Agilyx UK Ltd

Unit4 Business World Cloud Services

The Agilyx Cloud Service provides a complete technically-managed solution for Unit4 Business World in the cloud. This end-to-end service includes infrastructure, hardware, system software, monitoring, management and maintenance of the entire solution, including back-ups, disaster recovery and software updates.


  • Real-time reporting
  • Secure internet connections (HTTPS) access to Business World
  • Production and non-production environments with separate databases for data
  • Comprehensive integration options
  • Fully scalable infrastructure
  • Firewalls, anti-virus and access controls
  • Continuous monitoring covering servers, services and applications
  • Disaster recovery in a physically separate secondary site
  • Customer Portal
  • Unlimited transactional database storage and large allowance for document storage


  • Information will always be up to date
  • 24x7 access from any location or device
  • Rapid deployment of software, allowing project objectives to be sooner
  • Provide consistent processes
  • System supported real time reporting


£260 to £376 per user per year

Service documents

G-Cloud 10


Agilyx UK Ltd

Andrea Williams

+44 1628 637059

Service scope

Service scope
Service constraints Planned Maintenance is currently carried out within the Maintenance Window defined below. The Service may be unavailable during these periods. Planned Maintenance windows are subject to change and Agilyx will give the customer reasonable notice of any change.

Last Saturday of the month

Saturday 18:00 – Sunday 00:00
System requirements
  • Windows Server 2012 x64
  • Windows Server 2016 x64
  • Microsoft SQL Server 2012 x64
  • Microsoft SQL Server 2014 x64
  • Microsoft SQL Server 2016 x64
  • Oracle 11.2 x64
  • Oracle 12 x64

User support

User support
Email or online ticketing support Email or online ticketing
Support response times When you log an issue, both the Agilyx Support Analyst, and you will assess and agree on its priority level, based on its impact on your business: Priority 1 – Critical: Agilyx Customer Experience (Tier 2 Support) will provide an initial response within 2 business hours. Priority 2 – Major: Agilyx Support Team (Tier 2 support) will provide an initial response within 8 business hours. Priority 3 – Normal: Agilyx Support Team will provide an initial response within 24 business hours. Priority 4 – Minor: Agilyx Support Team (Tier 2 support) will provide an initial response within 5 business days.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As a part of the subscription, Agilyx provides users access to the following tier based support model: Tier 1 Support: Customer & Agilyx Super Users - Customer Business World Super Users act as the first-line of internal support and as the primary point of contact with the Agilyx Customer Service Team. Tier 2 Support: Agilyx Customer Experience - The Agilyx Customer Service Team acts as the second level of support and works closely with both customer Super User(s) and the Agilyx Account Manager. Tier 3 Support: Unit4 Support - Unit4 acts to resolve any technical issues with the software that are not otherwise resolvable by Tier 2 Support or that require specialised developer knowledge of Unit4 software to resolve. Agilyx Account Manager - The Account Manager will be available to assist AustralianSuper to fully realise potential of Business World. The Account Manager will provide consistent, personal, and proactive communication and be a conduit to Agilyx management wherever required. Agilyx can also offer Extended Support Services at an additional cost. This includes Extended Support, Technical and Reporting, Advisory, System Administration and Database and Network Infrastructure services.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started A holistic training approach will be used to build end user understanding and skills. A blended approach will tailor training based on system access roles and the needs of each audience group. It will provide content that is not only used in training but can also be used for ongoing support and reference. Create Training Strategy - specification, by impacted group, of the objectives and scope of what should be learned and what end users should be capable of after training Develop & Pilot Training Materials - Some groups may prefer face to face training, courses will also need to be completable online (both facilitated and self-paced) to suit learning needs of attendees and to enable completion at times to suit availability of participants. Conduct Train the Trainer - Enable classroom training at go-live, post go-live support and ongoing business as usual training post project Conduct Training Delivery - e-Learning; classroom based sessions; one-one-one group sessions; and on-the-job training. Post Go-Live User Support - The training and support materials developed to support end-user training can also be leveraged to provide support to end users, trainers and super users as they start to user the new system and processes.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The Agilyx Cloud Service will deliver several unique capabilities Portability: The customer-specific data-schema provides the ability to take the entire application from on premise to the cloud – or from one cloud to a different cloud. Transparency: The Azure cloud platform is built on the premise that for you to control your own customer data in the cloud, you require visibility into that data. You must know where it is stored. Microsoft Azure regularly undertakes third-party audits (i.e British Standards Institute) that confirm set standards are met. A 90 day ‘retention period’ upon termination to extract data or renew your subscription
End-of-contract process A 90 day ‘retention period’ upon termination of the contract to extract data or renew your subscription. Our plan includes: Planning and staging actions; Assignment of customer actions and creation of responsibility management matrix; Communications and reporting initiatives; the transfer of functions to customer or its Nominated Service Provider(s) over the Disengagement Period; data cleansing and/or data migration services needed to transfer the Service Data stored in the Solution to a replacement solution provided or Nominated Service Provider(s); the transfer to of all backup media used to stored Service Data backed up from the Solution; the transfer of Personnel to customer or its Nominated Service Provider(s); the assignment or novation of contracts to customer and or Nominated Service Provider(s); and The provision of Service Documentation and Service Data as required; Demobilisation actions

Using the service

Using the service
Web browser interface Yes
Using the web interface 1.1. Interfaces
Sharing data with external systems is available in the Agilyx Cloud Solution by one of the following methods:
1.    Interfaces using Unit4 Web Services (XML based via HTTPS)
2.    Interfaces using standard export files generated by Unit4 Business World server processes
3.    Interfaces using export files created by customer report templates against standard Server Processes
4.    Customisation and bespoke routines
Shared folder access is restricted to nominated administrative users i.e.  Data Import, Data Export, Report Results, Server Logging. The ‘Customised reports’ folder is only accessible in a non-production environment.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing WAI – ARIA Web Accessibility Initiative - Accessible Rich Internet Applications are various techniques for making web pages and RIAs accessible to everyone. WAI-ARIA makes it possible to: • Describe control types (menu, button, tree) • Describing the structure of the page (header, regions, tables) • Describing the state of an element (checked, has popups) • Define areas that can be updated dynamically • Define areas that are used for drag-and-drop WAI-ARIA supports engineers ensuring that assistive technologies can use this information to better inform the user about the screen content and how it works.
What users can and can't do using the API Our Cloud solution provides comprehensive integration solutions, including the use of Business World API's
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats Open API (also known as Swagger)
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Users can purchase a private cloud system, which provides a physical seperation, rather than a virutal seperation that is provided on a shared cloud system. In their private cloud system they will be completly uneffected by anything others are doing.
Usage notifications No


Infrastructure or application metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Unit4

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
  • Settings
  • Users
  • Media
Backup controls Backup and Restoration Services
A comprehensive backup service is provided allowing for the following:

Forgiveness restore – A full database restore.
Disaster Recovery
Obtaining an offsite copy of data
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Other
Other protection within supplier network Microsoft Azure’s infrastructure is second to none in terms of physical and electronic security, and it adheres to industry standards such as ISO 27001, SOC 1 & 2, PCI DSS and many more.

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability (Defined as ability for the customer to reach the Unit4 Business World login page) is 99.95% Our standard SLA does not include compensation for availability breaches.
Approach to resilience Network, Database and Application Security All traffic is secured using industry standard protocols such as SSL and HTTPS Authentication systems in place at Network, database and application layers Stateful Firewall technology ensuring only legitimate data enters the network Each customer/Environment has its own secure SQL database. Customer’s data is never inadvertently shared by others Application n-tier architecture ensures interfaces are separate to the underlying business logic and database tiers User/Role based access within the application allows for granular permissions to be managed by the customer directly Data Control based on user/role based access, allows for securing of information at the data layer and is managed by the customer directly Idle disconnect ensures protection of data from sessions left open inadvertently
Outage reporting We put all outages on StatusPage ( We give access to customers and they can check the status in real time as well as enable email alerts if they choose.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Authentication systems in place at network, database and application layers

Stateful Firewall technology ensuring only legitimate data enters the network

Each customer has its own secure SQL database

Customer’s data is never inadvertently shared

Application n-tier architecture ensures interfaces are separate to the underlying business logic and database tiers

User/Role based access within the application allows for granular permissions to be managed by the customer directly

Data Control based on user/role based access, allows for securing of information at the data layer and is managed by the customer directly

Idle disconnect ensures protection of data from sessions left open inadvertently
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 2015
What the ISO/IEC 27001 doesn’t cover Sales and Marketing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As a trusted provider of services Agilyx is committed to ensuring an appropriate level of security is applied to protect the confidentiality, integrity and availability of its information, including its customers’ valuable information. To achieve this, Agilyx is Information Security Management System (ISMS) certified across all business activities, in accordance with the International Standard ISO 27001:2013. The Agilyx ISMS is implemented, continuously monitored and reviewed to ensure it satisfies the company and customers’ requirements, and to achieve the following Information Security Objectives: Ensure that the resources needed for the information security management system are available Comply with applicable legislation and contractual obligations Maintain the confidentiality, integrity and availability of staff and customers’ confidential information, by implementing the approved security controls across all IT systems and business processes Respect the customers SLA, by ensuring the availability of different information resources needed by various business activities Ensure that the information security management system is continuously improved to achieves its intended outcomes Promote a culture of innovation in managing Information Security within Agilyx Group

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Agilyx uses promapp a business process management tool to track and maintain change management throughout their lieftime, and uses Jira to seamlessly identify, categorise, prioritise and manage issues inherent in both the planning and upgrade phases. The use of Jira leverages the power of our subject matter experts to aggregate and manage the resolution of issues with complete visibility to the project team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability testing is conducted regularly by the Agilyx Cloud Service team ensuring known vulnerabilities are assessed and addressed accordingly. Agilyx engages a third party to conduct penetration testing on our information system to ensure our networks are kept secure and up to date. Any risks will be discussed within a dedicated Security Committee and logged to the vulnerability management register. The committee will then manage the implementation of mitigation actions within the appropriate teams. Agilyx does not publish audit reports and security test results externally.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Agilyx maintains a 24x7 monitoring program to detect and resolve infrastructure and application issues. The following monitoring is maintained:
Infrastructure Monitoring (Level 1)
Hardware availability (Servers, disk, Networking and other physical components) Application Monitoring (Level 2)
Hardware utilisation (CPU, Memory, I/O, Network traffic) • Application services
Event Logs (Operating System, Application, Systems and Security)
Database performance (CPU, Query Time, Locks, Batch requests) Level 1 High Priority alerts are responded to by the Data Centre Operations team 24x7.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Communication should include enough details about the incident, impact and response plan

- Nature of the incident,

- Impacted system(s),

- Impact on the other party (if any),

- Actions required from the other party (if any) and

- High –level response plan and timelines

The other party has to acknowledge the received communication, provide any requested information/data that helps with the investigation and response plans. Where applicable provide feedback and progress with any actions taken/required from their side. Need to clearly communicate any requirements from their side that need to be considered in the incident management and response plan.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Our model, which is comparable to many other industry standard SaaS delivery models, provides software based on a shared, one-to-many infrastructure model with logical (software-based) divisions separating each customer’s data and deployment of Business World. This is achieved through virtualisation and we refer to the approach as the dedicated ‘shared cloud’.
There is also the option of pursuing a dedicated ‘private cloud’ delivery model, which will provide a physical division of resources. This approach is significantly more expensive but is nevertheless available if Inland Revenue has a requirement for it.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £260 to £376 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑