Unit4 Enterprise Resource Planning / Unit4 Student Management
The Business World and Student Management Suite provides an integrated Self Driving ERP platform including: Finance, General Ledger (GL), Budgeting, Accounting, Creditors, Debtors, Financial Planning, Cash and Income Management, Procurement, Purchasing, Human Resources (HR), Payroll, eRecruitment, Expenses, Absence, Timesheets, Project Management, Project Accounting/Costing, Student Management, Research, Reporting/Analytics and Asset Management.
- Full coverage of ERP for Public Sector and Education Sector
- Full suite of Student Management Solutions
- Fully Managed Azure Cloud Solution with UK / EU Datacentre
- Dual Site Disaster Recovery
- Mobile Applications available
- Support for Collaboration
- Securely Accessible from anywhere
- Comprehensive Integration capabilities
- Integrated Reporting Tools
- Industry Good Practice Business Processes
- Total Low Cost of Ownership
- Ability to adapt to Business Change
- Sector Specific Functionality
- Upgrade Elasticity
- Ease of Access
- Change when you change
- Working how you work
- Delivering what you choose
- Solution Completeness
- Secure Cloud operation with Azure
£7.59 per person per month
UNIT4 Business Software Limited
Mark Gibbison - Global Director Public Sector
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||Support inline with SLA'S contained within service definition document.|
|System requirements||Fully Managed Cloud Service|
|Email or online ticketing support||Email or online ticketing|
|Support response times||As per response times in our SLA within our Service Description Document|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Unit4 Customer Support is the single point of contact for all Service issues regardless of type of issue.
Unit4 Support and Operations activities:
• Deploy solution updates.
• Management and maintenance of all infrastructure.
• Network connectivity of Unit4 SaaS to public internet.
• Back-up and disaster recovery.
• Security of application operating environment and infrastructure.
• Monitoring of application and infrastructure.
• Performance tuning.
• Trouble-shooting and resolving issues, both customer-initiated and those raised by monitoring alerts.
• Database copy between environments upon request, e.g. Production to Preview.
Unit4 provided a Fully Managed ERP Solution hosted as a SaaS Service on the Microsoft Azure Cloud.
Incident logging and escalation for Unit4 Cloud is carried out through the Unit4 UK service desk and can be done via telephone (9am – 5pm) email or customer support portal both of which are available 24 hours per day. Incidents will be logged by the customer suitable trained named individuals who will set a priority based upon system and business variables. Once logged unit 4 will progress these to resolution within the target response and resolution times for the given SLA. An Account Manager is provided for all Unit4 Customers.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Training can be provided as a mix of “Train the Trainer” and eLearning techniques. Unit4 will ensure a customer’s super users are provided with sufficient training to be able to conduct a detailed User Acceptance Testing session, and have a through understanding of all aspects of the solution including the relevant knowledge for creating user defined reports. The Unit4 training will also ensure that customers have sufficient capabilities to support their own System Administration going forward into and beyond Go-live. This training will be a combination of hands on and classroom/elearning training for project team. There is also functionality with in the product to assist in supporting end users such as the Knowly experience pack which allows both Super users and Individuals to make notes on tasks and actions on specific screens. System documentation is supplied in pdf format in line with government open document standards.|
|End-of-contract data extraction||
Upon final exit Unit4 will export the final copy of the Production Database to a Unit4 controlled Azure storage location. The export will be in a format usable with the latest version of Microsoft SQL Server. Customers can manually download this export from this location. Unit 4 will maintain a secure read only copy of the Autorities production environemtn including database for a period on 1 month post exit, this copy will then be deleted unless the Authority informs Unit4 otherwise.
Customer responsibilities for this additional service offering include:
• Customer access responsibility – control who has permission to download the export
• Ensuring data privacy during and after download
• Establishing, monitoring and managing the download process
• Restoring or importing the export once downloaded
• Licensing, operating and installing in the customer’s IT infrastructure any applications that will be used in the retrieval process and subsequent use of the export
Upon any termination of the Agreement Unit4 shall, provided that it has received a request in writing from the Customer no less than 3 months prior to the scheduled termination date, continue to provide the Software Service to Customer under the same terms for a transitional period of up to six (6) months. Access to the Software Service during the Transition Period will be subject to the fees set out in the applicable Call Off Agreement, prorated on a monthly basis and payable in advance, based on the annual fees charged to Customer for the Software Service during the twelve month period immediately preceding the termination date plus an additional ten percent (10%).
During the Transition Period, Unit4 will provide cooperation and assistance as Customer may reasonably request to support an orderly transition to another provider of similar software, services, or to Customer’s internal operations. Such cooperation and assistance will be limited to consulting regarding the Software Service and will be subject to a fee based on Unit4’s then-current rates for Professional Services and such services will be set out in an Call Off Agreement.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile service accessed through propriety apps or HTML5 rendered browser. Limited number of transactions still require full desktop client typically high volume transactions.|
|What users can and can't do using the API||
Unit4 Business World Web Services provide a way of processing data, in a secure manner adhering to modern industry standards, but requiring some technical expertise. Unit4 Business World Web Services include options to create and maintain Absences, Applicants, Employee balances, Commitment transactions, Customer master maintenance, Document archive, Employments, HR maintenance, Masters and Attributes, Payroll transactions, Planner transactions, Position master file, Project master file, Rates register, Resource master file, Supplier master maintenance, Timesheets, Travel expenses, User status and maintenance, Value Reference Rates, Workflow. Where a Web Service is not yet exposed, ACT (Customisation Tool can often be used to modify or expose new Web Services.
Within Unit4 Student Management, Unit4 recognises that there will always be a need to interface to other systems including learner management and financial management systems and there is a rich web services API layer to provide full Integration with third-party applications with minimal IT support. The API provides the ability to get or insert/update/delete any data element and can invoke actions (e.g. run a report, send an email etc).
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||Unit4 products are highly configurable through the application itself, so very few of our customers find a need to customise the solution. ACT is a customisation tool that is only available to Unit4 Integration consultants to increase the functionality of Unit4 products.|
|Independence of resources||In Unit4 Cloud, processing resources are shared, but Unit4 monitors and leverages elastic resourcing to ensure all get sufficient to meet the SLAs, and to handle activity peaks. Azure provides the first level of network separation, upon which Unit4 adds further isolation using VNETs. In a Dedicated service model a dedicated VNET is provided so all available network bandwidth is dedicated to a single customer. Unit4 customers always have a dedicated database to ensure data separation. In a dedicated cloud processing resources are also dedicated to a single customer, and an option of VPN and ExpressRoute connectivity.|
|Service usage metrics||Yes|
|Metrics types||Service metrics for key performance indicators.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||User can export their data in a variety of formats including .xls, .csv, or xml.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Unit4’s service availability commitment for any given calendar month is that the Production Service will be available at least 99.8% of the time. Service Availability is calculated per month as follows:
Total time - Service Outage divided by total time times 100 = greater than 99.8%
“Service Outage” means the time (in minutes) that the Production Service is unavailable (as measured in accordance with this Section A, paragraph 1) in any month, but excludes any unavailability for those reasons set out below under the heading “Exclusions”;
“Total Time” means the total number of minutes in any month;
Unit4’s service availability commitment excludes any unavailability for the following reasons:
• Planned Maintenance;
• Unplanned Preventative Maintenance;
• failure of any circuits or connections provided by third party telecommunication providers or common carriers;
• failure of any external internet service provider or an internet exchange point;
• acts or omissions of the Customer or any Users permitted to access the Production Service;
• behaviour of Customer applications, equipment or managed operating systems;
• Force Majeure events (as described in the SMA).
|Approach to resilience||Available upon request|
|Outage reporting||Service outages will be reported via the Unit4 customer portal. Which all customers will have access too.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||There is no direct user access to the servers in Unit4 Cloud; but read-only SQL access is offered to a replicated database. Internal Unit4 Cloud operations, (system and database administrators) have access rights to manage and maintain the Cloud Services provided to customers, which are regularly reviewed and a formal change-control and audit log documented. Guidelines and processes regarding access are governed by SSAE and ISO standard compliances that Unit4 has achieved. Unit4 Service desk staff do not have direct access to servers and the production database, so all changes are made by Unit4 Cloud operations.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||NQA Certification Limited|
|ISO/IEC 27001 accreditation date||15/02/2018|
|What the ISO/IEC 27001 doesn’t cover||
The scope of this approval is applicable to:
The design, development, provision and support of Unit4 software products and associated consultancy, technical and managed IT services. Statement of Applicability v2.
The scope covers all UK activities, and also include Global activities, hosting, SaaS etc
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||SyberNet Self Assessed Certification|
|PCI DSS accreditation date||01/01/2017|
|What the PCI DSS doesn’t cover||The service is deployed as a hosted service, via our partner SyberNet, who are required to run and maintain it in a PCI compliant environment. Sybernet are currently a Level 2 service provider with less than 300,000 transactions annually and so they complete an SAQ, a Quarterly scan by an ASV (they use Qualys as their Approved Scanning Vendor) and provide an attestation of compliance (AOC).|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Unit4 global SaaS Information Security Policy can be provided upon request. Unit4 is accredited to ISO 27001 Information Security Management.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Unit4 Cloud relies on the expert services of Azure, who provided the underlying platform, network connectivity and System software. The Azure platform offers High Availability, Fault Tolerance, and redundancy at all levels, and components are automatically replaced at the end of their lifetimes or when failed – all contributing to the Unit4 system availability SLA of 99.8% Unit4 software, both Major Feature Releases and Service Updates, is updated automatically as part of the Unit4 Cloud service (with optional deferment). Deployments within Azure allow everyone to benefit from their experience of running highly secure and compliant online services.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Deployments within Microsoft Azure allow everyone to benefit from their experience of running highly secure and compliant online services around the globe (such as Microsoft Cyber Defense Operations Centre, a 24x7x365 state-of-the-art cybersecurity and defence facility). Unit4 Cloud has implemented industry leading anti virus, intrusion prevention system and intrusion detection solutions (IPS IDS). Unit4 Cloud works with R&D teams to identify, mitigate and share information about known risks. Unit4 uses log monitoring and analyses to identify usage anomalies and exceptions. Software patches are applied during the maintenance window, but security patches are applied immediately.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Unit4 Cloud’s end to end service includes hardware and system software, monitoring, management and maintenance of the Unit4 software and environment in Unit4 Azure. A continuous 24x7x365 monitoring program is in place to detect and resolve infrastructure and application issues in order to meet Unit4’s application availability targets. The monitoring covers solution health, availability and response times. Priority 1 alerts generated are handled by Unit4 staff 24x7x365. See also the response concerning Incident Management Approach.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Unit4 and Customer comply with their obligations in the following Policies and Procedures, which have been written to explain how to ensure your system is secure now and into the future:
Information Security policy;
Business Continuity and Disaster Recovery;
Acceptable Use Policy;
Unit4 Safety in the Cloud White Paper
Unit4’s external facing information security policy can be provided upon special request with an NDA.
Hence, there is a formal incident Management policy, and users may report incidents via the Unit4 Service Desk. Relevant incidents will be reported back to customers on the Customer Portal.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£7.59 per person per month|
|Discount for educational organisations||No|
|Free trial available||No|