Edenhouse Solutions

SAP Business ByDesign

SAP Business By Design is a flexible, customisable, market-leading cloud-based ERP solution that enables the management of all business facets. Ideally suited for upper mid-market companies and subsidiaries of large corporations, this complete and integrated SaaS suite supports financials, human resources, sales, procurement, customer service, supply chain management, and more.


  • Customer Relationship Management (CRM); Marketing, Sales and Service
  • Finance; Financial and managerial accounting, Cash flow management
  • Human Resources (HR); Time/attendance/labour management, self-services
  • Procurement; Sourcing, Purchasing, RFQ, Supplier Performance Management,
  • Project Management; Facilitate collaboration, manage/deliver/monitor projects (real-time)
  • Supply Chain Management (SCM); Product development, planning, manufacturing/warehousing/logistics
  • Business Analytics; easily create custom reports using the guided procedures
  • Workflow configuration; multi-step approvals, customised rules for notifications
  • Mass processing and scheduling capabilities
  • Embedded support; incident management (automatic collection of diagnostic data), communities


  • Full mobile device support including reporting and system interaction
  • Standard pre-built integration flows to on-premise SAP products
  • REST API and ODATA exposed services for simplified integration
  • Simplified, modern, customisable, personalisable, branded, Fiori-based user interface
  • Integrated SaaS ERP solution offering CRM, HR, SCM, Finance, Procurement
  • Social media integration for monitoring and responding
  • Scalable in-memory cloud computing, built on high-tech data centres
  • Seamless automatic deployment of major releases every quarter
  • MS Visual Studio shell based software development kit environment
  • Tenanted landscape enabling easy solution and instance management


£13 per user per month

Service documents


G-Cloud 11

Service ID

4 2 5 3 5 4 0 7 0 4 5 3 8 6 5


Edenhouse Solutions

Philip Cartwright

+44(0) 330 058 6020


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There are 2 Maintenance windows every week and one every quarter. Currently, we provide the following regular maintenance windows for each system:

- US data center - UTC-5: Sunday 07:00 UTC to 11:00 UTC
- Germany data center for EMEA - UTC+2: Sunday 00:00 UTC to 04:00
- UTC Australian data center for APJ - UTC+8: Saturday 18:00 UTC to 22:00 UTC
- Germany data center for APJ - UTC+8: Saturday 18:00 UTC to 22:00 UTC

This involves a system downtime period for each system on Sunday's local time for a period of 4 hours.
System requirements
  • Supported OS and browser; MS Windows Vista (32-Bit): Internet Explorer
  • Supported OS and browser; MS Windows 7 (32/64-Bit): Internet Explorer
  • Supported OS and browser; MS Windows 8: Internet Explorer
  • Supported OS and browser; MS Windows 10: Internet Explorer
  • Supported OS/browser; Mac OS X 10.6: Safari, Internet Explorer
  • Pentium4 2.4GHz (recommend Intel Core2Duo 2.4GHz 1066Mhz FSB)
  • At least 1 GB of RAM (2 GB recommended)
  • Minimum network requirements: 1Mbps upstream/downstream, 200ms or better Latency
  • Chrome Version 45 or higher
  • Adobe Reader 8.1.3 or higher

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Target response times: P1 (4 hours), P2 (20 hours), P3 (40 hours), P4 (As agreed with customer
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Edenhouse provide support for all SAP products for both technical and functional support. Our support model is time based with time called off in 30 minute increments against an agreed number of days with each day being 7.5 hours. All of our UK based support consultants are senior level with an average of 16 years’ experience across the teams and so we have one charging rate for all consultants as well as a management fee depending on the size and scale of the required model - such as if additional services are request like out of hours support or system monitoring. A named account director and named service delivery manager are assigned to all of our support accounts. Both these individuals perform roadmap planning, and monthly reviews with each of our customers whilst also ensure SLA compliance.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started SAP Business ByDesign is a self-documenting solution with extensive in-built help, community forums, blogs, wiki entries, SAP YouTube channel for guidance videos, as well as online user guides and administrator guides.

The Help section within SAP Business ByDesign is also customisable, meaning that a company can add in their own documents and content, including videos.

This is of particular use when it comes to on-boarding of new staff; not only can users add their own notes for specific sections, but authorised users could add specific content, such as a job description/duties, or even a "How to Video" for specific roles and functions within that role.

A typical implementation will not require additional user documentation, but will include on-site "train the trainer" sessions to key users who co-ordinate and delivery training to the user base. However, at customer request training can be provided to end users and additional documentation can be provided.
Service documentation No
End-of-contract data extraction Data held within SAP Business ByDesign may be exported by:

* Mass Data Maintenance functionality
* Open APIs that are standards-based Web Services
* iFlow integration scenarios for standard integration via solutions SAP Process Integration or SAP Cloud Platform
* Reporting, dashboards and analytics
* Excel from all results lists, where permissions allow this

SAP Business ByDesign has a native link with MS Excel in order to utilise the power of that solution - so any report that can be created, against any of the data in the solution, can then easily be passed into MS Excel.
End-of-contract process As a SaaS based offering, Business ByDesign provides full technical support and maintenance of the systems within their data centres. This includes all upgrades (performed on a quarterly cycle), bug fixes etc.
An exit plan will be determined on a case by case basis, with steps and charges discussed and mutually agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Both mobile devices and desktop computers can access the service via the SAP Business ByDesign application or via a web browser. SAP's latest UI, the Fiori UI (formerly the Responsive UI) dynamically adapts to the screen format and resolution of the device being used to adjust the layout appropriately. There are 4 Applications:
- Business ByDesign App – I-Phone, I-pad and Android
- Business ByDesign Approvals – I-Phone, I-pad and Android
- Business ByDesign Project To Go – I-Phone, I-pad and Android
- Business ByDesign Time Recording - I-Phone, I-pad and Android
- Business ByDesign Business Insights – IPAD
Service interface No
What users can and can't do using the API SAP currently provides 70 integration scenarios with 265 Web Service APIs to enable the standard integration of on-premise, cloud-based, and third-party solutions with SAP Business ByDesign. These services are listed at the following URL along with all associated documentation, and are too numerous to list here - https://help.sap.com/doc/saphelp_byd1702_en/2017.02/en-US/PUBLISHING/IntegrationServices.html.

Sandbox testing is via the customer's test tenant provision, included as standard in the customer agreement with SAP.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation User interface can be corporately branded by an administrator. Role-based authorisations determine the screen layouts, views and access for each user, as defined by an administrator. Fields, screens, components and objects can be extended (standard)and created (bespoke) by a developer using the software development kit (SDK) based on Visual Studio shell. New fields can be created, existing fields can be relabelled and hidden by an administrator or authorised key user. Administrators and/or key user can create data sources, reports, report views and selections based on standard and bespoke business objects. An administrator or a developer can create and amend PDF output documents using a plug-in for Adobe LiveCycle Designer. User interface can be personalised by end users, such as resizing and reordering results columns, saving search queries and setting these as the default query for a particular view. End users may add additional fields to results lists and so on through personalisation, where the fields have been made available by an administrator


Independence of resources Combined with virtualisation, decoupling hardware from the operating system and applications, multi-tenancy occurs when many customers are served on one instance. Virtual machines (VMs) share the hardware environment, and one system can accommodate more than 100 tenants.

Using adaptive computing, virtual machines are not shut down to be rescaled or updated, and changes can be made while they are running applications, with minimal downtimes. To enable this, a new VM is prepared and the application is simply “moved” to the new VM. Moving and rescaling VMs dynamically enables resource independence from the demands of other customers using the same service.


Service usage metrics Yes
Metrics types Service usage metrics are as follows:
* User Subscriptions: Current month and last 6 months
* User Interactions by Day
* User Interactions by Hour
* User Login by IP Address and Performance
* Usage by Screen
* Screen Usage Trend
* Screen Adoption By User
* User Logon Activity
* API Usage Statistics
* SOAP API Usage Statistics
* OData API Usage Statistics
* System Availability: Average Availability by month
* System Availability: Downtime Details (instances)
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold SAP SE

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export data from the solution in a number of ways:

* All results lists in the solution enable the export of the results to XLSX format, where the user authorisations permit this action
* Key business objects such as customers/accounts and opportunities provide the ability to export a summary to PDF format
* Business analytics enable flexible reporting that can be exported to CSV or XML format, or printed (including to file)
* Administrators can export data sets using the in-built migration tools, to XML format
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
  • XLSX
  • Webservice (JSON, SOAP, REST)
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability System availability SLA is 99.5% system availability during each calendar month for production versions. Credits are 2% of Monthly Subscription Fees for each 1% below 99.5% System Availability, not to exceed 100% of Monthly Subscription Fees
Approach to resilience SAP data centres have the following features to ensure continuity of service:
* Redundant additional power network in case of power outage
* Backup batteries and generators
* Redundant additional coolant systems in case of coolant system failure * Redundant additional internet connection to guarantee connectivity
* Data stored in backup location to save-guard against natural disasters and malicious attacks
Outage reporting Where there is a service outage, all affected customers will receive email updates from SAP to their nominated IT representative for each of their affected systems. Details included are the system affected, the date/time of the incident start and when it was resolved, a description of the original issue, details of the root cause, problem resolution and corrective action being taken to prevent repeat occurrences.

A public dashboard is also available at https://wiki.hybris.com/display/c4crelease/Service+Availability which shows the current status of the SAP data centres in Germany, USA, Australia, China along with service statuses for print, email, network and general availability services. A data centre specific history of recent issues is also displayed.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted using assigned business roles and organisational management assignment. Restrictions are contextual (e.g. users can see data relating to them, their team, their territory; managers can see data relating to their team members) and can be restricted at different levels:

* Screen access (work centres and views)
* Fields can be write/read-only or restricted
* Actions (e.g. escalating a ticket, exporting specific data to Excel )

Additionally, page layouts and the model rule editor enable setting attributes including visibility of screen sections or specific fields by business role or data (e.g. hide field "x" for complaint tickets).
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 26.02.2016
What the ISO/IEC 27001 doesn’t cover The scope for Edenhouse Solutions ISO27001 accreditation is SAP Support, Enhancements and Projects. What is currently out of scope and therefore not included are the following areas
Key management – we do not have a policy on the protection of cryptographic keys as we currently do not use these.
Working in Secure areas – We currently have no procedures for working in secure areas as Edenhouse do not have any secure area working currently.
Secure development policy – Rules for the development of software are not in place as Edenhouse does not currently develop software.
Restrictions on changes to software packages. Currently no procedures in place as we do not develop software.
All of the above would be reviewed and policies created should they come into scope for Edenhouse.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All of our security policies are strictly aligned to ISO27001 Standards. Our Consultants access our BYD customers' systems via secure https connections that require a unique user ID and password. Any email communications are encrypted. Edenhouse is accredited to the 'Cyber Essentials Plus' standard for all its networks and infrastructure. Reporting Structure: Our Chief Information Security Officer is Delivery Director Ian Fisher. Beneath him is our Information Security and Cyber Essentials Team. They ensure that our users adhere to our security policy and processes and these are audited on a regular basis. Each BYD customer has an Account Director and Service Delivery Manager. The BYD team has a Principal Consultant and Team Lead.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We align our change management processes to the customer's requirements, however, for internal changes we have a Change advisory Board to review all change requests and approval is only given from the CAB to proceed with any change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have an Annual Vulnerability check and based on the findings from that check we create tasks to eliminate any found vulnerabilities.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our Data Centre have a Network Operations centre which continuously monitor our network and communication lines. We also have internal monitoring where we run an average of 5 million tests per month.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We align ourselves to ITIL incident management processes and use SAP CRM toolset for the incident life cycle.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks API's exist, allowing bespoke connections to be made


Price £13 per user per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑