sessions: £500+VAT
Face to Face full-day training sessions: £750+VAT
Relationship managers are provided for companies on the Enterprise package or if they meet certain criteria in terms of size.
Support available to third parties

Onboarding and offboarding

Getting started
Users are given bespoke starter guides for their particular business setup. The user can the decide whether or not they want to upload their information or get the Arthur Online team to upload it. Whilst this is being completed, support staff will train "super users" (amount dependant on company size) through online training sessions. Once both the training of the super users and the content upload is completed, Arthur Online will offer general training to the remainder of the staff, either via online training sessions or through onsite training at the client's facility. As the relationship continues, Arthur Online will continue to offer these two services. Throughout this process, the client will have a Relationship Manager. They will also have access to extensive help documentation throughout the onboarding process, as well as our live chat service operators.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Uploaded certificates, images and documents must be downloaded manually.
Data that has been inputted can be extracted in the form of a .csv file
End-of-contract process
Arthur Online works on a monthly rolling contract. If the user chooses to end their relationship with the business then the user can extract their data, followed by cancelling their direct debit mandate. At the point this occurs, Arthur Online will freeze the user's account and prevent access. The user can then request that all their data be removed from the system, at which point Arthur Online will comply as far as the law allows.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
Functionality is released on the web application before being transferred down onto the mobile applications.
Service interface
What users can and can't do using the API
The Arthur API provides various end-points to build custom integrations with a RESTful interface using OAuth v2 to authenticate third party applications. The API exposes most Arthur functions such as property, units, tenancies, contacts and lookup tables. We're constantly improving the documentation and adding more end-points.

The Arthur API supports standard RESTful HTTP methods: GET, Make a GET request to retrieve data, POST, Create new record, PUT, Update an existing record, DELETE, Remove a record.

JSON: The Arthur API only supports JSON for POST and PUT methods. GET methods return JSON formatted data.

Arthur supports various filters for conditional GET methods.

Pagination, limiting records and ordering can be specified passing GET parameters in the URL.

Arthur's webhooks allow your application to receive events that occur in your Arthur account. Most events in your account from adding a property, editing tenancies etc. will be sent to this callback URL with the relevant JSON data.

Rate limiting on the Arthur API is controlled separately for each Arthur user account. Global rate limits on the live server allow 5000 requests per hour
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • Other
API sandbox or test environment
Customisation available
Description of customisation
White label the looks, add analysis codes for personal costs, add individual VAT codes for transaction types, add document types specific to your business, add tenancy types specific to your business, decide what your homepage information displays, choose permissions for different user groups, create your own mobile apps (additional cost), recurring invoice generation, recurring task generation, FAQs for tenants/owners/contractors/managers, any automated communication.

All of this can be done through a user's account.
The decision as to who is allowed to customise rests with the main contact on the account.


Independence of resources
We have 'scaleable' servers. This means that as more demand is placed on the servers, more come online in order to ensure that speed is steady for all users.
Arthur Online operates a fair usage policy that prevents any one client taking up more time in relation to client facing services than is fair.


Service usage metrics
Metrics types
Property status
Tenancy status
Payment status
Certificate status
Documents uploaded
Status of tenant raised issues
Status of jobs being completed by contractors
Status of legal notices
Status of inventory guarantee's
Status of viewings
Status of applicants
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is an option within their account to export to a series of .csv files. By using the export function, a copy of their data will be sent to the main contact of the account with a zip file of their data
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The product is available 7 days a week, 365 days a year with a guaranteed up time of 99.999%. Arthur Online have a 100% up time in the past 24 month.
Arthur Online's SLA:
Arthur Online's support team is guaranteed to be available 9am-5:30pm, Monday to Friday (excluding bank holidays) and 10am-1pm on Saturdays.
Approach to resilience
Available on request
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Only staff members that need access to complete their job have access to management interfaces and support channels. Before they are given access to these areas, their job is fully scoped and areas of the different management interfaces and support channels are 'turned off' from their account. This means that they do not have access to these sections at all. Different management interfaces and support channels have different levels of restrictions to access them. Some have username and password, others go as far as IP-address verification. This is dependant on the sensitivity of the data stored in each area.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Arthur Online is currently undergoing ISO 27001 compliance.
The Chief Technical Officer (CTO) is responsible for all security governance within the service and for internal data. The CTO has implemented a documented framework for security governance, with policies governing key aspects of information security relevant to the service, such as personally identifiable information and bank information. These processes are then implemented and enforced on a daily basis by team leaders within the company.
Whenever there is a change within applicable legal and regulatory requirements, it is the CTO's responsibility to scope and implement the changes with support from their team.
Information security policies and processes
Arthur Online is compliant with the GDPR.
Three-stage authentication is required to access any 'back-end' area where data can be manipulated.
Different usergroups have different access rights.
IP address authentication.
All internal processes for information security are documented and hard copies maintained.
Physical information is shredded once no longer necessary.
New staff members are trained directly by Arthur Online's Data Protection Officer with existing staff being required to partake in 'refresher' training once a year or when a major change is made to the company's processes, whichever comes first. If a staff member is found to not be following the processes, immediate 'refresher' training is completed and a potential probation period implemented.
The reporting structure for any problems that arise regarding information security move up the internal hierarchy of that team. Upon discovery, if unable to rectify the problem, the reporter passes the information on to their manager. From here the manager investigates the report and, if it is found to be legitimate, will notify any client affected and either rectify the problem or pass it on to the Data Protection team. The Data Protection team will then work to rectify the problem.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components within the service have a fully documented lifetime history. This includes components that are part of the service, such as the Tasks component, as well as components necessary to offer the service, such as servers. These documents are maintained on a secure cloud file, as well as an external hard drive. Reports on components are created on a regular schedule to manage performance.
Before any major change is made to the service, the responsible team will spend a minimum of 6 weeks scoping the impact that it will have. This period changes based on the size of the change.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
A full assessment of potential threats is completed on a monthly basis. Assessment of individual areas that have been flagged for investigation are then completed throughout the month, as well as assessment of random sections of the service. The prioritisation of any problems is then completed by a group compiled of a business head, a developer head and a customer service head at minimum. Patches and improvements are released on a weekly basis, but can be sped to every two days if necessary. Potential threats to the system are reported automatically as well as manually by support staff
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
An automated monitoring system is in place that runs 24 hours a day, 365 days a year. The service is also monitored by staff during business hours. Potential compromises are identified by the automated monitoring system or by staff. When a potential compromise is identified that related to attack, misuse and major malfunction, it moves to the top of the priority list with immediate effect. Incidents are responded to immediately. Dependant on the type of compromise depends on what actions are taken, whether that is freezing an account or pushing a fix, for example.
Incident management type
Supplier-defined controls
Incident management approach
Pre-defined incident management processes are in place and are taught to all relevant staff upon induction, as well as 'refresher' training occurring yearly on whenever a major change is made, whichever is soonest. Users are able to report incidents through email, live chat, contact box and via telephone. They can then be given a report number, which they can use to track the status of their reported incident as it is investigated. If an incident occurs that will affect a user, the main contact for an account will be contacted via telephone of email within one working day

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£0.30 to £1.25 per unit per month
Discount for educational organisations
Free trial available
Description of free trial
A free trial of the Standard package is offered for 30 days. This doesn't include: task checklists, automated reminders, recurring tasks, snoozing tasks, recurring work orders, online applicant form, account personalisation, templated FAQs, templated messages, applicant matching, permissions, bespoke app creation
Link to free trial

Service documents

Return to top ↑