Format14CRM Limited
Sugar Enterprise (On-Premises CRM)
Built for maximum control and customisability, Sugar Enterprise and Sugar Enterprise + provide a full featured CRM in your designated cloud environment.
Features
- Account, Contact, Lead & Opportunity management
- SugarBPM™ (Business Process Management) workflow automation tool
- SugarPredict predictive artificial intelligence
- Complete control over security, privacy, and extensibility.
- Unlimited access to all APIs without additional costs
- Create and visualise your customer’s journey with No-Code tools
- Mail & Calendar Integration
- Fully documented Open REST API
- SUPPORTED FINANCE INTEGRATION with 150+ ERP/Accounting Systems
- A Universe of Apps awaits on Sugar Outfitters
Benefits
- Increase Productivity
- Consolidate all customer data into a single, easy-to-use system
- Track and report on any field
- Orchestrate teams and increase productivity through automation
- Understand all stakeholders in a common data model
- Connect to popular applications via a powerful API
- Customise workflows, automate processes, and minimise busy work
- Access anywhere via a web browser or mobile device
- Direct access to the database
- Highly Customisable Open Standards based architecture
Pricing
£68 to £108 a user a month
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at chris.slade@format14.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 14
Service ID
3 5 6 6 9 1 1 7 5 9 6 7 6 9 0
Contact
Format14CRM Limited
Chris Slade
Telephone: 01628 281114
Email: chris.slade@format14.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- None
- System requirements
- Platform components are Open Source
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support calls are acknowledged within 30 minutes of receipt.
These are then prioritised into severity levels:
P1 - Customer is unable to use the system and a key component has failed > Immediate investigation. Problem resolution begins immediately.
P2 - Application function is limited but the customer is able to use the system in a limited manner > Support resources allocated to identify processing issues. Problem resolution begins within 2 hours of reporting problem.
Customers selecting weekend support are assured of same P1 and P2 support SLA's as above. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Format14CRM provides the following Support Levels in our Standard Support Package:
P1 (Critical) e.g. more than 50% of users are unable to access the application, a key component has failed, any security-related incident: response time within 30 minutes, target resolution time is as soon as possible.
P2 (Important) e.g. access is permitted but the system is significantly degraded: response time within 2 hours, target resolution time within 8 hours
P3 (Normal): User account maintenance: response time within 8 hours, target resolution within 2 days
Support is charged annually and is typically calculated as 15-25% of the implementation cost. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Format14CRM’s Project Management methodology is a dynamic and adaptable approach to implementation that sets us apart from the rest. At the core of our project management methodology is the adoption of an agile continuous delivery approach. We believe in the power of incremental change rather than a disruptive "big bang" transformation, so we release developments over time, working closely with clients as we iteratively implement changes. We conduct scrum meetings that foster collaboration and put client engagement at the forefront of projects. This ensures that your requirements are front and centre, and allows solutions to evolve with feedback being immediately incorporated into end results. Throughout the delivery process, we maintain continuous engagement with stakeholders, allowing for requirements to evolve while providing quick and measured responses to changes requested by your organisation during the implementation phase. HyperCare is the name we give to the immediate post-live period and represents a crucial support phase that allows a client to make swift adjustments to an implemented CRM without going through a change management process. This post-implementation period facilitates a smooth transition to the new working system for Users with organisations able to quickly rectify issue with enhanced support from our consultants.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- MS Word
- MS Powerpoint
- Wiki
- End-of-contract data extraction
-
Prior to the end of the Subscription Term, User organisations will instruct us of their intention to export their data.
We will then provide support to enact the planned migration wherever possible. - End-of-contract process
-
At the end of the Subscription Period, Customer data is purged.
> This services is included as part of the Annual Subscription
If additional Data Recovery and Transition is required the these Services can be priced on a Man Day / part thereof basis.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The SugarCRM mobile application is available for download for Android and iOS devices.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
-
SugarCRM has extension capabilities enabling interoperability with other applications via an Open API.
SugarCRM provides comprehensive documentation on using the Sugar API, available here:
https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_9.0/Integration/Web_Services/REST_API/index.html
SugarCRM provides detail on fair user in their Master Subscription Agreement, available here: https://support.sugarcrm.com/Resources/Master_Subscription_Agreements/Current/index.html - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The Sugar CRM application is fully customisable.
Users can parameterise/configure the CRM using its Studio tools (with no coding required) and it is fully customisable through code-level changes. Parametisations/Configurations can be applied without coding knowledge, code level changes should be undertaken by a certified Sugar developer.
Scaling
- Independence of resources
-
Cloud Hosting Service provides additional resources when overall demand is high. This is dynamically allocated.
.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Licensing Metrics > We provide real time information on Numbers of Users
SugarCRM also provides an Interactive Reporting and DashBoard Tools,
enabling real time analysis of the data mart. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- SugarCRM
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Users can export data from each module using the provided Export function. Users can export all selected data from each module.
Export function is dependant upon the user role privilege. - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- JSON Format for API data
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- JSON format
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- SugarCRM commits to 99.5% availability. Actual availability for EU data centres is typically 99.991%
- Approach to resilience
-
SugarCRM Hosted Cloud Services are provided using AWS datacentres.
Format14CRM also works with Google Cloud Platform.
Both of these have Industry Leading Resilience statistics and provide a robust and reliable platform for availability - further information can be obtained from Amazon Web Services. - Outage reporting
-
> Email alerts are sent to affected customers.
> SugarCRM provides publicly accessible Cloud status pages that makes customers aware of any outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- User Access Restrictions are based upon Team and Role Privileges.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 22/03/2022
- What the ISO/IEC 27001 doesn’t cover
- SugarCRM host with Amazon Web Services, Inc. https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf Scope for certificate 2013-009 This scope is only valid in connection with certificate 2013-009. Page 2 of 4 Digital version The scope of this ISO/IEC 27001:2013 certification is bounded by specified services of Amazon Web Services, Inc. and specified facilities. The Information Security Management System (ISMS) is centrally managed out of Amazon Web Services, Inc. headquarters in Seattle, Washington, United States of America. The in-scope applications, systems, people, and processes are globally implemented and operated by teams out of an explicit set of facilities that comprise Amazon Web Services, Inc. and are specifically defined in the scope and bounds. The Amazon Web Services, Inc. ISMS scope includes the services as mentioned on https://aws.amazon.com/compliance/iso-certified/, the locations and AWS Service and Supporting Resources are stated in the following section of this certificate.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Format14CRM plans to apply for ISO 27001 certification. Prior to actioning, we have a comprehensive plan which is coordinated by a designated Head of Security/Risk Officer, reporting to the Board.
His work encompasses maintaining formal inventories of information assets requiring protection, setting out roles and responsibilities.
All employees have to comply with security policies and have received security awareness training.
All Format14CRM security policies cover logical and physical access controls. - Information security policies and processes
-
Format14CRM has integrated security into the Development Life Cycle with non conformance being escalated to Head of Security / Risk Management for review.
We have an established Incident Management Methodology to respond to identified risks and measure compliance by detecting incidents and reporting these to Head of Security > this process defines at a high level how to handle and resolve Security Trouble Tickets.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Format14CRM provides a continuous Change Management Process reflecting the Ongoing Requirements for each project >
Our ability to meet the functional and ongoing contractual commitments is key, as well as insuring that security is never compromised.
To this end Format14CRM provides a high level of assurance reviewing that functional objectives as well as security are periodically reviewed and correctly set.
Components include:
- Planning, Developing and Documenting Lifetime Aims & Objectives.
- Defined Governance. Organisation Structure, Roles & Responsibilities.
- Leadership. From the Top and Across the Organisation
- Stakeholders ( Informed )
- Aligned workers ( Motivated ) - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Format14CRM relies on SugarCRM's extensive testing capability to protect against potential threats and identified vulnerabilities.
Through rigorous testing, configuration and change management issues can be identified when they unexpectedly change security properties.
Monitoring of attacks and unauthorised activity are immediately reported and preventative measures taken.
Where there are known vulnerabilities to services SugarCRM will make updates available asap. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Format14CRM relies on SugarCRM's extensive Protective Monitoring Measures to protect against potential threats and identified vulnerabilities.
Once Format14CRM is made aware of a potential compromise we immediately inform affected customers and begin a process of protection.
Customer notification happens shortly after identification of compromise.
and preventative measures taken.
Where there are known vulnerabilities to services SugarCRM will make updates available asap. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Format14CRM has a Cloud Based Customer Incident Application
Users log into the Online Incident Portal to log all incidents.
Acknowledgement of Incident is sent to the user, and Format14CRM begins its predefined process to identify seriousness and impact.
In parallel the Format14 Customer Incident Application escalates to its Head of Security/Risk Officer.
After establishing severity Format14CRM initiates communication with all affected users.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
Format14CRM operates as an SMB from remote offices. Format14CRM is firmly committed to our responsibilities as social stakeholders and takes sustainability seriously. Format14CRM’s Sales Director, Rupert Nelson, holds an MSc in Environmental Technology from Imperial College and regularly reviews the business operations to optimise the impact the business has in terms of Socially, Economically and Environmentally sustainability. Using our measures, we select suppliers using an evaluation method which reviews second and third scope emissions that relationships with suppliers may incorporate. Based on our reviews, we have decided to have our business activities coordinated through web-based software applications provided by Google or running in the Google Cloud Platform. “Google is carbon neutral for our operations today, but aiming higher: our goal is to run on carbon-free energy, 24/7, at all of our data centres by 2030. Plus, we’re sharing technology, methods, and funding to enable organisations around the world to transition to more carbon-free and sustainable systems.” Source:Google Cloud Sustainability Statement https://cloud.google.com/sustainability We selected Google because we aim to ensure that our day-to-day digital footprint is being offset with renewable sources in data centres that use business applications. Any carbon footprint associated with travelling to, or maintaining offices is limited to essential workshop activities and meetings with business partners or clients, to avoid multiple journeys and excessive emissions onsite work is usually supported with local accommodation for multi-day projects. Format14CRM encourages colleagues to travel by public transport wherever possible to reduce the usage of cars. We also deploy web-based virtual meeting technology to help reduce the need for in-person meetings.
Pricing
- Price
- £68 to £108 a user a month
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at chris.slade@format14.com.
Tell them what format you need. It will help if you say what assistive technology you use.