Zoho Corporation Limited

Zoho Expense - Automated expense tracking and management

Zoho Expense is a complete business travel and expense management software designed for businesses of all sizes .It automates every step of the travel and expense process making it easy for employees to record expenses, admins to manage and control the business spends and provides insights for businesses.

Features

• Travel employee-self booking tool
• Travel desk tool to manage travel requests
• Receipt automation
• Expense management
• Expense report management and automation
• Mileage expense tracking via maps and GPS
• Corporate card integration and management
• Automated per diem management
• Purchase request management
• Dashboards and analytics

Benefits

• Manage employee travel with self-booking tool and travel desk
• Inbuilt Travel desk tool to manage travel request tickets
• Save time by automating expense reporting, submission to reimbursement
• Fetch corporate card transactions from major card service providers
• Set and customise policies, approval flows and budgets
• Capture mileage accurately with maps and GPS technology
• Domestic and international VAT Reclaim feature
• Integrations with most major accounting, ERP, HR, travel, banking software
• Mobile first Approach enabling expense reporting on the go
• Custom reports and dashboards across travel, employee expenses & reimbursements

£7 to £10 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zohouk-gcloud@eu.zohocorp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

394613793195081

Contact

Sreyas Benjamin
+44 2038072092
zohouk-gcloud@eu.zohocorp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Only cloud-based deployment and no support for an on-premise setting.
• System requirements:
  • Windows / Linux / Mac OS X
  • Safari 11 and above
  • Edge 16 and above
  • Google Chrome 61 and above
  • Mozilla Firefox 60 and above
  • Opera 60 and above
  • Stable Internet Connection
  • IOS 14.0 or above
  • Android 5 or above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer Free Support (Classic) and Paid Support (Premium); Classic Support - 8 Hour response time; Premium Support - 3 Hours response time
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat is accessible right from our home page. Users can chat regarding any support requirements or any queries they have regarding CRM. ; Our support team is available 24*7 via chat, email, or call. ; ; For ease of access; a) No time based responses required for web chat.; b) Supports 200% of zoom without loss of content and functionality in our web page.
• Web chat accessibility testing: We are currently assessing and in the progress of making our product compliant to Accessibility standard WCAG 2.1 AA . In this journey, we are yet to do the testing with the actual users of assistive technology. It will be done when the product becomes compliant to WCAG standard.
• Onsite support: Yes, at extra cost
• Support levels: We provide 3 levels of Support with different offerings. ; Basic (Free plan) - 1. Only Email support ; 2.Response time- 24 hours; Classic (All paid plans) - 1. Email support, Chat support and Call Support. ; 2.Response time- 8 hours; Premium (Additional cost) - . Email support, Chat support and Call Support. ; 2.Response time- 3 hours; 3. Account manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online onboarding to our customers. We initially gather the business requirements through online meetings and provide a demo of our application after which we will start with implementing the customisations and configurations required for the customer. Once the accounts setup is completed, we will proceed with online training for users (admin users and end users) post which we will share the user documentations as well.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: You can do a full back up of the system. All the data will be delivered in the form of multiple .CSV files that can be downloaded using the link that will be made available within 24 hours of request.; The receipts images associated with the expenses can be exported as well and all the data will be downloaded in .zip format.; ; Users can opt to export the data onto excel sheets, .csv files and upload the data into their system of choice.; ; Also, Zoho reserves the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days. In the event of such termination, all data associated with such user account will be deleted. Prior notice of such termination will be communicated and the option to back-up your data will be available. Each Service will be considered an independent and separate service for calculating the period of inactivity.
• End-of-contract process: At the end of the contract, if the customer chooses to continue using the system, they can renew the licenses on a periodic basis. This will ensure all customisations done on top of the system specific for the customer continues to exist without any modification.; ; If the customer would prefer not to continue using the system/shutdown, a full download of data existing on the system can be done by one of the users of the system (usually admin / super admin).; ; Post the termination of contract, the customer has the right to erasure of data as Zoho is GDPR compliant. So the users can request to delete data permanently through email and Zoho will comply with the request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our mobile application is tailored for travelers and managers, offering seamless functionality for tasks like travel requests, trip booking, receipt capture with Autoscan, mileage tracking, card transaction reconciliation, expense report creation, and submission. All features available on our web platform are accessible on the mobile app.; ; For administrative tasks such as user management, access controls, policy configuration, and workflow setup, the web application is more suitable. Similarly, the web platform caters to the needs of the Travel Desk, Finance, and Audit teams, providing detailed analytics and reports on organisational travel and expenses.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Zoho Expense interfaces with other application through APIs and file transfer protocols.Zoho Expense offers direct integration with Zoho Applications and other predefined applications.
• Accessibility standards: None or don’t know
• Description of accessibility: Zoho Expense can be accessed via cloud, and mobile application. All text content on service is linear, clear and readable. There is minimal usage of audio, video and images, making all the essential modules accessible. ; ; For ease of access the service supports 200% of zoom without loss of content and functionality in our web page. Keyboard shortcuts and hover hints for fields are available out of the box.
• Accessibility testing: We are currently assessing and in the progress of making our product compliant to Accessibility standard WCAG 2.1 AA . In this journey, we are yet to do the testing with the actual users of assistive technology. It will be done when the product becomes compliant to WCAG standard
• API: Yes
• What users can and can't do using the API: Zoho expense service can be accessed via Zoho expense API. It gives; users the freedom to expand and build on our programmatic base to suit their needs. Built using REST principles, it makes application development incredibly easy. A wide range of HTTP clients can be used with our API since it follows HTTP rules. Every resource is exposed as a URL. The URL of each resource can be obtained by accessing the API Root Endpoint.; ; Limitation:; API calls are limited to provide better quality of service and availability to all the users. The limits on total requests per day are listed below for each plan: ; Free Plan - 1000 API requests/day ; Standard Plan- 2000 requests/day ; Premium Plan- 10000 requests/day ; Custom Plan- 10000 requests/day
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Custom Modules; In Zoho Expense, Users can create a custom module to record other data when the predefined modules are not sufficient to manage all their business requirements; ; Field Customization; Users can create additional fields called custom fields for different modules. This can be used if any additional field is required for different modules.; ; Automation; Automation allows users to create a set of rules for modules of Zoho Expense based on which appropriate actions would be performed. With automation users can ; 1. Create and describe a Workflow.; 2. Decide when to execute the workflow.; 3. Set the conditions for executing the workflow.; 4. Associating actions such as email alerts, field updates and webhooks with a workflow.; 5. Connect to an external web service provider using Webhooks.

Scaling

• Independence of resources: We ensure uninterrupted service by employing scalable infrastructure with load balancing and auto-scaling capabilities. Our system dynamically allocates resources based on demand, preventing performance degradation during peak usage. Additionally, we conduct proactive monitoring and performance tuning to optimise response times and minimise downtime. This ensures all users experience consistent and reliable service regardless of fluctuations in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Active User reports which will help customers to track how many employees have used the application in a given month. This will help companies in deciding the number of user licenses to be purchased or renewed. ; Users can track the API calls made per day or the Total API Usage of their account. ; Users can check the service uptime from status.zoho.com ; We offer Activity Logs report which helps users to track all the activities performed in Zoho Expense, such as creating transactions, editing transactions, submitting transactions for approval, for a given period.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: You can do a full back up of the system. All the data will be delivered in the form of multiple .CSV files that can be downloaded using the link that will be made available within 24 hours of request.; The receipts images associated with the expenses can be exported as well and all the data will be downloaded in .zip format.; ; Users can opt to export the data onto excel sheets, .csv files and upload the data into their system of choice.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xls
  • Xlsx
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls
  • Xlsx
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Network traffic is encrypted when it traverses over the public network and when replicating to the DR data centre. The complete Datacenter stack is under our control. We use firewalls to prevent our network from unauthorised access. Our systems are segmented into separate networks to protect sensitive data from unauthorised access.

Availability and resilience

• Guaranteed availability: Our availability SLA commitment is 99.9% monthly uptime. We have redundancies implemented at various levels starting from the infrastructure to the ISP to achieve this. Data from the primary data centre is replicated in the secondary, and a read-only version of Zoho apps is always served from the secondary data centre.; ; Upon customer request, Zoho will, as per the terms and conditions of its Service level agreement, provide service credits. A copy of Zoho SLA can be shared upon request.
• Approach to resilience: Application data is stored on resilient storage that is replicated across data centres. Data in the primary DC is replicated in the secondary in near real time. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimal or no loss of time. Both the centers are equipped with multiple ISPs. We have power back-up, temperature control systems and fire-prevention systems as physical measures to ensure business continuity. These measures help us achieve resilience. In addition to the redundancy of data, we have a business continuity plan for our major operations such as support and infrastructure management.
• Outage reporting: Planned Outages & Maintenance:; The planned outages would be announced/informed to the customers through several channels, blog post in community forum, business emails, banners in respective services.; ; Generally, annual maintenance activities would be planned during non-business hours to avoid impact to the services.; ; Unplanned Outages:; Major unplanned outages will be posted in social media forums & also will be informed to customers through emails. Customers can always refer to the following link on the health status of each service & update on outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimise the risk of data exposure.; ; Access to production environments is maintained by a central directory and authenticated using a combination of strong passwords, two-factor authentication, and passphrase-protected SSH keys. Furthermore, we facilitate such access through a separate network with stricter rules and hardened devices. Additionally, we log all the operations and audit them periodically.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institution (BSI)
• ISO/IEC 27001 accreditation date: 22/08/2022
• What the ISO/IEC 27001 doesn’t cover: Zoho has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28/06/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Not Applicable
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-assessment : SAQ-D
• PCI DSS accreditation date: 03/10/2023
• What the PCI DSS doesn’t cover: PCI applies to all the scope defined by the organisation
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO/IEC 27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27701 , ISO 27017 , ISO 27018 , SOC Type II + HIPAA
• Information security policies and processes: Zoho shall maintain an information security program in accordance with the international standard ISO 27001, which includes technical and organisational security measures, physical measures, as well as policies and procedures to protect customer data processed by Zoho against accidental loss, destruction, or alteration, unauthorised disclosure or access, or unlawful destruction. Zoho maintains documented information security and data privacy policies and requirements, and periodically communicates them to employees responsible for various controls. The policies are reviewed annually to keep them up-to-date. This policy is verified during our third-party audits such as ISO and SOC.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have Change Management procedures in place that include, but are not limited to, all changes to the Organisation, Applications, Systems, People, Technology, and Processes, as well as information processing facilities that affect information security/privacy. For every change, the security impact is analszed. We maintain audit logs as evidence for all changes. Fall-back procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events, are documented and communicated. Zoho shall notify the customer of any changes that may affect the customer adversely.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a dedicated vulnerability management process that actively scans for security threats using a combination of certified third-party scanning tools and in-house tools, along with automated and manual penetration testing efforts. Our security team actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis to spot security incidents that affect the company’s infrastructure.; ; Once we identify a vulnerability requiring remediation, it is logged, prioritised according to severity, and assigned to an owner. We identify the associated risks and track the vulnerability until it is closed by either patching the vulnerable systems or applying relevant controls.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We monitor and analyze information gathered from services, internal traffic in our network, and usage of devices and terminals. We record this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically monitored and analysed to a reasonable extent to help us identify anomalies, such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs on a secure server isolated from full system access to manage access control centrally and ensure availability.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management team notifies you of the relevant incidents and actions needed. We track and close the incidents with corrective actions. Whenever applicable, we will provide you with necessary evidence in the form of application and audit logs regarding incidents. Furthermore, we implement controls to prevent the recurrence of similar situations.; ; We respond to the security or privacy incidents you report to us through incidents@zohocorp.com with high priority. For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or organisation, we will notify the concerned party through email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The energy supply for the Zoho UK’s workspace at Bletchley is derived from renewable sources, accounting for 21% of total power consumption. LED retrofits have been implemented to enhance energy efficiency throughout the building.; Designed with a focus on energy efficiency, data centres that support Zoho UK are powered by renewable energy. Further, these data centres are progressing towards integrating with a solar grid to reduce environmental impacts.; All purchased energy for the data centres is sourced from green energy providers. This enables us to minimise the carbon footprint associated with our operations.; The United Kingdom has committed to achieving carbon neutrality by 2050. Supporting this pledge, we have taken steps to monitor greenhouse gas (GHG) emissions from our operations and implement measures to mitigate them. We account for Scope 2 and Scope 3 emissions and exclude Scope 1 emissions as our work does not involve fuel combustion within operational boundaries.; We've switched completely to electric vehicles for movement within the campus.

  Covid-19 recovery

  During the COVD-19 pandemic, Zoho worked to minimize the impact of COVID on our customers, other business and our local community.; At the start of the pandemic, Zoho created and distributed a Secure Remote Access Toolkit to help organizations quickly adapt to and work securely during the pandemic. This toolkit was made free for the first 100 days.; To assist organizations impacted by the pandemic, Zoho offered free licenses of flagship products, and offered discounts and waivers on licenses on a case-by-case basis.; While most of our employees worked from home, we kept the kitchen at our Chennai headquarters running with a skeletal staff to provide food to underprivileged people in the local area, many of whom were impacted due to a loss of employment during the lockdown.; We converted one of our office buildings into a temporary COVID-19 ward to accommodate citizens who were required to quarantine.; We ran Covid vaccination camps to our employees, their dependents and the support staff who worked in Zoho.

  Tackling economic inequality

  Zoho has always aimed to tackle economic inequality and give back to the community. This is reflected in the following:; Coined by our CEO, transnational localism is the philosophy that underpins our staffing and office location plans. Instead of focusing on crowded urban centres, we've been opening spoke offices in smaller towns and villages. The goal is to improve local infrastructure, boost the economy of these smaller towns and villages, and provide more employment opportunity. ; As part of our philosophy of transnational localism, we believe in hiring locally for each spoke office. This helps promote local talent and bring high-paying jobs back to the villages and towns where we are based.

  Equal opportunity

  As part of our efforts to tackle inequality, Zoho Corporation Limited have made efforts to provide equal opportunities and tackle workforce inequality.; All roles at Zoho Corporation are open to all people irrespective of gender, sex, race, ability, or religion. We hire solely based on skill and have a diverse team.; We eschew discrimination on any grounds, including age, colour, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, and other unique characteristics that define our associates. Instead, we espouse, fairness, striving to ensure that a merit-based approach allows wage parity among associates with comparable experiences and responsibilities, irrespective of their gender.; Our campus has been designed to be accessible to all, including differently-abled colleagues. The layout design includes ramps and lifts in every building, allowing ease of mobility and access to all.; Apart from the usual shuttle facilities, special cab service covering a certain distance is given for women during their third trimester.

  Wellbeing

  Zoho Corporation Limited adheres to industry standards in remuneration, ensuring that compensation is equitable across genders. Recognising the diverse needs of our people, we provide essential support such as parental leave, aligning with our efforts to build an organisation that values and cares for every individual.; We have trained medical practitioners and a dedicated medical clinic available on all days of the week. Employees can freely avail their services.; The Hazard Identification & Risk Assessment (HIRA) Framework is followed rigorously at the premises.; We provide in-house counselling to our employees for free via our team of trained and qualified therapists. ; We organize free medical check-ups for our employees on an annual basis.; We organize regular blood donation camps in association with various blood banks.; We have open house sessions conducted by the CEO periodically where employees can raise any concerns.; Day Care facilities provided for employees kids; The compliance monitoring framework involves ongoing reviews and enhancements of occupational health programmes, guided by feedback, data analysis, and emerging best practices.

Pricing

• Price: £7 to £10 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer Free plan for small businesses and freelancers and below are the included features, ; Up To 3 Users; 5 GB Receipt Storage; 20 Receipt Auto scans; Multi-currency Expenses; Mileage Expenses; Customer/Project Tracking; Accounting Integration; Email Support
• Link to free trial: https://www.zoho.eu/in/expense/signup/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zohouk-gcloud@eu.zohocorp.com. Tell them what format you need. It will help if you say what assistive technology you use.