Sage X3 Saas ERP Software: Finance, Purchase & Inventory Control, Customer Services and Reporting

Sage X3 delivers comprehensive business management covering; finance, budget management, HR, supply chain, inventory control, warehousing, manufacturing and reporting . Sage X3 has over 50 industry-specific add-on solutions.

Be faster, more intuitive and work in a tailored deployment, online.

Sage X3 delivers flexible capacity, flexible configuration, customisation and system evolution.


  • Designed to make product centric business thrive
  • Cloud based, robust and scalable: from 4 users and up
  • Manage complex contractual relationships across the value chain
  • Manage resources and assets, whether staff, sub-contractors, stock or equipment
  • Plan and execute across multiple locations on one central system
  • Use from any web enabled device
  • Inbuilt workflow and automation
  • Comprehensive and powerful financial and business data management
  • Project, Supply Chain & Quality Management options
  • Integrated data analytics and visualisation tools


  • Maintain regulatory compliance. Meet fiscal and financial reporting requirements
  • Optimise employees with secure online availability; anytime, anywhere
  • Tailor Sage X3 to business process needs for greater efficiencies
  • Rapid deployment. Finance from 35 days+ & Manufacturing 85 days+
  • Full purchasing Delegation of Authority to control spending against budget
  • Simplify stock and stores management with integrated bar code scanning
  • Full inter-company transaction management to reduce rekeying.
  • Improve customer service (internal and external) through insightful data reporting
  • Scan supplier invoices and auto process matching and approval
  • Reduce time on tedious tasks by utilising the Workflow automation


£1,625 to £2,500 a person a year

Service documents


G-Cloud 12

Service ID

4 9 1 5 3 9 6 3 3 3 8 0 8 7 0


Telephone: 08450943885
Email: nick.tucker@x3consulting.com

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Refer to Service Delivery documentation
System requirements
  • Compatible with MAC and Windows operating systems
  • Compatible with most handheld/mobile devices. Check on application for list
  • Internet connectivity required for device access
  • Integrated VPN user access can be supported. Check on application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please refer to the Service Description document for Support SLA details
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Please refer to our Service Description for details on the SLA's for support
Support available to third parties

Onboarding and offboarding

Getting started
Product deployment requires a review of functional needs to properly tune the application to deliver the required outputs from the required inputs. Scoping is provided (onsite or remote) together with full support through testing, training and deployment to a live environment. Standard user documentation is available and can be tailored to suit the exact needs of the project. Project management is integral to the whole project delivery process along with data migration (where needed), report design and ongoing application support. Full system documentation defining standard delivered functionality is provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The core financial data is capable of being retrieved using Microsoft SQL query tools to form a SQL dataset containing all relevant information relating to the accounting period(s) covered.

Sage X3 application tables are accessible using common reporting tools such as PowerPlay or Excel for key data retrieval by non-technical users.

Depending on the modules in use and any additional "add-on" applications selected the extraction of data may result in more than one dataset being produced.
End-of-contract process
At the end of the contract the user has the option to obtain a SQL copy of the data generated during the lifetime of the contract or renew for a further period of use for continued access/regulatory compliance.

There are no additional costs in providing a SQL copy of the data on completion of the contract, which will be structured as per the application and require the user to either access it using an alternative Sage X3 software or reporting tools like Excel or PowerPlay.

Additional costs will be incurred for the management of the data into a set format at the request of the end user such as for the purposes of import to another ERP application.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Screens on the mobile use are simplified versions of the full application. Standard functionality on the full application is present on the mobile app.
Service interface
What users can and can't do using the API
Subject to the hosting method chosen integration using API's is possible. API development is normally the purview of the delivery partner until such time as training or knowledge transfer has occurred to the appropriate in-house technical resources if that is required. API documentation defines the extent of use for each API relevant to the chosen application. A sandbox environment can be made available as part of the overall deployment if required.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Throughout the implementation stage, elements of the service can be tailored to suit the specific requirements of the process being mapped. Users with the appropriate training or consultants supplied as part of the implementation delivery can customise elements of the core service application. It is possible to customise the application post go-live.


Independence of resources
In Private Cloud: Each installation operates on their own platform as a service delivery which ensures that the performance modelling relates only to their specific usage. In Public Cloud/Hosted: Performance modelling is applied to the assets deployed aimed at delivering a minimum acceptable standard of responses across the estate through the usage period.


Service usage metrics
Metrics types
We provide information on overall system uptime & performance metrics along with Sage user metrics such as total login events, average length of login, last login etc.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported using SQL tools (where permissions are granted) or using Microsoft Excel where the data can be retrieved in Excel or CSV format.
Data export formats
  • CSV
  • Other
Other data export formats
Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
Microsoft Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Refer to the Amazon Compute Service Level Agreement which can be found here:- https://aws.amazon.com/compute/sla/
To be read in conjunction with the latest Sage Software as a Service Handbook, available on request.
Approach to resilience
To be read in conjunction with the latest Sage Handbook this article describes the AWS approach to resilience. https://d1.awsstatic.com/whitepapers/compliance/AWS_Operational_Resilience.pdf
Outage reporting
A public dashboard can be found here:

Specific individual reporting is available via the Sage user portal (login required)

Email alerts can be configured in agreement with the customer subject to notification policies of the customer on recipient emails from 3rd party automated services.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Support access is provided using the same credential requirements as that of a customer user. Interface to the applications is via secure and expiring token access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
UK Service provider interaction with the Amazon Web Services platform
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
UK Service provider interaction with the Amazon Web Services platform
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
See Security Management in the hosting guide.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
An audit service (staffed) monitors the application configuration which reports on changes to the setup, configuration and parameter settings of the operating, application and database layers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Relevant vendor patches are applied at the earliest point of release in a structure manner. Threats are assessed based on the type of hosting utilised whereby ownership of the threat spectrum rests with the public cloud supplier in the first instance (AWS for example). In Public/Hosted environments this is covered with the managed service SLA's. Threat assessments come from the AV vendor, Sage and the hosting partners.
Protective monitoring type
Protective monitoring approach
Infrastructure management services are included with proactive system availability and system access monitoring. 24x7 NOC monitoring, 24x7 incident response. 99.5% service availability. Local Customer Services respond during working hours. Patching and upgrades delivered by Sage. Cadence for application releases is quarterly, with the maximum delay for release install set at nine months.
Incident management type
Incident management approach
Incidents are managed using a web based application to record instances of issues and problems. A service level agreement provides for response times and the incidents are managed on a daily basis for review and update. Reports are provided using a self service ticket portal for authorised support users.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£1,625 to £2,500 a person a year
Discount for educational organisations
Free trial available

Service documents