ARRIBATEC UK LTD

Unit4 Enterprise Resource Planning from Arribatec Elite Partner of the Year

Arribatec offers Unit4 Enterprise Resource Planning providing an integrated solution: Finance, General Ledger, Budgeting, Accounting, Creditors, Debtors, Financial Planning, Cash & Income Management (HeyCentric), Procurement/Purchasing, HR, Payroll, Talent Management, Expenses, Absence, Timesheets, Project Management, Accounting/Costing, Research Funding Management (GrantsNow),
Reporting/Analytics, Asset Management, Source-to-Contract, Strategic Sourcing, Spend Analytics, Contract Management.

Features

• Full coverage of ERP for Public Sector and Education Sector
• Full suite of Student Management Solutions
• Fully Managed Azure Cloud Solution with UK / EU Datacentre
• Dual Site Disaster Recovery
• Mobile Applications available
• Support for Collaboration
• Securely Accessible from anywhere
• Integrated Reporting Tools
• Industry Good Practice Business Processes

Benefits

• Total Low Cost of Ownership
• Ability to adapt to Business Change
• Sector Specific Functionality
• Upgrade Elasticity
• Ease of Access
• Change when you change
• Working how you work
• Delivering what you choose
• Secure Cloud operation with Azure

£56 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@arribatec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

396399210405354

Contact

Allan Burrows
0333 444 1005
info.uk@arribatec.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Support in line with SLAs contained within Service Definition document
• System requirements: Fully Managed Cloud Service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As per response times in our SLA within our Service Description Document
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Communicate with Unit4 Support
• Web chat accessibility testing: Communicate with Unit4 Support
• Onsite support: Yes, at extra cost
• Support levels: In addition to Unit4 provided support, please see our separate entries in respect of Arribatec : (a) Support Service Desk, and (b) Technical Managed Services.; ; Unit4 Support and Operations activities: • Deploy solution updates. • Management and maintenance of all infrastructure. • Network connectivity of Unit4 SaaS to public internet. • Back-up and disaster recovery. • Security of application operating environment and infrastructure. • Monitoring of application and infrastructure. • Performance tuning. • Troubleshooting and resolving issues, both customer initiated and those raised by monitoring alerts. • Database copy between environments upon request, e.g. Production to Preview. Incident logging and escalation for Unit4 Cloud is carried out through the Unit4 UK service desk and can be done via telephone (9am – 5pm) email or customer support portal both of which are available 24 hours per day. Incidents will be logged by the customer's trained named individuals who will set a priority based upon system and business variables. Once logged; Unit4 will progress these to resolution within the target response and resolution times for the given SLA. An Account Manager is provided for all Unit4 Customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An experienced project manager will support and guide you through the process, and will work with you to put together a structured and achievable project plan. Key to the process will be developing a clear understanding of your requirements from which we will be able to work with you to (a) design the solution to meet your needs; (b) build the solution for you to prove and test and (c) determine the tasks and timetable necessary for a successful project. Encompassed within this will be the necessary training and knowledge transfer to ensure your team is prepared and ready to provide support to your users. Based on Arribatec’s proven ISIM implementation methodology, we will help you to construct an achievable and deliverable project plan covering: - Initiation activities - Analysis & design - Build & Prove - Acceptance Testing - User Training - Live implementation Arribatec's Project Managers will minimise the risk of project failure by ensuring Project Governance & Control is supported by strategies for managing stakeholders, the project budget and by regular assessment and mitigation of project risks. Arribatec's Project Managers will also provide strategies for communications, user acceptance testing, end user training and data migration.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon final exit Unit4 will export the final copy of the Production Database to a Unit4 controlled Azure storage location. The export will be in a format usable with the latest version of Microsoft SQL Server. Customers can manually download this export from this location. Unit 4 will maintain a secure read only copy of the production environment including database for a period on 1 month post exit. This copy will then be deleted unless the customer informs Unit4 otherwise. Customer responsibilities for this additional service offering include: • Customer access responsibility – control who has permission to download the export • Ensuring data privacy during and after download • Establishing, monitoring and managing the download process • Restoring or importing the export once downloaded • Licensing, operating and installing in the customer’s IT infrastructure any applications that will be used in the retrieval process and subsequent use of the export
• End-of-contract process: Upon any termination of the Agreement, Unit4 shall, provided that it has received a request in writing from the Customer no less than 3 months prior to the scheduled termination date, continue to provide the Software Service to Customer under the same terms for a transitional period of up to six (6) months. Access to the Software during the Transition Period will be subject to the fees set out in the applicable Call Off Agreement, prorated on a monthly basis and payable in advance based on the annual fees charged to Customer for the Software Service during the twelve month period immediately preceding the termination date plus an additional ten percent (10%). During the Transition Period, Unit4 will provide cooperation and assistance as Customer may reasonably request to support an orderly transition to another provider of similar software, services, or to Customer’s internal operations. Such cooperation and assistance will be limited to consulting regarding the Software; Service and will be subject to a fee based on; current rates for Professional Services and such services will be set out in an Call Off Agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Mobile service is accessed through proprietary apps or HTML5 rendered browser. A limited number of system actions still require full Desktop client.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Unit4 ERP Web Services & APIs provide a way of processing data, in a secure manner adhering to modern industry standards, but requiring some technical expertise. Some example of APIs are: Absences, Applicants, Employee balances, Commitment transactions, Customer master maintenance, Document archive, Employments, HR maintenance, Masters and Attributes, Payroll transactions, Planner transactions, Position master file, Project master file, Rates register, Resource master file, Supplier master maintenance, Timesheets, Travel expenses, User status and maintenance, Value Reference Rates, Workflow.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Unit4 products are highly configurable through the application itself, so customisation is often not needed. Where it is required, Arribatec has unrivalled experience and expertise in customising and integrating the Unit4 ERP software, including utilisation of tools such as Extension Kit, which is a toolkit for extending Unit4 applications by authoring and deploying new capabilities as microservices. In ERPx App Studio can be used to create custom apps.

Scaling

• Independence of resources: In Unit4 Cloud, processing resources are shared, but Unit4 monitors and leverages elastic resourcing to ensure all get sufficient to meet the SLAs, and to handle activity peaks. Azure provides the first level of network separation, upon which Unit4 adds further isolation using VNETs. In a Dedicated service model a dedicated VNET is provided so all available network bandwidth is dedicated to a single customer. Unit4 customers always have a dedicated database to ensure data separation. In a dedicated cloud processing resources are also dedicated to a single customer

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics for key performance indicators
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Unit4 Business Software Ltd

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User can export their data in a variety of formats including .xls, .csv, or xml.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Direct to .xls
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Direct from .xls

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Unit4’s service availability commitment for any given calendar month is that the Production Service will be available at least 99.8% of the time. Service Availability is calculated per month as follows: Total time - Service Outage divided by total time times 100 = greater than 99.8% “Service Outage” means the time (in minutes) that the Production Service is unavailable (as measured in accordance with this Section A, paragraph 1) in any month, but excludes any unavailability for those reasons set out below under the heading “Exclusions”; “Total Time” means the total number of minutes in any month; Exclusions Unit4’s service availability commitment excludes any unavailability for the following reasons: • Planned Maintenance; • Unplanned Preventative Maintenance; • failure of any circuits or connections provided by third party telecommunication providers or common carriers; • failure of any external internet service provider or an internet exchange point; • acts or omissions of the Customer or any Users permitted to access the Production Service; • behaviour of Customer applications, equipment or managed operating systems; • Force Majeure events (as described in the supplier terms).
• Approach to resilience: This information is available on request
• Outage reporting: Service outages will be reported via the Unit4 customer portal which all customers have access to.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: There is no direct user access to the servers in Unit4 Cloud. For ERP CR read-only SQL access is offered to a replicated database. Internal Unit4 Cloud operations, (system and database administrators) have access rights to manage and maintain the Cloud Services provided to customers, which are regularly reviewed and a formal change-control and audit log documented. Guidelines and processes regarding access are governed by SSAE and ISO standard compliances that Unit4 has achieved. Unit4 Service desk staff do not have direct access to servers and the production database, so all changes are made by Unit4 Cloud operations.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA Certification Limited
• ISO/IEC 27001 accreditation date: 13/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of this approval is applicable to: The design, development, provision and support of Unit4 software products and associated consultancy, technical and managed IT services. Statement of Applicability v2. The scope covers all UK activities, and also include Global activities, hosting, SaaS etc
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 270017
  • SOC 1 (Type1 and 2)
  • SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Unit4's global SaaS Information Security Policy can be provided upon request. ; Unit4's SaaS service holds the following: • ISO 27001 • ISO 27017 • SOC 1 • SOC 2 • Cyber Essentials

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Unit4 Cloud relies on the expert services of Azure, who provided the underlying platform, network connectivity and System software. The Azure platform offers High Availability, Fault Tolerance, and redundancy at all levels, and components are automatically replaced at the end of their lifetimes or when failed – all contributing to the Unit4 system availability SLA of 99.8% Unit4 software, both Major Featu and Service Updates, is updated processes) automatically as part of the Unit4 Cloud service (with optional deferment). Deployments withinAzure allow eveyone to benefit from their experience of running highly secure and compliant online services
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Deployments within Microsoft Azure allow everyone to benefit from their experience of running highly secure and compliant online services around the globe (such as Microsoft Cyber Defense Operations Centre, a 24x7x365 state-of-the-art cybersecurity and defence facility). Unit4 Cloud has implemented industry leading anti virus, intrusion prevention system and intrusion detection solutions (IPS IDS). Unit4 Cloud works with R&D teams to identify, mitigate and share information about known risks. Unit4 uses log monitoring and analyses to identify usage anomalies and exceptions. Software patches are applied during the maintenance window, but security patches are applied immediately
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Unit4 Cloud’s end to end service includes hardware and system software, monitoring, management and maintenance of the Unit4 software and environment in Unit4 Azure. A continuous 24x7x365 monitoring program is in place to detect and resolve infrastructure and application issues in order to meet Unit4’s application availability targets. The monitoring covers solution health, availability and response times. Priority 1 alerts generated are handled by Unit4 staff 24x7x365. See also the response concerning Incident Management Approach.
• Incident management type: Supplier-defined controls
• Incident management approach: Unit4 and Customer comply with their obligations in the following Policies and Procedures, which have been written to explain how to ensure your system is secure now and into the future Information Security policy; Security Program;; Business Continuity and Disaster Recovery; Acceptable Use Policy; Unit4’s external facing information security policy can be provided upon special request with an NDA. Hence, there is a formal incident Management policy, and users may report incidents via the Unit4 Service Desk. Relevant incidents will be reported back to customers on the Customer Portal.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Arribatec has an environmental policy geared towards minimising our environmental impact. We have an Environmental Management System and are working towards a goal of being carbon neutral by 2030. Progress towards this, and other ESG goals, is reported each year as part of our Annual Report. We have ensured that all our data centres have green electricity; certificates and that the suppliers are chosen based on their environmental performance. ; Our environmental policy also includes such activities as recycling material wherever possible, and an increasing effort to minimise travel. We have a goal of re-using or recycling all electronic waste by 2026 and our progress towards this is measured in our environmental management system.; We have significantly reduced our business travel over recent years, taking advantage of remote working technologies to allow us to do this. Our UK head office is notable for its many eco-friendly credentials including solar and photovoltaic panels on the roof, and ground source heat pumps to supply natural heating. We support the cycle to work scheme which is utilised by head office staff in travel to and from our head office.; ; Furthermore, he nature of our work in automating and increasing the efficiency of transaction processing, and moving processes to the cloud where possible, has a naturally beneficial environmental impact.; ; We publish an annual ESG report, which is available on request or via our website, which also contains details of our ESG commitment and our on-going ESG activities including climate change.

  Covid-19 recovery

  As a business, we weathered the Covid 19 epidemic well, and are proud that we were able to continue business without any furloughing or loss of staff. The rapid deployment of new ways of working allowed us to continue to service our customers’ needs. We instigated a number of measures around social distancing and remote working which allowed us to operate effectively during the pandemic and which will continue to allow us to operate effectively through Covid-19 recovery. We anticipate that the effectiveness of these measures will leave us well placed to create further employment opportunities in the high growth technology sector in which we operate. We also work with various service providers to offer physical and mental health support services to those who need it and regularly incorporate discussion of well-being issues in company meetings.

  Tackling economic inequality

  We are proud to have supported, and we continue to support, sub-contractors in the growth of their businesses through both financial assistance and collaborative working. This includes assistance to small business start-ups, and close collaboration with partners, to develop lower cost/higher quality solutions and boost mutual growth. Scalable and future-proofed technologies and solutions are integral to what we do.; As an operator in a high growth technology sector we have, over many years, provided, and will continue to provide, significant investment in support and training in technology to both our customers and our own staff including towards a number of recognised accreditations. Identification of skills gaps, and plans to address these, are frequent features of our work.; We hold Cyber Security accreditations which include plans for the identification and management of cyber security risks. Cyber security briefings are a regular part of information sharing sessions in the company. Parts of our business have and maintain special expertise in cyber security, and their services are offered to our customers to help them build resilience.

  Equal opportunity

  Arribatec has an Equal Opportunities Policy which states our firm belief in equality, diversity and respect for all, including those with a disability. It is our policy that all employment decisions are based on merit and the legitimate business needs of the organisation. Arribatec recognises the value of an inclusive environment in which people from differing backgrounds and experiences are encouraged to offer fresh ideas and perspectives. We monitor our workforce diversity (with 29 different nationalities currently represented in the group), and our age and gender balance, including salary ratios. We undertake succession planning, monitor and respond to employee satisfaction across a range of measures, and undertake personal development planning for all staff. Our intention is to enable all our staff to work in an environment which allows them to fulfil their potential without fear of discrimination, harassment or victimisation; We publish an annual ESG report, which is available on request, or via our website, which also contains details of our ESG commitment and our on-going ESG activities including Equal Opportunities.

  Wellbeing

  Arribatec aims to be a supportive and flexible employer and has supported staff through difficult periods in terms of both mental and physical health. We include regular presentations on the subject of mental and physical well-being in our company meetings and offer training and support in these areas. We have a range of services available to staff through our healthcare and pension providers. We run periodic team building exercises with the aim of supporting staff to support each other. ; We also engage in various community-based activities to support the communities in which we work. This includes volunteering and fundraising activities, some of which are undertaken jointly with our customers, and we have a regular programme of social events.; We publish an annual ESG report, which is available on request or via our website, which also contains details of our ESG commitment and our on-going ESG activities including on employee wellbeing.

Pricing

• Price: £56 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@arribatec.com. Tell them what format you need. It will help if you say what assistive technology you use.