Software Add-Ons Ltd - OpenCRM

OpenCRM

OpenCRM is a feature rich, secure Cloud based system that has been built and supported by the same people who started the business back in 2005. We pride ourselves on providing friendly and knowledgeable service from the foot of the Yorkshire dales.

Features

  • Contact and Company Management centralised within this feature rich system.
  • Dynamic Calendar functionality and Activity management tools make scheduling easy.
  • Sales Process Management and Oversight from Lead creation to Invoicing
  • Fully integrated Customer Service Management module with SLA response alerts
  • Project management complete with time tracking tools.
  • Automation tools for workflow, action plans, and auto-email rules.
  • Email Campaign Management tools for tracking clicks, opens, and unsubscribes.
  • Unlimited custom fields, lists, and layouts, including profile specific views
  • Personalised and customisable Email, PDF, HTML, and Mail Merge Templates
  • Profile based permissions for managing module, record, and field access

Benefits

  • Dedicated account manager to look after you and your team.
  • UK-based Customer Service team rated “Great” by 90% of respondents
  • Knowledgeable Project Managers available to assist with configuration and implementation.
  • All generic and bespoke development carried out in house.
  • UK-based infrastructure, including data centres, file storage, and backup facilities.
  • Security focused product and company with Cyber Essentials Plus rating.
  • Integrations with major, external applications ensure data is always available
  • GDPR tools for managing data retention, RTBF, and opt-in marketing.
  • Simple and sophisticated interface, customisable to fit your organisation.
  • Mobile access options, including browser, dedicated app, and offline framework.

Pricing

£33 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

930982770600681

Software Add-Ons Ltd - OpenCRM

Graham Anderson

01748 473000

sales@opencrm.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Planned maintenance is done with minimum of 7 days notice. Emergency maintenance can be carried out at any time for service affecting issues.
There are no hardware constraints so long as the hardware is capable of running an up to date web browser.
System requirements Latest version or latest version -1 web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard Service Level Agreement (SLA) response time is 8 business hours. Tickets, on average, are closed after 36 total hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our online web chat uses dark text on a white background, with clear navigation.
Web chat accessibility testing None at the present time.
Onsite support Yes, at extra cost
Support levels System and user support is included with the per user subscription of OpenCRM.

1. Account Manager: All companies have a dedicated account manager with whom they can discuss future and current system requirements. They are there to consult and advise on how you can use our system to meet your requirements.

2. Customer Service Team: Should you or your users have any questions on how to use the system, our support team is on hand to answer questions and troubleshoot technical issues.

If you decide to purchase any professional service or engage us to carry out custom development, this work will be overseen by a project manager who ensures the work is completed on time and to your specification.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We have an extensive library of Knowledgebase articles, as well as user guides, to help new users get started using OpenCRM. We do recommend new sign-ups purchase some online training, specifically "super user" training that will not only teach one of the new users to navigate and customise the system, but also how they can train other members of their team. It is possible to request onsite training, but we typically find that our online, screen-sharing sessions are more than enough to get people up and running.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users are able to manually export data from their system (either module by module or using our Reports module). Should they decide to use Reports, users have the choice of .xls, .csv, or .pdf file formats. Exporting direct from a module will output as a .csv file. Alternatively they can request a copy of their MySQL database at no charge, which will be made available via a web link for no more than 30 days after the termination date of their system.
End-of-contract process Should you decide to end your contract with us, we require a 60 day notification period. You will be responsible for the subscription cost for these full 60 days. Data is returned at no additional charge. You can also request a full deletion of any back-ups or snapshots free-of-charge. Any personal data we have in our internal systems relating to your company or users is removed after two years, provided it has not been used in any financial transactions. Any personal data linked to financial transactions is retained for at least 8 years.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service It is possible to access OpenCRM from any browser, including mobile devices. All features are available from your mobile, although if you or one of your users is planning on exclusively accessing the system from a mobile, we recommend creating custom views and layouts to accommodate the smaller screen. This is not a requirement, but just best practice in our experience.
Accessibility standards None or don’t know
Description of accessibility All fields and buttons have descriptive labels. All text has a contrast ratio of at least 4.5:1. We strive to use correct sematic markup and to ensure consistent, logical reading/navigation order.
Most page functionality is accessible and navigable via the keyboard, with clear focus. All pages have informative titles, both on the page and on the links to that page.
Technical terminology is defined within user manuals and online FAQs.
There are no substantial changes to the page within a direct user action and form validation errors clearly spell out their cause.
Accessibility testing No testing has been conducted at this stage.
API Yes
What users can and can't do using the API Any API service must be approved by us before being enabled. This is to ensure the security of the system and integrity of our customer's data. Additional support charges may be required to ensure the initial setup is completed smoothly.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation System administrators can enable/disable modules (globally and at profile level), change the order these modules appear, add unlimited custom fields to any module (26 types of custom field), change the layout of fields, create custom views (lists) in all modules, and build an unlimited number of email, PDF, HTML, and Mail Merge templates.

Scaling

Scaling
Independence of resources All services are monitored 24/7 with staff on hand out of hours to investigate any issues that arise.
This monitoring checks that all systems are running within normal operating parameters and speed, and allows us to investigate and pinpoint any issues which may be as a result of individual users misuse.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users are able to export data directly from the home screen of any module. This is exported as a .csv file. Additionally, users are able to export Reports they have created as .csv, .xls, or .pdf. Permission to export data can be restricted at the profile level.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS (from a Report)
  • PDF (from a Report)
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our servers are available 365 days a year, 24 hours a day, with a network availability of 99.97% up time and server response time of no more than 3 seconds excluding documents. More time may be needed in the case of large or multiple attachments. If a customer system is down for 0.03% of any calendar month, we will refund a portion of the monthly subscription at the rate of 5% for every 15 minutes of downtime up to a maximum equal to any monthly charges, except where we have given the customer more than 7 days notice. Where possible, we notify our customers 7 days before any maintenance work on systems or infrastructure, which is typically carried out between the hours of GMT [BST adjusted] 11pm – 6am. It is our goal that service-affecting maintenance works should generally last no more than 15 minutes in a single session.
Approach to resilience Summative details of our data centre setup can be made available on request. We do not release the full details for security reasons.
Outage reporting Where possible, we notify our customers 7 days before any maintenance work on systems or infrastructure, which is typically carried out between the hours of GMT [BST adjusted] 11pm – 6am. It is our goal that service-affecting maintenance works should generally last no more than 15 minutes in a single session.
Any outage or planned maintenance is reported on our status page. Users are encouraged to sign up for email alerts from this page.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the front end of customer systems can be restricted using the permissions model within our own OpenCRM system. Should a member of our team need to access the backend of a customer system, their request and the reason for it is reviewed by a senior member of the team. This request and approval, as well as any front end access, is logged.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus (TBC)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The security of our system, procedures, and interaction with customers is based on the ISO27001 standard, as well as the guidance set out by the General Data Protection Regulation (GDPR).
Information security policies and processes Our information security policies and procedures were originally based on the Data Protection Act (1998), but was amended to ensure our adherence to both Cyber Essentials Plus protocols and the General Data Protection Regulation (2018). These including policies for the processing of personal data, ensuring the rights of data subjects are observed, and other internal security measures. Compliance with these policies and procedures is overseen internally by our board of directors. All employees are required to sign a confirmation that they have read and understood our policies and procedures, and agree to follow them.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Any development work to our system is required to have the full specification of the project approved by a senior member of both the operations and development team. When the development is completed, it is tested for both frontend functionality and backend code compliance, which includes being assessed for their potential security impact. This process is overseen and tracked by a project manager. All development is fully documented and updated as future changes are made.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor online technology and security news and mailing lists for vulnerabilities reported on any software used to provide or maintain our hosted solution.
Patches, including OS updates are applied as soon as they are available or in the next scheduled maintenance window dependent on the severity of the vulnerability/advisory details of the patch.
Regular penetration testing against our web application alerts us to any vulnerabilities in our software and work to patch these is scheduled according to severity. Patches to the web application can be rolled out immediately where needed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified by regular health checks of servers and services. 24/7 system monitoring would alert us to unusually high levels of server activity, network or database traffic/activity, or an unusual level of errors in traffic/activity.

If any compromise were found, we would respond by first taking remedial action to prevent the compromise from performing the action it is taking.

An investigation would check if the same compromise was present anywhere else within the network and if any data or services had been breached. Any affected customers would be informed.

Response to any known compromise would be immediate.
Incident management type Supplier-defined controls
Incident management approach The processes for an IT, Physical, or Data Protection breach are fully documented within our internal wiki, as well as a general process for reporting and managing other potential incidents. These processes include who needs to be notified, the timescales for alerting customers, and who will manage the reporting and reviewing of an incident. Users are regularly reminded about the processes for reporting potential incidents and how they can remain alert for them.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £33 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Users interested in trialing the interface can sign up to use a shared demo system. There is no access to the admin side and the system is reset overnight.

Alternatively, we do offer a free, 14 day trial of a full system with no integrations.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑