OpenCRM is a feature rich, secure Cloud based system that has been built and supported by the same people who started the business back in 2005. We pride ourselves on providing friendly and knowledgeable service from the foot of the Yorkshire dales.
- Contact and Company Management centralised within this feature rich system.
- Dynamic Calendar functionality and Activity management tools make scheduling easy.
- Sales Process Management and Oversight from Lead creation to Invoicing
- Fully integrated Customer Service Management module with SLA response alerts
- Project management complete with time tracking tools.
- Automation tools for workflow, action plans, and auto-email rules.
- Email Campaign Management tools for tracking clicks, opens, and unsubscribes.
- Unlimited custom fields, lists, and layouts, including profile specific views
- Personalised and customisable Email, PDF, HTML, and Mail Merge Templates
- Profile based permissions for managing module, record, and field access
- Dedicated account manager to look after you and your team.
- UK-based Customer Service team rated “Great” by 90% of respondents
- Knowledgeable Project Managers available to assist with configuration and implementation.
- All generic and bespoke development carried out in house.
- UK-based infrastructure, including data centres, file storage, and backup facilities.
- Security focused product and company with Cyber Essentials Plus rating.
- Integrations with major, external applications ensure data is always available
- GDPR tools for managing data retention, RTBF, and opt-in marketing.
- Simple and sophisticated interface, customisable to fit your organisation.
- Mobile access options, including browser, dedicated app, and offline framework.
£33 per user per month
- Education pricing available
- Free trial available
Software Add-Ons Ltd - OpenCRM
|Software add-on or extension||No|
|Cloud deployment model||
Planned maintenance is done with minimum of 7 days notice. Emergency maintenance can be carried out at any time for service affecting issues.
There are no hardware constraints so long as the hardware is capable of running an up to date web browser.
|System requirements||Latest version or latest version -1 web browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Our standard Service Level Agreement (SLA) response time is 8 business hours. Tickets, on average, are closed after 36 total hours.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Our online web chat uses dark text on a white background, with clear navigation.|
|Web chat accessibility testing||None at the present time.|
|Onsite support||Yes, at extra cost|
System and user support is included with the per user subscription of OpenCRM.
1. Account Manager: All companies have a dedicated account manager with whom they can discuss future and current system requirements. They are there to consult and advise on how you can use our system to meet your requirements.
2. Customer Service Team: Should you or your users have any questions on how to use the system, our support team is on hand to answer questions and troubleshoot technical issues.
If you decide to purchase any professional service or engage us to carry out custom development, this work will be overseen by a project manager who ensures the work is completed on time and to your specification.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We have an extensive library of Knowledgebase articles, as well as user guides, to help new users get started using OpenCRM. We do recommend new sign-ups purchase some online training, specifically "super user" training that will not only teach one of the new users to navigate and customise the system, but also how they can train other members of their team. It is possible to request onsite training, but we typically find that our online, screen-sharing sessions are more than enough to get people up and running.|
|End-of-contract data extraction||Users are able to manually export data from their system (either module by module or using our Reports module). Should they decide to use Reports, users have the choice of .xls, .csv, or .pdf file formats. Exporting direct from a module will output as a .csv file. Alternatively they can request a copy of their MySQL database at no charge, which will be made available via a web link for no more than 30 days after the termination date of their system.|
|End-of-contract process||Should you decide to end your contract with us, we require a 60 day notification period. You will be responsible for the subscription cost for these full 60 days. Data is returned at no additional charge. You can also request a full deletion of any back-ups or snapshots free-of-charge. Any personal data we have in our internal systems relating to your company or users is removed after two years, provided it has not been used in any financial transactions. Any personal data linked to financial transactions is retained for at least 8 years.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||It is possible to access OpenCRM from any browser, including mobile devices. All features are available from your mobile, although if you or one of your users is planning on exclusively accessing the system from a mobile, we recommend creating custom views and layouts to accommodate the smaller screen. This is not a requirement, but just best practice in our experience.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
All fields and buttons have descriptive labels. All text has a contrast ratio of at least 4.5:1. We strive to use correct sematic markup and to ensure consistent, logical reading/navigation order.
Most page functionality is accessible and navigable via the keyboard, with clear focus. All pages have informative titles, both on the page and on the links to that page.
Technical terminology is defined within user manuals and online FAQs.
There are no substantial changes to the page within a direct user action and form validation errors clearly spell out their cause.
|Accessibility testing||No testing has been conducted at this stage.|
|What users can and can't do using the API||Any API service must be approved by us before being enabled. This is to ensure the security of the system and integrity of our customer's data. Additional support charges may be required to ensure the initial setup is completed smoothly.|
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||System administrators can enable/disable modules (globally and at profile level), change the order these modules appear, add unlimited custom fields to any module (26 types of custom field), change the layout of fields, create custom views (lists) in all modules, and build an unlimited number of email, PDF, HTML, and Mail Merge templates.|
|Independence of resources||
All services are monitored 24/7 with staff on hand out of hours to investigate any issues that arise.
This monitoring checks that all systems are running within normal operating parameters and speed, and allows us to investigate and pinpoint any issues which may be as a result of individual users misuse.
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users are able to export data directly from the home screen of any module. This is exported as a .csv file. Additionally, users are able to export Reports they have created as .csv, .xls, or .pdf. Permission to export data can be restricted at the profile level.|
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Our servers are available 365 days a year, 24 hours a day, with a network availability of 99.97% up time and server response time of no more than 3 seconds excluding documents. More time may be needed in the case of large or multiple attachments. If a customer system is down for 0.03% of any calendar month, we will refund a portion of the monthly subscription at the rate of 5% for every 15 minutes of downtime up to a maximum equal to any monthly charges, except where we have given the customer more than 7 days notice. Where possible, we notify our customers 7 days before any maintenance work on systems or infrastructure, which is typically carried out between the hours of GMT [BST adjusted] 11pm – 6am. It is our goal that service-affecting maintenance works should generally last no more than 15 minutes in a single session.|
|Approach to resilience||Summative details of our data centre setup can be made available on request. We do not release the full details for security reasons.|
Where possible, we notify our customers 7 days before any maintenance work on systems or infrastructure, which is typically carried out between the hours of GMT [BST adjusted] 11pm – 6am. It is our goal that service-affecting maintenance works should generally last no more than 15 minutes in a single session.
Any outage or planned maintenance is reported on our status page. Users are encouraged to sign up for email alerts from this page.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access to the front end of customer systems can be restricted using the permissions model within our own OpenCRM system. Should a member of our team need to access the backend of a customer system, their request and the reason for it is reviewed by a senior member of the team. This request and approval, as well as any front end access, is logged.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Plus (TBC)|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||The security of our system, procedures, and interaction with customers is based on the ISO27001 standard, as well as the guidance set out by the General Data Protection Regulation (GDPR).|
|Information security policies and processes||Our information security policies and procedures were originally based on the Data Protection Act (1998), but was amended to ensure our adherence to both Cyber Essentials Plus protocols and the General Data Protection Regulation (2018). These including policies for the processing of personal data, ensuring the rights of data subjects are observed, and other internal security measures. Compliance with these policies and procedures is overseen internally by our board of directors. All employees are required to sign a confirmation that they have read and understood our policies and procedures, and agree to follow them.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Any development work to our system is required to have the full specification of the project approved by a senior member of both the operations and development team. When the development is completed, it is tested for both frontend functionality and backend code compliance, which includes being assessed for their potential security impact. This process is overseen and tracked by a project manager. All development is fully documented and updated as future changes are made.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We monitor online technology and security news and mailing lists for vulnerabilities reported on any software used to provide or maintain our hosted solution.
Patches, including OS updates are applied as soon as they are available or in the next scheduled maintenance window dependent on the severity of the vulnerability/advisory details of the patch.
Regular penetration testing against our web application alerts us to any vulnerabilities in our software and work to patch these is scheduled according to severity. Patches to the web application can be rolled out immediately where needed.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Potential compromises are identified by regular health checks of servers and services. 24/7 system monitoring would alert us to unusually high levels of server activity, network or database traffic/activity, or an unusual level of errors in traffic/activity.
If any compromise were found, we would respond by first taking remedial action to prevent the compromise from performing the action it is taking.
An investigation would check if the same compromise was present anywhere else within the network and if any data or services had been breached. Any affected customers would be informed.
Response to any known compromise would be immediate.
|Incident management type||Supplier-defined controls|
|Incident management approach||The processes for an IT, Physical, or Data Protection breach are fully documented within our internal wiki, as well as a general process for reporting and managing other potential incidents. These processes include who needs to be notified, the timescales for alerting customers, and who will manage the reporting and reviewing of an incident. Users are regularly reminded about the processes for reporting potential incidents and how they can remain alert for them.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£33 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
Users interested in trialing the interface can sign up to use a shared demo system. There is no access to the admin side and the system is reset overnight.
Alternatively, we do offer a free, 14 day trial of a full system with no integrations.