Agiloft Inc

Agile Contract Management Suite

Winner of “Editors' Choice” award by PC Magazine. Automate the complete contract life-cycle, streamline approvals and integrate contract information with related business processes. Automatic notifications, one-click email approvals and configurable business rules keep your organization running smoothly. Find any contract or clause instantly with full text search of contracts/attached files.

Features

  • Clause library for contract creation
  • Automated document comparison and redlining
  • PDF and Word print templates
  • OCR and full text search of database and attached files
  • Management dashboards with Excel integration
  • Document revision control, check-in/check-out and versioning
  • E-signature integration with DocuSign and Adobe Sign
  • Graphical workflow editor
  • Audit logs and regulatory compliance
  • REST/Web Service APIs, Python/Perl scripting, Export/Import

Benefits

  • Create an entire custom contract with a single mouse click
  • Capture all changes to your documents, and view redlined edits
  • Auto-generate and email PDF contracts from Word templates
  • Instantly find text in the database or an attached file
  • Gain actionable insight into contract costs, renewals, and revenues
  • Manage access and changes to documents
  • Legally compliant eSignature eliminates the time/cost of physical signatures
  • Automate even the most complex approval processes
  • Ensure regulatory compliance with a full audit trail
  • Integrate with any external system and custom processes

Pricing

£52.50 to £97 per licence per month

Service documents

G-Cloud 9

630431850940148

Agiloft Inc

May Quock

1-650-587-8615

gcloud@agiloft.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Modern browser: IE 9+ Firefox 3+ Safari 2+ Chrome 1+
  • Windows/Mac/Linux/Unix-based Operating system

User support

User support
Email or online ticketing support Email or online ticketing
Support response times System down: System inoperable for any reason
Response time: 15 minutes

Critical: Major program function that affects customers
Response time: 60 minutes

High: Program function affected by software error, resulting in diminished productivity.
Response time: 8 hours

Medium: Desired new functionality not working as expected, or problem occurs that is not readily reproducible, or workaround has been provided.
Response time: 2 days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Free Support - respond to all bug reports and provide 24/7 access to our online knowledgebase of FAQs

Standard Support Package - upgrades and enhancements, telephone support available, and everything included in free support. Support package pricing is included with standard annual license fee.

Premium Support Package - includes everything in the Free and Standard Support Package. Telephone support available 24 hours a day, 7 days a week, 365 days a year for critical and system down issues, A designated customer support representative, along with priority phone queue and case routing, System Health Check to optimize system performance and user experience. The Premium Support Package is $5,000 plus 25% of the annual license fee.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide free self-paced online admin level training, complete with videos, quizzes, and training slides.
User documentation is provided through a wiki.
Our Professional Services team provides specialized admin, staff, and end user training based on requirements and use cases.
Onsite training is also available
Full documentation on client's system
-Admin handover session to ensure a smooth transfer

-Data import functionality including live and active data
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • PowerPoint
  • Instructional videos
End-of-contract data extraction Data can be exported directly from Agiloft into standard formats such as Excel, XML or tab delimited files. In addition, data may be extract through the API or SQL queries.
End-of-contract process When a contract ends, the client is sent an invoice for renewal of their licensing and support services, which they may pay if they wish to renew these services, and ignore if they do not. Failure to pay a renewal invoice is assumed to indicate a desire to terminate the agreement at the end of the contract. Terminated hosted service knowledgebases are retained for thirty days after expiration of contract, and then deleted. The client may export their data from the knowledgebase in part or full at any time until this deadline is reached.

The final price of the system includes the cost of all software licenses for the system (named or floating), the cost of support and upgrades for the system as a whole, as well as the one-time cost of services incurred during the implementation process. These include initial build-out and customization of the system, assistance with importing any legacy contracts or data into the system, and all necessary training services decided upon by the client. Additional costs include any out-of-scope work during implementation, post-implementation configuration assistance with other modules, additional licenses, or other optional services such as dedicated servers, the extended enterprise license, or additional storage packages.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Layout of mobile interface varies slightly for optimized experience. Mobile and desktop service provide same functionality.
Accessibility standards WCAG 2.0 A
Accessibility testing We have had our system tested for accessibility by an outside agency for compliance with WCAG standard.
API Yes
What users can and can't do using the API Users have access to the full set of Agiloft features through our REST and SOAP APIs. We use these APIs ourselves for Agiloft. Users can create, modify, read, search, and delete any records in our system through our API.

In addition, we support scripting in Python and Perl
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation As noted by PC Magazine at http://www.pcmag.com/article2/0,2817,2488136,00.asp, Agiloft "is the most customizable contract management system".

Everything can be customized because our agile no-code platform is included with the product. So it is possible to create not just custom fields, but custom tables, workflows and business rules to create entire modules. Naturally the look and feel and color is also customizable and the entire product can be custom-branded.

Our agile platform allows the deep customization described above, to be done using just a browser, without any manual coding. And customization is fast - as one user reviewer remarked "It's always great to be in a meeting discussing new feature and functions that people would like to see and have them implemented within hours of the discussion."

We provide a free online admin training course, so users with admin credentials can customize the system after a week of training.

Scaling

Scaling
Independence of resources We offer dedicated servers for customers who require an absolute guarantee that no other company can affect their service.

Our shared servers are provisioned so the average load and utilization of resources such as CPU and I/O capacity does not exceed 25% during peak business hours.

Analytics

Analytics
Service usage metrics Yes
Metrics types All data within the system is tracked and users can create reports on any data that is desired. Every action is recorded with history for audit purposes.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Agiloft has API and integration functionality allowing the export of data.
Agiloft also has a built-in data export wizard. Users can export their data in a variety of formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel '97 spreadsheet (.xls)
  • Excel '07 spreadsheet (.xlsx)
  • XML file
  • JSON file
  • Tab-delimited text
  • Agiloft KB file
  • TXT file
Data import formats
  • CSV
  • Other
Other data import formats
  • XML file
  • Excel spreadsheet
  • .TGZ file with multiple text files/attachments
  • Tab-delimited text
  • Salesforce data
  • Other text file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability As part of the Hosted Service, we will take all reasonable measures to keep uptime at or above 99.9% (ninetynine and nine tenths percent). If, due to our error, our hosted servers are down more than .1% (one tenth of one percent) in a given month, you will be entitled to receive a 50% (fifty percent) credit for that month. If, due to our error, our hosted servers are down more than .5% (one half of one percent) in a given month, you will be entitled to receive a 100% (one hundred percent) credit for that month.
Approach to resilience Agiloft provides multiple levels of redundancy to guarantee resilience. In addition to the native redundancy provided by AWS, we use RAID SSD hard drives and the entire server is replicated in real time to a redundant server.

We also create automated snapshots of the redundant server every four hours and auto-check them for integrity.

Further details are available on request.
Outage reporting In addition to API access, we provide proactive notifications through email alerts and optionally SMS alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The overall Data Security architecture, policies and procedures are based on the CSA Enterprise Architecture. Coding standards and inspections are based on the CERT Secure Coding Standard for Java and use of the OWASP Enterprise Security API. Data input and output integrity routines are implemented at the server API level so they cannot be bypassed by hacking the GUI. Further, the Agiloft software allows the tenant system administrator to define custom rules for data validation.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 23/10/2015
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover None
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • TRUSTe Enterprise Privacy Certification
  • Audited and approved for use by US Air Force

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Standard Best Practices, as recommended by ISO/IEC 27002.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Full audit log of changes, plus MACs, request/approval process by asset, and restriction of access.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach In addition to notifications from our vendors, we monitor a variety of infosec distribution groups, vulnerability information research companies, and exploit awareness initiatives. We have a dedicated security officer on our system administration team and relevant patches are applied immediately after compatibility testing, typically within a week of being made available. In case of a significant zero-day vulnerability, we can push a patch out to all affected servers in a matter of minutes through service automation.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We proactively monitor system health through products such as Tripwire. In addition, we continually monitor system activity and network traffic and auto-respond to suspicious activity.

We close any potential compromise, investigate and notify customers of any findings.

The response time depends upon the incident. Automated systems shut down IP access in response to suspicious activity in a matter of microseconds, while an incident that required manual investigation might take a few hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We manage incidents through pre-defined workflows and escalation processes through standard events.

Users may report through our 24/7 emergency response line or web portal

We provide incident reports via email, with phone follow-up where required.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £52.50 to £97 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial -Standard functionality included
-Must log in at least once every 30 days otherwise free version expires
-Limited free support
-5 staff users and 5 end users limit
-48 hour rules limit
Link to free trial https://www.agiloft.com/free-trial.htm

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑