Sage X3 Hosted ERP Software: Finance, Purchase & Inventory Control, Customer Services and Reporting

Hosted on Microsoft Azure, Sage X3 delivers comprehensive business management covering; finance, budget management, supply chain, inventory control, warehousing, manufacturing and reporting . Sage X3 has over 50 industry-specific add-on solutions.

Be faster, more intuitive and work in a tailored deployment, online.

Sage X3 delivers flexible capacity, configuration and customisation.


  • Designed to make product centric business thrive
  • Cloud based, robust and scalable: from 4 users and up
  • Manage complex contractual relationships across the value chain
  • Manage resources and assets, whether staff, sub-contractors, stock or equipment
  • Plan and execute across multiple locations on one central system
  • Use from any web enabled device
  • Inbuilt workflow and automation
  • Comprehensive and powerful financial and business data management
  • Project, Supply Chain & Quality Management options
  • Integrated data analytics and visualisation tools


  • Maintain regulatory compliance. Meet fiscal and financial reporting requirements
  • Optimise employees with secure online availability; anytime, anywhere
  • Tailor Sage X3 to business process needs for greater efficiencies
  • Rapid deployment. Finance from 35 days+ & Manufacturing 85 days+
  • Full purchasing Delegation of Authority to control spending against budget
  • Simplify stock and stores management with integrated bar code scanning
  • Full inter-company transaction management to reduce rekeying.
  • Improve customer service (internal and external) through insightful data reporting
  • Scan supplier invoices and auto process matching and approval
  • Reduce time on tedious tasks by utilising the Workflow automation


£295.00 to £895.00 a user a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.tucker@x3consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 6 5 6 7 4 8 9 8 8 0 8 1 4 7


Telephone: 08450943885
Email: nick.tucker@x3consulting.com

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Refer to Service Delivery documentation
System requirements
  • Compatible with MAC and Windows operating systems
  • Compatible with most handheld/mobile devices. Check on application for list
  • Internet connectivity required for device access
  • Integrated VPN user access can be supported. Check on application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please refer to the Service Description document for Support SLA details
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Please refer to our Service Description for details on the SLA's for support
Support available to third parties

Onboarding and offboarding

Getting started
Product deployment requires a review of functional needs to properly tune the application to deliver the required outputs from the required inputs. Scoping is provided (onsite or remote) together with full support through testing, training and deployment to a live environment. Standard user documentation is available and can be tailored to suit the exact needs of the project. Project management is integral to the whole project delivery process along with data migration (where needed), report design and ongoing application support. Full system documentation defining standard delivered functionality is provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The core financial data is capable of being retrieved using Microsoft SQL query tools to form a SQL dataset containing all relevant information relating to the accounting period(s) covered.

Sage X3 application tables are accessible using common reporting tools such as PowerPlay or Excel for key data retrieval by non-technical users.

Depending on the modules in use and any additional "add-on" applications selected the extraction of data may result in more than one dataset being produced.
End-of-contract process
At the end of the contract the user has the option to obtain a SQL copy of the data generated during the lifetime of the contract or renew for a further period of use for continued access/regulatory compliance.

There are no additional costs in providing a SQL copy of the data on completion of the contract, which will be structured as per the application and require the user to either access it using an alternative Sage X3 software or reporting tools like Excel or PowerPlay.

Additional costs will be incurred for the management of the data into a set format at the request of the end user such as for the purposes of import to another ERP application.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Screens on the mobile use are simplified versions of the full application. Standard functionality on the full application is present on the mobile app.
Service interface
What users can and can't do using the API
Subject to the hosting method chosen integration using API's is possible with Sage X3 and 3rd party software in asynchronous and synchronous mode. API integration is available in REST and SOAP format. API development is normally the purview of the delivery partner until such time as training or knowledge transfer has occurred to the appropriate in-house technical resources if that is required. API documentation defines the extent of use for each API relevant to the chosen application. A sandbox environment can be made available as part of the overall deployment if required, additional costs may apply.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Throughout the implementation stage, elements of the service can be tailored to suit the specific requirements of the process being mapped. Sage X3 can be deployed in two ways.

The first is FASTSTART mode which minimises configuration and has no scope for customisation. This delivers a rapid go-live.

STANDARD implementation is a configure to order project process based on an initial business analysis review. An agile approach can be taken to modify and refine the requirements through the Build phase.

Users with the appropriate training or consultants supplied as part of the implementation delivery can customise elements of the core service application.

It is possible to customise the application post go-live.


Independence of resources
Assets are deployed in line with vendor recommendations and applied to each individual customer install. Assets can be increased to improve performance (for additional cost) where for example the customer has unusually large transaction or data volumes. Over-utilisation by other customers doesn't impact the performance experience as the assets provided are a dedicated minimum level specific for your instance.


Service usage metrics
Metrics types
We provide information on overall system uptime & performance metrics along with Sage user metrics such as total login events, average length of login, last login etc.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Sage & Microsoft Azure

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
For further details on protection of data at rest please refer to the Microsoft published materials for Azure:

as well as

Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported using SQL tools (where permissions are granted) or using Microsoft Excel where the data can be retrieved in Excel or CSV format.
Data export formats
  • CSV
  • Other
Other data export formats
Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
Microsoft Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Several options for implementation of protection between networks exist and are described in the Services Guide. Some may incur additional charges. Please refer to this document.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Microsoft Azure Storage and Azure SQL Database encrypt data at rest by default. Options are described in the Services Document of the additional data protection services that are available. Note some forms of protection may attract additional charges.

Availability and resilience

Guaranteed availability
Refer to the Microsoft Azure Terms of Licensing which can be found here:- http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience
Details on the datacenter structure and performance can be found here: https://azure.microsoft.com/en-gb/global-infrastructure within which can be found details on the Azure global and regional data centres including the UK South (London) and UK West (Cardiff) data centres.

Further information regarding security and resilience can be found here: https://www.microsoft.com/en-gb/TrustCenter/
Outage reporting
A public dashboard can be found here:

Specific individual reporting is available via the portal (login required): https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade/serviceIssues

Email alerts can be configured in agreement with the customer subject to notification policies of the customer on recipient emails from 3rd party automated services.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Support access is provided using the same credential requirements as that of a customer user. Interface to the applications is via secure and expiring token access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Schellman & Company, LLC
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
UK Service provider interaction with the Microsoft Azure platform.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
UK Service provider interaction with the Microsoft Azure platform.
PCI certification
Who accredited the PCI DSS certification
Schellman & Company, LLC
PCI DSS accreditation date
What the PCI DSS doesn’t cover
UK Service provider interaction with the Microsoft Azure platform. Sage X3 API interaction with Microsoft Azure PCI services.
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
See Security Management in the Services Guide. Microsoft Azure security is explained in more detail here https://docs.microsoft.com/en-gb/azure/security/fundamentals/overview

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
On public cloud/hosted we have an audit service monitoring the application configuration which reports on changes to the setup, configuration and parameter settings of the operating, application and database layers.
Private Cloud complies with recognised asset controls in line with datacenter management principles
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Relevant vendor patches are applied at the earliest point of release in a structure manner. Threats are assessed based on the type of hosting utilised whereby ownership of the threat spectrum rests with the private cloud supplier in the first instance (AWS for example). In Public/Hosted environments this is covered with the managed service SLA's. Threat assessments come from the AV vendor, Sage and the hosting partners.
Protective monitoring type
Protective monitoring approach
Applicable to private cloud hosting. Public/Hosted application are supplier monitored using industry standard procedures relevant to the type of hosting and choice of platform as part of the managed service delivery.
Incident management type
Incident management approach
Incidents are managed using a web based application to record instances of issues and problems. A service level agreement provides for response times and the incidents are managed on a daily basis for review and update. Reports are provided using a self service ticket portal for authorised support users.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£295.00 to £895.00 a user a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.tucker@x3consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.