1 Cloud Consultants

Zoho Books

Zoho Books is your easy-to-use online accounting software. It streamlines all your transactions efficiently and automates recurring transactions, saving you time. Making and collecting payments are effortless with the integration of banks and payment gateways. With Zoho Books, you can stay up-to-date on your business finance and make informed decisions.


  • Track Sales Transactions
  • Track purchases from Vendors
  • Integrate your Bank with Zoho Books
  • Tack inventory for your items
  • Keep a record of all your customers and vendors
  • Zoho Books provides you with 60+ reports
  • Timesheet allows you to log time and create transactions
  • Automation allows you to automate repetitive tasks
  • Zoho Books is highly customisable
  • Zoho Books is compliant to local tax laws


  • End to end accounting
  • Get paid faster using payment gateways
  • Collaborate using Client Portal
  • Track Inventory
  • Insightful Reports
  • Powerful Integrations
  • Accounting on the go with a mobile app
  • Completely Secure with 256 bit SSL Encryption
  • Flexible pricing, with monthly or annual options
  • Controlled User access


£60 per instance per year

Service documents

G-Cloud 11


1 Cloud Consultants

Bill Quinn

0117 313 7600


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Zoho CRM, Zoho Analytics, Zoho Finance Suite, 18,000+ Bank Integrations, Payment Gateways Integrations, Other Cloud solutions that have an API (Application Programming Interface)
Cloud deployment model Public cloud
Service constraints Browser Requirements:
Zoho Books supports the following browsers:
Edge 14 and above
Firefox 39 and above
Chrome 42 and above
Safari 10.1 and above
iOS Safari 10.3 and above
Other requirements
Enable JavaScript
Enable Cookies
Install Spreadsheet Viewer (optional)
Install Acrobat Reader (optional)

Mobile Application requirements:
iOS - Requires iOS 10.0 or later. Compatible with iPhone, iPad and iPod touch.
Android - Requires Android version 4.1 and above.
System requirements
  • Edge 14 and above
  • Firefox 39 and above
  • Chrome 42 and above
  • Safari 10.1 and above
  • Enable JavaScript
  • Enable Cookies

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within one working day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Zoho offers a basic level of support by phone and email, typically 1 working day response. 0900 to 1800 Monday to Friday UK time.

1 Cloud Consultants can offer enhanced support depending on the customer requirements. These include shorter response times, SLA, Technical Account Manager, Cloud Support engineer as required. All Tickets raised with 1 Cloud Consultants can be tracked via an online portal.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started 1 Cloud Consultants can provide training (onsite or remotely), customisation, and ongoing support as required and defined by the customer. If documentation is required this can also be provided.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction The users can extract their data with the help of data back up or export option as the data is available to them in read-only after they downgrade from the paid plan.
End-of-contract process We reserve the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days. In the event of such a termination, all data associated with such user account will be deleted. We will provide you prior notice of such termination and option to back-up your data. The data deletion policy may be implemented with respect to any or all of the services. Each service will be considered as an independent and separate service for calculating the period of inactivity. In other words, activity in one of the services is not sufficient to keep your user account in other services active. In case of accounts with more than one user, if at least one of the users is active, the account will not be considered inactive.

Additional costs are enhanced services - customisation, training, enhanced service levels - which can all be provided by 1 Cloud Consultants.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Most of the functionalities present in the Zoho Books web app is available in the mobile application (Android & iOS).

Here’s the list of features or modules that are not present in the iOS mobile app:
Accountant module
Price Lists
Inventory Adjustments
Opening Balances
Templates Customisation
Email Templates
Web Tabs
Reporting Tags
Recurring Bills
Recurring Expense

Here’s the list of features or modules that are not present in the Android mobile app:
Debit Notes
Inventory Adjustments
Templates Customisation
Email Templates
Web Tabs
Recurring Bills
Recurring Expense
Vendor Credits
Chart of Accounts
What users can and can't do using the API Zoho Books API can be classified as:


Zoho Book’s REST APIs can be used to integrate any third-party applications with Zoho Books. Build applications, integrate existing ones or manage your Zoho Books’ data using Zoho Books REST APIs.


Users can use webhooks to automatically pass on information to your website or other third party applications when an event occurs in Zoho Books.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Custom fields can be added to the modules, Templates (Invoices for example) can be branded to your requirements, Email Templates can be customised. Only people with the correct User level can customise the service.


Independence of resources All customer data is segregated logically. Customer data will be accessed by the combination of multiple IDs. We have our internal proprietary SaaS framework.


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Zoho

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach In Zoho Books, we use an encryption method called AES (Advanced Encryption Standard) to store sensitive data. Also, when you create custom fields, if it is a PII (Personally Identifiable Information), it’ll be encrypted and stored. All other data is stored without encryption.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach The Export Data feature in Zoho Books allows the user to export data (in CSV, XLS, PDF formats) from individual Zoho Books modules. After exporting the data, you can further validate or store the data in your own servers.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XLS
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks All data transmission to Zoho services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our monthly service uptime is 99.9%. The live service availability status can be seen at https://status.zoho.com/
Approach to resilience In Zoho, proper Business Continuity Plan & Disaster Recovery is in place. The data from our Primary data center is streamed continuously to our DR data center. Hence in case of any disaster in our primary data center, the DR data center will take over and continue serving with minimal delay, ensuring high availability. Please refer 'Redundancy and Business Continuity' in https://www.zoho.com/security.html.
Outage reporting Through Blogs and also customers can have look at https://status.zoho.com/ to know the status of current Zoho Services.Also notification would be shown at the top of each application whenever there is a server maintainance related downtime if any.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Each User is assigned a Role and Profile. The Roles and Profiles restrict what the User can view and alter.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication The servers can be accessed only through an isolated, restricted, monitored and logged network protected with firewall, 2 Factor Authentication, Kerberos Authentication Protocol, etc.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI Group
ISO/IEC 27001 accreditation date 6th July 2018
What the ISO/IEC 27001 doesn’t cover The Information Security Management System covers all products and services of Zoho Corporation viz. Zoho Cloud services, Manage Engine (ME), Medical Mine, GSP solution for Zoho, Web Network Management System (WebNMS) and Site 24X7 along with all the support functions viz. Physical Security, Admin, HR, IT support, Corporate Functions, Sales, Marketing, Compliance etc. This is in accordance with the statement of applicability (SoA) ver 1.3 dated 6th July 2018. (This Registration covers the activities delivered at the locations as shown on page 2 & 3 of this Certificate).
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self Assessment
PCI DSS accreditation date July 2018
What the PCI DSS doesn’t cover Zoho Products outside the Zoho Finance suite
Other security certifications Yes
Any other security certifications SOC 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Data is highly secured as our data centers are industry standard compliant (i.e) our US data center colocation facilities are SOC 1 Type II and SOC 2 Type II compliant and our EU datacenter colocation facilities are ISO 27001 certified. Zoho has dedicated cage in those datacenter colocation facilities. Logical access to the servers is isolated, dedicated which is highly secured and monitored. This network is protected with Firewall, 2-Factor Authentication and Kerberos Authentication Protocol. The accessing machines are securely hardened so that no data can be copied or transferred from the data center. Being industry standard ISO 27001:2013certified and SOC 2 Type II compliant in Security, development centers of Zoho are highly secured.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have proper change management process in place and it is in line with ISO 27001:2013 certified and SOC 2 Type II.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Periodic Network vulnerability scans and Application penetration tests are performed. Network vulnerability scans are performed once in a week by external third party "QualysGuard" and Application penetration tests are performed by our internal hacking team once in 6 months.Summary report could be shared on signing NDA with us.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Zoho services are encrypted using TLS 1.2 protocols, certificates issued by SHA 256 based CA.
We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.​
Zoho has Primary and Disaster Recovery Data Centers.
Zoho has a dedicated cage in those data center collocation facilities.
The data of the users who register in www.zoho.eu reside in the data centers within EU(Netherlands & Ireland). These data centers are industry standard ISO 27001 and ISO 22301.
Standard SOC 1 Type II and SOC 2 Type II certified.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach This is comprehensively covered in ISO 27001:2013 and SOC 2 TYPE II audits. We have a dedicated Incident Response Team which is responsible for incident detection, assessment, forensics, containment, and recovery activities. And we follow the eradication phase involves determining the root cause of the incident, improving system defence, determining system vulnerabilities and removing the cause of the incident to eliminate the possibility of recurrence.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £60 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial The Forever free plan can be used a trial plan. This allows you to send 12,000 emails per month to up to 2,000 subscribers.The enhanced features of Zoho Campaigns are excluded, for example Auto Responders or Automation.
Link to free trial https://www.zoho.com/campaigns/pricing1.html

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑