AGILITY MULTICHANNEL LIMITED

Agility PIM

Agility is a cloud-based Product Information Management/Product Experience Management and publishing solution, enabling marketing and ecommerce professionals to gather, enrich and publish their product catalogue to ecommerce websites, print catalogues and any other online or offline channel.

Features

• Centralised hub for all product data
• Supplier onboarding tools with data quality routines
• Unlimited language support
• Personalisation and versioning tools
• Publishing and syndication tools
• Unlimited products and SKUs (long tail)
• Reporting and analytics capabilities
• Test your website filters and facets using Elasticsearch
• Flexible integration options for back-office and ecommerce
• Adobe InDesign integration native to the tool

Benefits

• Faster time to market for new products
• More accurate and consistent product data
• Easier and faster translation and localisation for new markets
• Channel specific assortments with customised content
• Faster time to market for print catalogues
• Maximise search results on your ecommerce site
• Improved customer experience
• Increased sales and profits
• Actionable insights delivered through analytics
• Improved online engagement and conversion rates

£48,000 to £100,000 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@insightsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

116847079156494

Contact

Jason Simpson
07958125448
info@insightsoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Scheduled monthly maintenance window, limited to one hour.
• System requirements:
  • Any Chrome-based browser can be used to access Agility
  • Safari (Mac) and MS Edge supported to access Agility
  • Site-to-site VPN is required to enable SSO.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets are acknowledged same-day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support is included within the SaaS fees. This includes provision of an online ticket system using Salesforce. All tickets are prioritised according to a Support Policy. No other support level is required.; We provide an Account Manager and a Customer Success Manager who liaise with technical support and engineering teams on the clients behalf.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Using Agility involves an implementation project. This is a workshop-driven process to: ; 1. establish and build the ideal taxonomy and data model for the client; 2. capture existing data sources ; 3. configure the data management features for managing and enriching the products data; 4. configure workflows, workspaces and business rules; 5. configure the publishing and syndication rules for downstream channels; 6. train the core team on using the solution; The project can also include systems integrations which connect the PIM to upstream data sources such as ERP or another back-office system, and connect PIM to downstream channels such as ecommerce.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users with the appropriate access rights and training can export the data themselves, or the client can request that their data is exported when the contract ends. Typically such data is exported into spreadsheets.
• End-of-contract process: Annual SaaS fees include the entitlement to access an instance of the software and to receive all new releases (Service Packs) during the term of the contract. The fee will include the number of named user accounts that they require, and this can flex up and down each year. The fees also include access to the support helpdesk where issues can be reported and resolved.; At additional cost the client may choose to provision additional non-productive environments, and they may choose to buy additional users licences during the term. The may also choose to engage with us to provide additional professional services from time to time including training, data manipulation, configuration and systems integration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Agility is accessed via a browser-based user interface, similar to a modern website. Users log-in and can have separate permissions. Different views of the data and different functionality is provided to different users or groups via 'Workspaces'. 'Gadgets' deliver end-user functionality which means different gadgets can be selected to populate a workspace for a specific use case or user group. There is a gadget API meaning the tool is full extensible and customisable.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Unknown.
• API: Yes
• What users can and can't do using the API: The Agility API is a RESTful web service and can be used to connect Agility to upstream systems such as ERP or back-office platforms, product life cycle management platforms and downstream systems such as ecommerce or web content management platforms. This creates a real-time connection. The API is also used to connect directly with Adobe InDesign, making the tool another UI for Agility, enabling graphic designers to connect directly to the Agility data and content to automatically paginate catalogues for example.; The API enables users to perform all read/write/modify functions.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The user interface (look & feel) can be customised using CSS.; Gadget functionality can be customised and extended using HTML, CSS and Javascript.; The data model, including the full taxonomy and every object can be customised and is typically unique to each and every customer.; The rights and permissions model is totally granular and all users can be managed as individuals or groups with custom rights and permissions.; Imports, exports and transformations are all customised according to the clients business rules. This is performed within a UI and is done either by the software vendor, or by the client assuming those users have gone through the appropriate training.; Most customisations are performed within the user interface itself, by users with the appropriate access rights.

Scaling

• Independence of resources: Agility is a single-tenant private SaaS solution. Other users are not using the same resources.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide system monitoring metrics that show CPU usage and storage usage. This enables the client to scale their Agility instance according to demand.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User export data in a number of ways:; 1. manually within the UI to export data in Excel, CSV, XML or JSON format.; 2. scheduled using our data integration tool (ETL). For example this could be a regular feed of data that the client provides to a customer.; 3. via integration, typically an ETL process or API connection which exports data to another business system such as an ecommerce platform, ERP or just another database,
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • MS Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will make available the Service to Customer's production tenant 99.5% of the time, measured over a calendar month, provided, however, that the following shall not be considered downtime, and the time to perform the following shall not be included in the time the Service is unavailable: (i) preventative maintenance; (ii) application Updates to the Service.; A sliding scale of service credits are provided if we fail to meet the minimum availability, starting at 10% of the fees paid, up to 50% of the fees paid with a final option to terminate with a full refund.
• Approach to resilience: Available on request, however broadly speaking we are using all of the available features of Microsoft Azure for resilience. Additional levels of resilience such duplicate databases and application across multiple data centres are also available at additional cost.
• Outage reporting: Email alerts to the clients system administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: No users of the service have access to servers or code, only the business user interface that provides end-user functionality. The management interface is for user administration only and access to this is restricted to only those users that the client has allocated as a System Administrators. This is a specific user licence type and the functions it enables are only accessible by this licence type. This includes managing role and permissions (view/read/write) for all other business users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: As a business we are working in line with ISO27001 and we are awaiting certification which will happen in early 2025. Other software products within our group have already been certified and a rolling programme is in place to ensure that all products have ISO27001.
• Information security policies and processes: Our business has a Chief Information Security Officer and a team responsbile for IS. Its influence spans the whole company and the information security policy covers all aspects of the business including HR, Asset Management, Access Controls, Cryptography, Physical & Environmental (ISO27001), Operations, Communications, System Acquisition, Development and Maintenance, Supplier Relationships and Compliance.; Policies are reviewed and published (versioned) annually and full training is provided to all employees via 3rd party partners such as KnowB4 etc.; Processes are independently audited for compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Agility PIM is based on a 3-tier architecture comprising of an application server (Wildfly), a database server (MS SQL) and a user interface served up through Apache. All components are monitored as part of the service using N-ABLE RMM and Pingdom. This includes monitoring uptime, services, failed logins, disk space thresholds, performance, and network access. Vulnerability scanning is performed using Crashtest Security and patching of 3rd party software is performed quarterly using N-ABLE RMM and PowerShell Scripts. All system updates and new Agility versions are deployed in TEST before being pushed to PROD.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Each Agility customer environment is subject to system monitoring as outlined in the previous question. Service and Environment monitoring runs every 5 minutes, 24/7/365.; Potential threats are assessed on the basis of severity; low = policy or own standard violation, med = known exploited vulnerability (KEV) emergency high = critical. Response times are 1 days for remediation plan, 7 days to patch/mitigate if non critical.; Information about potential threats comes from a variety of sources including Microsoft, CISA, CVE and NVD.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Agility environment monitoring is provided as part of the service. Potential compromises are detected using a range of tools including antivirus, crashtest security, and the tools provided within Microsoft Azure's datacentre. Potential compromised are patched at the earliest possible maintenance window. High priority patches may be installed with short notice after recommendations from our CISO. The company maintains a documents incident response plan which is tested and updated periodically.
• Incident management type: Supplier-defined controls
• Incident management approach: We maintain a documented incident response plan. The plan is tested and updated periodically.; If we becomes aware of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Data, we shall notify Customer, within 48 hours after determining an Incident has impacted or will impact the Data.; Customer is provided timely information about the Incident to the extent known to us, including the nature and consequences of the Incident, the measures taken or proposed by us to mitigate or contain the Incident, the status of our investigation, and contacts to obtain information.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Our group of companies, under the insightsoftware family operate ‘InsightCares’ which enables each employee to take 8 hours of paid time annually to be used to volunteer at a charity of their choosing. Multiplied by over 2,500 employees, this represents over 20,000 hours of charitable work.

Pricing

• Price: £48,000 to £100,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@insightsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.