Winner of “Editors' Choice” award by PC Magazine. Automate the complete contract life-cycle, streamline approvals and integrate contract information with related business processes. Automatic notifications, one-click email approvals and configurable business rules keep your organization running smoothly. Find any contract or clause instantly with full text search of contracts/attached files.
- Clause library for contract creation
- Automated document comparison and redlining
- PDF and Word print templates
- OCR and full text search of database and attached files
- Management dashboards with Excel integration
- Document revision control, check-in/check-out and versioning
- E-signature integration with DocuSign and Adobe Sign
- Graphical workflow editor
- Audit logs and regulatory compliance
- REST/Web Service APIs, Python/Perl scripting, Export/Import
- Create an entire custom contract with a single mouse click
- Capture all changes to your documents, and view redlined edits
- Auto-generate and email PDF contracts from Word templates
- Instantly find text in the database or an attached file
- Gain actionable insight into contract costs, renewals, and revenues
- Manage access and changes to documents
- Legally compliant eSignature eliminates the time/cost of physical signatures
- Automate even the most complex approval processes
- Ensure regulatory compliance with a full audit trail
- Integrate with any external system and custom processes
£52.50 to £97 per licence per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
System down: System inoperable for any reason
Response time: 15 minutes
Critical: Major program function that affects customers
Response time: 60 minutes
High: Program function affected by software error, resulting in diminished productivity.
Response time: 8 hours
Medium: Desired new functionality not working as expected, or problem occurs that is not readily reproducible, or workaround has been provided.
Response time: 2 days
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.0 A|
|Web chat accessibility testing||None|
|Onsite support||Yes, at extra cost|
Free Support - respond to all bug reports and provide 24/7 access to our online knowledgebase of FAQs
Standard Support Package - upgrades and enhancements, telephone support available, and everything included in free support. Support package pricing is included with standard annual license fee.
Premium Support Package - includes everything in the Free and Standard Support Package. Telephone support available 24 hours a day, 7 days a week, 365 days a year for critical and system down issues, A designated customer support representative, along with priority phone queue and case routing, System Health Check to optimize system performance and user experience. The Premium Support Package is $5,000 plus 25% of the annual license fee.
|Support available to third parties||Yes|
Onboarding and offboarding
We provide free self-paced online admin level training, complete with videos, quizzes, and training slides.
User documentation is provided through a wiki.
Our Professional Services team provides specialized admin, staff, and end user training based on requirements and use cases.
Onsite training is also available
Full documentation on client's system
-Admin handover session to ensure a smooth transfer
-Data import functionality including live and active data
|Other documentation formats||
|End-of-contract data extraction||Data can be exported directly from Agiloft into standard formats such as Excel, XML or tab delimited files. In addition, data may be extract through the API or SQL queries.|
When a contract ends, the client is sent an invoice for renewal of their licensing and support services, which they may pay if they wish to renew these services, and ignore if they do not. Failure to pay a renewal invoice is assumed to indicate a desire to terminate the agreement at the end of the contract. Terminated hosted service knowledgebases are retained for thirty days after expiration of contract, and then deleted. The client may export their data from the knowledgebase in part or full at any time until this deadline is reached.
The final price of the system includes the cost of all software licenses for the system (named or floating), the cost of support and upgrades for the system as a whole, as well as the one-time cost of services incurred during the implementation process. These include initial build-out and customization of the system, assistance with importing any legacy contracts or data into the system, and all necessary training services decided upon by the client. Additional costs include any out-of-scope work during implementation, post-implementation configuration assistance with other modules, additional licenses, or other optional services such as dedicated servers, the extended enterprise license, or additional storage packages.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Layout of mobile interface varies slightly for optimized experience. Mobile and desktop service provide same functionality.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||We have had our system tested for accessibility by an outside agency for compliance with WCAG standard.|
|What users can and can't do using the API||
Users have access to the full set of Agiloft features through our REST and SOAP APIs. We use these APIs ourselves for Agiloft. Users can create, modify, read, search, and delete any records in our system through our API.
In addition, we support scripting in Python and Perl
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
As noted by PC Magazine at http://www.pcmag.com/article2/0,2817,2488136,00.asp, Agiloft "is the most customizable contract management system".
Everything can be customized because our agile no-code platform is included with the product. So it is possible to create not just custom fields, but custom tables, workflows and business rules to create entire modules. Naturally the look and feel and color is also customizable and the entire product can be custom-branded.
Our agile platform allows the deep customization described above, to be done using just a browser, without any manual coding. And customization is fast - as one user reviewer remarked "It's always great to be in a meeting discussing new feature and functions that people would like to see and have them implemented within hours of the discussion."
We provide a free online admin training course, so users with admin credentials can customize the system after a week of training.
|Independence of resources||
We offer dedicated servers for customers who require an absolute guarantee that no other company can affect their service.
Our shared servers are provisioned so the average load and utilization of resources such as CPU and I/O capacity does not exceed 25% during peak business hours.
|Service usage metrics||Yes|
|Metrics types||All data within the system is tracked and users can create reports on any data that is desired. Every action is recorded with history for audit purposes.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Agiloft has API and integration functionality allowing the export of data.
Agiloft also has a built-in data export wizard. Users can export their data in a variety of formats.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||As part of the Hosted Service, we will take all reasonable measures to keep uptime at or above 99.9% (ninetynine and nine tenths percent). If, due to our error, our hosted servers are down more than .1% (one tenth of one percent) in a given month, you will be entitled to receive a 50% (fifty percent) credit for that month. If, due to our error, our hosted servers are down more than .5% (one half of one percent) in a given month, you will be entitled to receive a 100% (one hundred percent) credit for that month.|
|Approach to resilience||
Agiloft provides multiple levels of redundancy to guarantee resilience. In addition to the native redundancy provided by AWS, we use RAID SSD hard drives and the entire server is replicated in real time to a redundant server.
We also create automated snapshots of the redundant server every four hours and auto-check them for integrity.
Further details are available on request.
|Outage reporting||In addition to API access, we provide proactive notifications through email alerts and optionally SMS alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The overall Data Security architecture, policies and procedures are based on the CSA Enterprise Architecture. Coding standards and inspections are based on the CERT Secure Coding Standard for Java and use of the OWASP Enterprise Security API. Data input and output integrity routines are implemented at the server API level so they cannot be bypassed by hacking the GUI. Further, the Agiloft software allows the tenant system administrator to define custom rules for data validation.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||23/10/2015|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||None|
|Other security accreditations||Yes|
|Any other security accreditations||
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Standard Best Practices, as recommended by ISO/IEC 27002.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Full audit log of changes, plus MACs, request/approval process by asset, and restriction of access.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||In addition to notifications from our vendors, we monitor a variety of infosec distribution groups, vulnerability information research companies, and exploit awareness initiatives. We have a dedicated security officer on our system administration team and relevant patches are applied immediately after compatibility testing, typically within a week of being made available. In case of a significant zero-day vulnerability, we can push a patch out to all affected servers in a matter of minutes through service automation.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
We proactively monitor system health through products such as Tripwire. In addition, we continually monitor system activity and network traffic and auto-respond to suspicious activity.
We close any potential compromise, investigate and notify customers of any findings.
The response time depends upon the incident. Automated systems shut down IP access in response to suspicious activity in a matter of microseconds, while an incident that required manual investigation might take a few hours.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
We manage incidents through pre-defined workflows and escalation processes through standard events.
Users may report through our 24/7 emergency response line or web portal
We provide incident reports via email, with phone follow-up where required.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£52.50 to £97 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
-Standard functionality included
-Must log in at least once every 30 days otherwise free version expires
-Limited free support
-5 staff users and 5 end users limit
-48 hour rules limit
|Link to free trial||https://www.agiloft.com/free-trial.htm|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|