Aqilla Limited

Aqilla Cloud Accounting for Public Sector

Aqilla is a flexible and scalable cloud based accounting solution providing a high level of functionality and delivering true value for money to the public sector.
Utilising an SQL database, it is designed to be accessible from any modern web browser and mobile device without the need for additional software.


  • Combined ledger - All ledgers integrated for instant reconciliation
  • Project Accounting,Inventory control, Expense Management, TimeSheet Recording
  • Powerful integration with MS Excel
  • Graphical SQL query builder for comprehensive web based dashboards
  • Value based workflow
  • Full Purchase To Pay functionality
  • Custom fields enable detailed analysis
  • Comprehensive budgeting capabilities
  • Full commitment accounting
  • RESTful API enables easy integration with 3rd party software


  • Scaleable to meet large data volumes
  • Fast and efficient on-demand analysis
  • Simplified period and year end procedures
  • Streamlines processes via integration
  • Fully integrated solution - no add on costs
  • Simple and flexible subscription model
  • Designed and developed as a fully cloud based service
  • Range of Agile implementation options available
  • Fully compliant with UK accounting and taxation legislation
  • Low cost yet highly functional solution


£12 to £80 per licence per month

Service documents


G-Cloud 11

Service ID

8 5 9 6 7 1 3 7 2 8 0 5 0 4 1


Aqilla Limited

Chris Tredwell


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Excel add-in requires a locally installed version of Microsoft Excel
Sharperlight requires local installation of add-in under Microsoft Windows
System requirements
  • Active internet connection
  • Currently supported web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 Hour Response but normally much quicker in practice
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is available - via our helpdesk - between 9.00am and 5.00pm Monday to Friday every day except public holidays in England & Wales.

We encourage our clients to communicate with us by e-mail in the first instance and we find that most clients prefer to do so. We do of course accept phone calls to our help desk.

All support requests are logged in our CRM and acknowledged within 4 working hours - usually much sooner. According to our records 80% of support requests are resolved during the initial contact and within 4 hours - usually much sooner.

Support requests that need to be escalated from our help desk to second line support are categorised for impact and tracked in the JIRA issue management system and usually resolved within a few days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Aqilla provides training as part of an Agile on-boarding process. We provide an option to deliver end-user training or train the trainer offerings that reduce cost.
Training can be delivered on a one to one or one to many basis.
Online tutorials are also offered as well as comprehensive online help.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Aqilla provides the facility to download all the necessary data to csv to make migration as simple as possible.
End-of-contract process At the end of the contract customers can either elect to continue subscribing to the software or elect to migrate to a new platform. There is no charge for termination of the subscription and users are free to download their existing data for migration to the new system without any barriers. This process can be performed by the client but assistance is offered from Aqilla at our published consultancy rates.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Aqilla is 100% browser based. Mobile users access via device browser.
Service interface No
What users can and can't do using the API Users can Create, Retrieve, Update and Delete specific documents and reference data.
The API requires an API licence.
The API can be accessed via Java or XML document that authenticates with the Aqilla instance. The Java/XML document must have logic to capture exceptions in cases where an error message is issued by Aqilla.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customers can add large amounts of extensible analysis in the form of additional fields, dates and statistical data throughout the system.
The logo and identity can be can be tailored to suit individual organisational and departmental requirements.
Certain entities within the software can be renamed for example Project can be renamed to Cost Centre.


Independence of resources Our advanced, highly scaleable, multi-tenanted architecture is designed to provide automatic and efficient load balancing across all instances running on the Aqilla platform.
This is evidenced by our the 99.99968% platform availability as measured since 1st June 2008.


Service usage metrics Yes
Metrics types Users and session validation
Average session time
Optionally users may choose to make use of the integral data audit function
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Aqilla has class-leading Microsoft Excel integration allowing information to be exported and modified using Excel.
Data can also be downloaded on-demand, to a local volume in CSV, Microsoft Excel or PDF format for import to other systems. Exported data can also be saved to other cloud storage services.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We do not offer guarantees but our service averages 99.99968% availability as measured since 1st June 2008.
The service is available 24 x 7 x 365.
Approach to resilience Our data center has redundant capacity components and multiple independent distribution paths serving the computer equipment. Typically, only one distribution path serves the computer equipment at any time. The site is concurrently maintainable which means that each and every capacity component including elements which are part of the distribution path, can be removed/replaced/serviced on a planned basis without disrupting the ICT capabilities to the End-User. It has protection against most physical events.
Outage reporting Public dashboard, twitter, and public website status announcements.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the platform is only allowed by way of an authenticated browser session or via an authenticated RESTful API session. No direct access to file tables is permitted under any circumstances. Each authenticated session is further governed by a set of configurable user roles and permissions.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Ultima Risk Management Ltd
PCI DSS accreditation date April 16
What the PCI DSS doesn’t cover None
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Aqilla constantly reviews its security policies and personnel profiles to ensure adequate security as a non-negotiable requirement of being in business.
Information security policies and processes Restricted access to detailed technical data is by means of authenticated access to case management and software version control systems. Furthermore configuration control is limited by means of a unique token which is changed frequently and not made available to personnel outside the organisation.
All employees are subject to review in terms of ability and eligibility to work in a restricted environment such as public sector computing.
Regular risk management review exercises are undertaken in all operational areas.

Regular assessment of potential and known third party risks is subject to constant review by the Technical Director and the main Product Architect.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Aqilla utilises JIRA software from Atlassian to manage the entire development lifecycle including configuration, change management, version control, release management. The software is constantly under review to ensure the integrity of the single source code which is used by all customers.

Aqilla adopts a modern Agile development methodology using Scrum principles and as part of our Agile process detailed product specifications are produced and subject to constant review and iteration.

Aqilla also uses Confluence from Atlassian to share information across the development team to aid our Agile development.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Aqilla conducts constant and regular reviews of known and potential vulnerability threats and in-house vulnerability test are carried out by development team

Patches, once fully tested in a clean sandbox environment, which replicates the live platform, can be deployed within hours.
A range of sources including online materials, forums, news feeds and other publications are reviewed regularly to determine any potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach 24 x 365 monitoring is undertaken using a range of tools including the likes of Zabix, Google Analytics and others.
In the first instance the relevant manager responsible for a particular client is contacted and any relevant issue is discussed along with any mitigating circumstances that might explain the matter coming to the attention of the monitoring systems.
If necessary the client is contacted immediately to further understand if there is any specific reason for the alert being generated.
Incident management type Supplier-defined controls
Incident management approach Not really relevant to a platform such as that used by Aqilla but all support queries and incidents when reported are fully documented in the case management section of our customer relationship management system which is constantly monitored and tracked, with alerts being provided to senior managers of the company.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £12 to £80 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑