SAP Business One - B1 Cloud software for Implementation and Migration

Genisys SAP Business One offers full ERP capability for small to medium sized organisations. Deployed in the cloud with Genisys Group full managed support service, Business One offers excellent time-to-value to clients. Full implementation service is also available from us


  • Multiple hosting options - on premise or cloud
  • UK based support
  • Cost effective, expert B1 consultancy & support
  • Option of Databases - SQL or HANA
  • Integrated Reporting & Analytics
  • Options for multiple currencies and languages
  • Affordable licensing model
  • Cost effective support packages


  • Realise the benefits of real-time reporting
  • Implement best business practice to your organisation
  • Cut costs with a sustainable support model
  • Integrate into existing solutions as required
  • Choose the right hosting and platform solution for your budget
  • Enable your organisation to be agile and responsive to change


£30 per person per month

Service documents


G-Cloud 11

Service ID

5 7 8 2 8 3 4 0 9 4 6 8 3 0 3



Chan Vyas


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints SAP recommends that you always upgrade your Business One installation to the highest available release and patch level. Upgrades and patching are not mandatory and maintenance agreements and windows can be agreed with your support partner as required by your business
System requirements
  • Microsoft® Internet Explorer 8.0 or higher
  • Microsoft® Data Access Components 2.6 (MDAC) or higher
  • 1x Intel® Core® i3 Processor (or equivalent)
  • 2 GB (minimum) Memory
  • Hard Disc System partition 2 GB, Data Partition 1GB
  • DVD-ROM Drive
  • Display 1024 x 768 with 24-bit colors or higher (minimum)
  • Sufficient bandwidth > 100M, Small latency < 1 ms

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24x7 access to Support Engineers via email and phone 24x7 access to billing and subscription support, online self-help, documentation, whitepapers and support forums Minimal business impact (Sev C): <8 business hours1 Moderate business impact (Sev B): <4 hours Critical business impact (Sev A): <1 hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Genisys Group provides support for all SAP products for both technical and functional support. Our support model is time based with time called off in 30 minute increments against an agreed number of days with each day being 7.5 hours. All of our UK based support consultants are highly experienced in Business One solutions and implementations and so we have one charging rate for all consultants as well as a management fee depending on the size and scale of the required model - such as if additional services are request like out of hours support or system monitoring. A named account director and named service delivery manager are assigned to all of our support accounts. Both these individuals perform roadmap planning, and monthly reviews with each of our customers whilst also ensure SLA compliance
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Genisys provide onsite training, user documentation & SAP resources to end users. A typical implementation will not require additional user documentation, but will include on-site "train the trainer" sessions to key users who co-ordinate and delivery training to the user base. However, at customer request training can be provided to end users and additional documentation can be provided. There are a multitude of SAP resources available via the SAP portal across a wide variety of subject matters.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Approved users can extract the data from the solution at the end of the contract in CSV format.
End-of-contract process Price depends on the following,
Monthly price estimates are based on 730 hours of usage.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices No
Service interface No
Customisation available No


Independence of resources Pay only for the resources you use and cancel anytime.


Service usage metrics Yes
Metrics types •CPU
•Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data from SAP Business One can be exported from almost anything from query results, reports, and marketing documents - one can even export the main menu!
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee at least 99.9% availability of the SAP B1 services. Moreover, to be agreed on a contract by contract basis - as a general rule the System availability SLA is 99.9%
Approach to resilience Depending on the hosting option taken by our clients, there are a wide variety of resilience steps taken into account. These can include:

* Redundant additional power network in case of power outage * Backup batteries and generators * Redundant additional coolant systems in case of coolant system failure * Redundant additional internet connection to guarantee connectivity * Data stored in backup location to save-guard against natural disasters and malicious attacks
Outage reporting To be agreed on a contract by contract basis depending on the hosting option taken by the client.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted using assigned business roles and organisational management assignment. Restrictions are contextual (e.g. users can see data relating to them, their team, their territory; managers can see data relating to their team members) and can be restricted at different levels: * Screen access (work centres and views) * Fields can be write/read-only or restricted * Actions (e.g. escalating a ticket, exporting specific data to Excel ) Additionally, page layouts and the model rule editor enable setting attributes including visibility of screen sections or specific fields by business role or data (e.g. hide field "x" for complaint tickets).
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 International Organization for Standardization - TUV RHEINLAND
ISO/IEC 27001 accreditation date 10/10/2018
What the ISO/IEC 27001 doesn’t cover The scope for Genisys Group ISO27001 accreditation is SAP Support, Enhancements and Projects. What is currently out of scope and therefore not included are the following areas Key management – we do not have a policy on the protection of cryptographic keys as we currently do not use these. Working in Secure areas – We currently have no procedures for working in secure areas as Genisys Group do not have any secure area working currently. Restrictions on changes to software packages. All of the above would be reviewed and policies created should they come into scope for Genisys Group
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO 9001:2005

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Genisys Group has a well-defined information security policy that is based on industry best practices ISO/IEC 27001 standard.
Genisys is an ISO 27001 certified company. As per the certification and retention process, ISO audits are conducted every year that includes Privacy, Information Security, Business Continuity, Disaster Recovery, Operations and Technology . The key role of CISO has been established and is headed by the CFO of the organization, the organization has a stated budget to continuously implement policies, procedures and technology to achieve our goal to endeavour to protect our assets and ensure the confidentiality, integrity and availability of our assets by implementing adequate security control measures to safeguard the interests of all our stakeholders. The organization has formed an information security executive council chaired by the CISO and the President of the organization. The council understands the unique set of areas that can be off risk and threats to our technology landscape and is committed to build an organization with necessary resilience. Security Policies, Standards and Procedures emanate from the Information Security Policy which has been approved by the Cyber Security Governance Council.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We align our change management processes to the customer's requirements, however, for internal changes we have a Change advisory Board to review all change requests and approval is only given from the CAB to proceed with any change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach When Security Center identifies one or more supported VMs that are missing a vulnerability assessment solution, it triggers a VM recommendation.
Create a new vulnerability assessment solution for each VM.
Adaptive Threat Protection(ASC) also offers adaptive threat protection which can block malware and other unwanted code by applying application controls. Built and powered by machine learning, this malware protection service uses heuristic-based analysis techniques to defend against sophisticated modern malware attacks.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our Data Centre have a Network Operations centre which continuously monitor our network and communication lines. We also have internal monitoring where we run an average of 5 million tests per month.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We align ourselves to ITIL incident management processes and use SAP CRM toolset for the incident life cycle.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £30 per person per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑