Skip to main content

Help us improve the Digital Marketplace - send your feedback

Format14CRM Limited

Sugar Enterprise (On-Premises CRM)

Built for maximum control and customisability, Sugar Enterprise and Sugar Enterprise + provide a full featured CRM in your designated cloud environment.

Features

  • Account, Contact, Lead & Opportunity management
  • SugarBPM™ (Business Process Management) workflow automation tool
  • SugarPredict predictive artificial intelligence
  • Complete control over security, privacy, and extensibility.​
  • Unlimited access to all APIs without additional costs
  • Create and visualise your customer’s journey with No-Code tools
  • Mail & Calendar Integration
  • Fully documented Open REST API
  • SUPPORTED FINANCE INTEGRATION with 150+ ERP/Accounting Systems
  • A Universe of Apps awaits on Sugar Outfitters

Benefits

  • Increase Productivity
  • Consolidate all customer data into a single, easy-to-use system
  • Track and report on any field
  • Orchestrate teams and increase productivity through automation
  • Understand all stakeholders in a common data model
  • Connect to popular applications via a powerful API
  • Customise workflows, automate processes, and minimise busy work
  • Access anywhere via a web browser or mobile device
  • Direct access to the database
  • Highly Customisable Open Standards based architecture

Pricing

£68 to £108 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.slade@format14.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 5 6 6 9 1 1 7 5 9 6 7 6 9 0

Contact

Format14CRM Limited Chris Slade
Telephone: 01628 281114
Email: chris.slade@format14.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
Platform components are Open Source

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support calls are acknowledged within 30 minutes of receipt.

These are then prioritised into severity levels:

P1 - Customer is unable to use the system and a key component has failed > Immediate investigation. Problem resolution begins immediately.
P2 - Application function is limited but the customer is able to use the system in a limited manner > Support resources allocated to identify processing issues. Problem resolution begins within 2 hours of reporting problem.

Customers selecting weekend support are assured of same P1 and P2 support SLA's as above.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Format14CRM provides the following Support Levels in our Standard Support Package:

P1 (Critical) e.g. more than 50% of users are unable to access the application, a key component has failed, any security-related incident: response time within 30 minutes, target resolution time is as soon as possible.
P2 (Important) e.g. access is permitted but the system is significantly degraded: response time within 2 hours, target resolution time within 8 hours
P3 (Normal): User account maintenance: response time within 8 hours, target resolution within 2 days

Support is charged annually and is typically calculated as 15-25% of the implementation cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Format14CRM’s Project Management methodology is a dynamic and adaptable approach to implementation that sets us apart from the rest. At the core of our project management methodology is the adoption of an agile continuous delivery approach. We believe in the power of incremental change rather than a disruptive "big bang" transformation, so we release developments over time, working closely with clients as we iteratively implement changes. We conduct scrum meetings that foster collaboration and put client engagement at the forefront of projects. This ensures that your requirements are front and centre, and allows solutions to evolve with feedback being immediately incorporated into end results. Throughout the delivery process, we maintain continuous engagement with stakeholders, allowing for requirements to evolve while providing quick and measured responses to changes requested by your organisation during the implementation phase. HyperCare is the name we give to the immediate post-live period and represents a crucial support phase that allows a client to make swift adjustments to an implemented CRM without going through a change management process. This post-implementation period facilitates a smooth transition to the new working system for Users with organisations able to quickly rectify issue with enhanced support from our consultants.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • MS Word
  • MS Powerpoint
  • Wiki
End-of-contract data extraction
Prior to the end of the Subscription Term, User organisations will instruct us of their intention to export their data.
We will then provide support to enact the planned migration wherever possible.
End-of-contract process
At the end of the Subscription Period, Customer data is purged.
> This services is included as part of the Annual Subscription

If additional Data Recovery and Transition is required the these Services can be priced on a Man Day / part thereof basis.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The SugarCRM mobile application is available for download for Android and iOS devices.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
SugarCRM has extension capabilities enabling interoperability with other applications via an Open API.

SugarCRM provides comprehensive documentation on using the Sugar API, available here:
https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_9.0/Integration/Web_Services/REST_API/index.html

SugarCRM provides detail on fair user in their Master Subscription Agreement, available here: https://support.sugarcrm.com/Resources/Master_Subscription_Agreements/Current/index.html
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The Sugar CRM application is fully customisable.
Users can parameterise/configure the CRM using its Studio tools (with no coding required) and it is fully customisable through code-level changes. Parametisations/Configurations can be applied without coding knowledge, code level changes should be undertaken by a certified Sugar developer.

Scaling

Independence of resources
Cloud Hosting Service provides additional resources when overall demand is high. This is dynamically allocated.
.

Analytics

Service usage metrics
Yes
Metrics types
Licensing Metrics > We provide real time information on Numbers of Users

SugarCRM also provides an Interactive Reporting and DashBoard Tools,
enabling real time analysis of the data mart.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
SugarCRM

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export data from each module using the provided Export function. Users can export all selected data from each module.
Export function is dependant upon the user role privilege.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
JSON Format for API data
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
JSON format

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SugarCRM commits to 99.5% availability. Actual availability for EU data centres is typically 99.991%
Approach to resilience
SugarCRM Hosted Cloud Services are provided using AWS datacentres.

Format14CRM also works with Google Cloud Platform.

Both of these have Industry Leading Resilience statistics and provide a robust and reliable platform for availability - further information can be obtained from Amazon Web Services.
Outage reporting
> Email alerts are sent to affected customers.

> SugarCRM provides publicly accessible Cloud status pages that makes customers aware of any outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
User Access Restrictions are based upon Team and Role Privileges.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
22/03/2022
What the ISO/IEC 27001 doesn’t cover
SugarCRM host with Amazon Web Services, Inc. https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf Scope for certificate 2013-009 This scope is only valid in connection with certificate 2013-009. Page 2 of 4 Digital version The scope of this ISO/IEC 27001:2013 certification is bounded by specified services of Amazon Web Services, Inc. and specified facilities. The Information Security Management System (ISMS) is centrally managed out of Amazon Web Services, Inc. headquarters in Seattle, Washington, United States of America. The in-scope applications, systems, people, and processes are globally implemented and operated by teams out of an explicit set of facilities that comprise Amazon Web Services, Inc. and are specifically defined in the scope and bounds. The Amazon Web Services, Inc. ISMS scope includes the services as mentioned on https://aws.amazon.com/compliance/iso-certified/, the locations and AWS Service and Supporting Resources are stated in the following section of this certificate.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Format14CRM plans to apply for ISO 27001 certification. Prior to actioning, we have a comprehensive plan which is coordinated by a designated Head of Security/Risk Officer, reporting to the Board.
His work encompasses maintaining formal inventories of information assets requiring protection, setting out roles and responsibilities.
All employees have to comply with security policies and have received security awareness training.
All Format14CRM security policies cover logical and physical access controls.
Information security policies and processes
Format14CRM has integrated security into the Development Life Cycle with non conformance being escalated to Head of Security / Risk Management for review.
We have an established Incident Management Methodology to respond to identified risks and measure compliance by detecting incidents and reporting these to Head of Security > this process defines at a high level how to handle and resolve Security Trouble Tickets.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Format14CRM provides a continuous Change Management Process reflecting the Ongoing Requirements for each project >

Our ability to meet the functional and ongoing contractual commitments is key, as well as insuring that security is never compromised.
To this end Format14CRM provides a high level of assurance reviewing that functional objectives as well as security are periodically reviewed and correctly set.
Components include:
- Planning, Developing and Documenting Lifetime Aims & Objectives.
- Defined Governance. Organisation Structure, Roles & Responsibilities.
- Leadership. From the Top and Across the Organisation
- Stakeholders ( Informed )
- Aligned workers ( Motivated )
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Format14CRM relies on SugarCRM's extensive testing capability to protect against potential threats and identified vulnerabilities.

Through rigorous testing, configuration and change management issues can be identified when they unexpectedly change security properties.

Monitoring of attacks and unauthorised activity are immediately reported and preventative measures taken.

Where there are known vulnerabilities to services SugarCRM will make updates available asap.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Format14CRM relies on SugarCRM's extensive Protective Monitoring Measures to protect against potential threats and identified vulnerabilities.

Once Format14CRM is made aware of a potential compromise we immediately inform affected customers and begin a process of protection.

Customer notification happens shortly after identification of compromise.
and preventative measures taken.

Where there are known vulnerabilities to services SugarCRM will make updates available asap.
Incident management type
Supplier-defined controls
Incident management approach
Format14CRM has a Cloud Based Customer Incident Application

Users log into the Online Incident Portal to log all incidents.
Acknowledgement of Incident is sent to the user, and Format14CRM begins its predefined process to identify seriousness and impact.

In parallel the Format14 Customer Incident Application escalates to its Head of Security/Risk Officer.

After establishing severity Format14CRM initiates communication with all affected users.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Format14CRM operates as an SMB from remote offices. Format14CRM is firmly committed to our responsibilities as social stakeholders and takes sustainability seriously. Format14CRM’s Sales Director, Rupert Nelson, holds an MSc in Environmental Technology from Imperial College and regularly reviews the business operations to optimise the impact the business has in terms of Socially, Economically and Environmentally sustainability. Using our measures, we select suppliers using an evaluation method which reviews second and third scope emissions that relationships with suppliers may incorporate. Based on our reviews, we have decided to have our business activities coordinated through web-based software applications provided by Google or running in the Google Cloud Platform. “Google is carbon neutral for our operations today, but aiming higher: our goal is to run on carbon-free energy, 24/7, at all of our data centres by 2030. Plus, we’re sharing technology, methods, and funding to enable organisations around the world to transition to more carbon-free and sustainable systems.” Source:Google Cloud Sustainability Statement https://cloud.google.com/sustainability We selected Google because we aim to ensure that our day-to-day digital footprint is being offset with renewable sources in data centres that use business applications. Any carbon footprint associated with travelling to, or maintaining offices is limited to essential workshop activities and meetings with business partners or clients, to avoid multiple journeys and excessive emissions onsite work is usually supported with local accommodation for multi-day projects. Format14CRM encourages colleagues to travel by public transport wherever possible to reduce the usage of cars. We also deploy web-based virtual meeting technology to help reduce the need for in-person meetings.

Pricing

Price
£68 to £108 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.slade@format14.com. Tell them what format you need. It will help if you say what assistive technology you use.