Zoho Corporation Limited

Zoho Contracts: Streamlined platform for seamless business agreement management

Zoho Contracts aids organisations in efficient contract management with features including creation, negotiation, approval workflows, electronic signatures, and analytics. Users can streamline processes, centralize storage, automate generation, track milestones, and ensure compliance with contractual obligations, optimising the entire lifecycle. it saves time, reduces errors, and boosts efficiency for all businesses.

Features

• Agreement templates: Native Template Editor with Template & Clause library
• Contract repository facilitating centralised storage and easy retrieval of documents
• Collaborative editing allowing multiple stakeholders to contribute and review contracts
• Customisable approval workflows to suit diverse organisational requirements seamlessly
• Collaborative negotiation tool for streamlined communication with external partners
• Zoho Sign based Electronic Signatures which are legally binding
• Renewal Alerts and Obligation Management to ensure compliance
• Analytics and reporting for insights into contract performance and trends
• Advanced search functionalities for quick access to specific contract details
• Access and manage contracts conveniently with the mobile (iOS) app

Benefits

• Customisable templates expedite contract creation, enhancing efficiency and accuracy
• Contracts securely stored, easily accessible, searchable, ensuring efficient retrieval processes
• Enhances cross-departmental collaboration, fostering efficient contract authoring
• Automated approval workflows streamline reviews, ensuring efficient and timely processes
• Promotes clarity in communication and negotiation with highlighted change tracking
• Integrate with Zoho Sign for expedited contract signing
• Receive alerts, ensuring timely action on critical contract deadlines effortlessly
• Enables informed decision-making with comprehensive analytics and reporting tools
• Enhances security, protecting sensitive contract data with robust access controls
• Execute contract tasks seamlessly with the iOS app, enhancing mobility

£48 to £63 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zohouk-gcloud@eu.zohocorp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

444675144793637

Contact

Sreyas Benjamin
+44 2038072092
zohouk-gcloud@eu.zohocorp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Only cloud-based deployment and no support for an on-premise setting.
• System requirements:
  • Chrome - 10 and above
  • Mozilla Firefox - 8 and above
  • IE - 10 and above
  • Opera - 12.1 and above
  • Safari - 5 and above
  • IOS 13 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our first response as per our SLA is 4 hours. We provide 24 hours support, 5 days a week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat is accessible right from our home page. Users can chat regarding any support requirements or any queries they have regarding the service. ; ; For ease of access; a) No time based responses required for web chat.; b) Supports 200% of zoom without loss of content and functionality in our web page.
• Web chat accessibility testing: We are currently assessing and in the progress of making our product compliant to Accessibility standard WCAG 2.1 AA . In this journey, we are yet to do the testing with the actual users of assistive technology. It will be done when the product becomes compliant to WCAG standard.
• Onsite support: Onsite support
• Support levels: We currently offer our Zoho Classic support plan at no additional cost. The classic support offers support reps who would attend to customer requests between Monday to Friday, across all timezones
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our website features comprehensive documentation, help guides, and video tutorials, offering users an in-depth exploration of our product. Additionally, we offer onboarding demos to guide users through setting up the service seamlessly. Scheduled webinars and online training sessions further enhance the customer experience, providing valuable insights and support.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All backed up data are retained for a period of three months. If a customer requests for data recovery within the retention period, we will restore their data and provide secure access to it. The timeline for data restoration depends on the size of the data and the complexity involved.; ; To ensure the safety of the backed-up data, we use a redundant array of independent disks (RAID) in the backup servers. All backups are scheduled and tracked regularly. In case of a failure, a re-run is initiated and is fixed immediately. The integrity and validation checks of the full backups are done automatically by our Zoho Admin Console tool.
• End-of-contract process: We hold the data in your account as long as you choose to use Zoho Services. Once you terminate your Zoho user account, your data will get deleted from the active database during the next clean-up that occurs once every 6 months. The data deleted from the active database will be deleted from backups after 3 months. In case of your unpaid account being inactive for a continuous period of 120 days, we reserve the right to terminate it after giving you prior notice and the option to back-up your data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Zoho Contracts provides a mobile app for the iOS platform and is available for download on the App Store. The mobile app is optimised for iPhones, enabling users to manage contracts on the go. It offers a user-friendly interface, ensuring users to manage and track contracts from their mobile devices with ease.; ; Mobile app offers seamless data synchronisation, allowing users to switch between devices, gaining access to data or without losing progress, ensuring a consistent user experience regardless of the platform used.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Zoho Contracts prioritises user-friendliness, offering a seamless experience for efficient contract management. Its interface boasts a comprehensive dashboard, providing quick access to contract statuses, renewals, and metrics. The centralised contract repository ensures easy storage and retrieval with robust search capabilities. Simplified contract creation is facilitated through intuitive tools and customisable templates. Collaboration features streamline team communication and editing, while automated notifications track milestones and deadlines. Customisation options allow tailoring of fields, workflows, and permissions. Reporting tools offer insights into performance and compliance, with seamless integration with other Zoho apps and third-party software enhancing functionality for users.
• Accessibility standards: None or don’t know
• Description of accessibility: All text content on service is linear, clear and readable. There is minimal usage of audio, video and images, making all the essential modules accessible. Our default colour scheme ensures optimal contrast between text and background, assisting users with low vision or colour blindness. Moreover, we use fonts which enhances readability, supporting users with visual impairments or reading challenges. Furthermore, keyboard navigation enhances accessibility, particularly for users with mobility impairments. Incorporating WCAG standards is part of our roadmap.
• Accessibility testing: We are currently assessing and in the progress of making our product compliant to Accessibility standard WCAG 2.1 AA . In this journey, we are yet to do the testing with the actual users of assistive technology. It will be done when the product becomes compliant to WCAG standard.
• API: Yes
• What users can and can't do using the API: The Zoho Contracts API empowers users to replicate all web application operations. Built on REST principles, it ensures ease of learning, reliability, security, scalability, and high performance.; ; Following HTTP rules, each resource is accessible via a unique URL obtained from the API Root Endpoint. Authentication utilizes OAuth2.0, enabling third-party applications to access protected resources in Zoho.; ; The API offers extensive functionalities, including organization and user management, department operations, counterparty management, contract type handling, contract management, signer management, collaboration features, and obligation management.; ; Users can retrieve, update, create, and delete various entities such as departments, counterparty types, counterparties, contracts, signers, collaborators, obligation categories, and obligations.; ; Moreover, the API facilitates granular access control, allowing users to fetch lists, create, update, and delete entities, and retrieve specific contract details like signer lists, obligation tasks, and more.; ; With comprehensive documentation and robust functionality, the Zoho Contracts API empowers users to seamlessly integrate contract management operations into their workflows with ease and efficiency.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Within Zoho Contracts, you can create add users to specific roles, add your own clauses, create/configure/upload your own contract template, configure fields of your choice within the templates, customise renewal reminders and obligations, personalise emails for contract execution and set reminders/signature expiry if contracts are not yet signed

Scaling

• Independence of resources: Our platform automatically scales both horizontally and vertically depending on the incoming traffic to our infrastructure. We have dedicated server monitoring and maintenance teams ensuring optimal performance. Load Balancers further optimise resource distribution. These aspects are rigorously scrutinised during ISO and SOC audits. In addition, we have a high availability SLA commitment. We have redundancies implemented at various levels starting from the infrastructure to the ISP. Data from the primary data centre is always replicated in the secondary, and we have a business continuity and disaster recovery plan that ensures a 99.9% monthly uptime.

Analytics

• Service usage metrics: Yes
• Metrics types: Admin Audit Logs, User Access Logs, User Dashboard and Activity Report, Reports on Contracting Performance
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: User can currently export their contract templates, clauses, contract signed document, draft contract document, Certificate Of Completion, Reports and Logs, through our product interface
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Users can export their draft contracts in PDF
  • Users can export their draft contracts in MS Word format
  • Users can export their Signed contracts in PDF
  • Users can export their Certificate Of Completion in PDF
  • Users can export their Reports in CSV
  • Users can export their Reports in XLXS
  • Users can export Admin Audit Logs in CSV
  • Users can export Admin Audit Logs in XLXS
  • Users can export User Activity Logs in CSV
  • Users can export User Activity Logs in XLXS
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Network traffic is encrypted when it traverses over the public network and when replicating to the DR data centre. The complete Datacenter stack is under our control. We use firewalls to prevent our network from unauthorised access. Our systems are segmented into separate networks to protect sensitive data from unauthorised access.

Availability and resilience

• Guaranteed availability: Our monthly service uptime is 99.9%. The live service availability status can be seen online. Upon customer request, Zoho will, as per the terms and conditions of its Service level agreement, provide service credits. A copy of Zoho SLA can be shared upon request.
• Approach to resilience: Application data is stored on resilient storage that is replicated across data centers. Data in the primary DC is replicated in the secondary in near real time. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimal or no loss of time. Both the centers are equipped with multiple ISPs.; We have power back-up, temperature control systems and fire-prevention systems as physical measures to ensure business continuity. These measures help us achieve resilience. In addition to the redundancy of data, we have a business continuity plan for our major operations such as support and infrastructure management.
• Outage reporting: Planned Outages & Maintenance:; The planned outages would be announced/informed to the customers through several channels, blog post in community forum, business emails, banners in respective services.; ; Generally, annual maintenance activities would be planned during non-business hours to avoid impact to the services.; ; Unplanned Outages:; Major unplanned outages will be posted in social media forums & also will be informed to customers through emails. Customers can always refer to the following link on the health status of each service & update on outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure.; ; Access to production environments is maintained by a central directory and authenticated using a combination of strong passwords, two-factor authentication, and passphrase-protected SSH keys. Furthermore, we facilitate such access through a separate network with stricter rules and hardened devices. Additionally, we log all the operations and audit them periodically.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI (British Standards Institution)
• ISO/IEC 27001 accreditation date: 22/08/2022
• What the ISO/IEC 27001 doesn’t cover: ISO/IEC 27001 is one of the most widely recognised independent international security standards. This certificate is awarded to organisations that comply with ISO's high global standards. Zoho has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28/06/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Not Applicable
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO/IEC 27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, SOC 2 Type II, SOC 2 + HIPAA
• Information security policies and processes: Zoho shall maintain an information security program in accordance with the international standard ISO 27001, which includes technical and organizational security measures, physical measures, as well as policies and procedures to protect customer data processed by Zoho against accidental loss, destruction, or alteration, unauthorised disclosure or access, or unlawful destruction. Zoho maintains documented information security and data privacy policies and requirements, and periodically communicates them to employees responsible for various controls. The policies are reviewed annually to keep them up-to-date. This policy is verified during our third-party audits such as ISO and SOC.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have the Change Management procedures in place that includes the following but not limited to all the changes to the Organization, Applications, Systems, People, Technology, and Processes, information processing facilities that affect information security/privacy. For every change the security impact is analysed. We maintain Audit logs as evidence for all the changes. Fall-back procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events are documented and communicated. Zoho shall notify the customer of any changes that may affect the customer in an adverse manner.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a dedicated vulnerability management process that actively scans for security threats using a combination of certified third-party scanning tools and in-house tools, and with automated and manual penetration testing efforts. Our security team actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis to spot security incidents that might affect the company’s infrastructure.; ; Once we identify a vulnerability requiring remediation, it is logged, prioritised according to the severity, and assigned to an owner. We identify risks, track vulnerabilities, close by patching or applying controls promptly
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We monitor and analyse information gathered from services, internal traffic in our network, and usage of devices and terminals. We record this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically monitored and analysed to a reasonable extent that helps us identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs in a secure server isolated from full system access, to manage access control centrally and ensure availability.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a dedicated incident management team. We notify buyers of the incidents in our environment that apply to them, along with suitable actions that they may need to take. We track and close the incidents with appropriate corrective actions. Whenever applicable, we will identify, collect, acquire and provide you with necessary evidence in the form of application and audit logs regarding incidents that apply to buyers. ; ; We respond to the security or privacy incidents you report to us through incidents@zohocorp.com, with high priority. Notify individuals via email; general updates on blogs, forums, socials.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The energy supply for the Zoho UK’s workspace at Bletchley is derived from renewable sources, accounting for 21% of total power consumption. LED retrofits have been implemented to enhance energy efficiency throughout the building.; Designed with a focus on energy efficiency, data centres that support Zoho UK are powered by renewable energy. Further, these data centres are progressing towards integrating with a solar grid to reduce environmental impacts.; All purchased energy for the data centres is sourced from green energy providers. This enables us to minimise the carbon footprint associated with our operations.; The United Kingdom has committed to achieving carbon neutrality by 2050. Supporting this pledge, we have taken steps to monitor greenhouse gas (GHG) emissions from our operations and implement measures to mitigate them. We account for Scope 2 and Scope 3 emissions and exclude Scope 1 emissions as our work does not involve fuel combustion within operational boundaries.; We've switched completely to electric vehicles for movement within the campus.

  Covid-19 recovery

  During the COVD-19 pandemic, Zoho worked to minimize the impact of COVID on our customers, other business and our local community.; At the start of the pandemic, Zoho created and distributed a Secure Remote Access Toolkit to help organizations quickly adapt to and work securely during the pandemic. This toolkit was made free for the first 100 days.; To assist organizations impacted by the pandemic, Zoho offered free licenses of flagship products, and offered discounts and waivers on licenses on a case-by-case basis.; While most of our employees worked from home, we kept the kitchen at our Chennai headquarters running with a skeletal staff to provide food to underprivileged people in the local area, many of whom were impacted due to a loss of employment during the lockdown.; We converted one of our office buildings into a temporary COVID-19 ward to accommodate citizens who were required to quarantine.

  Tackling economic inequality

  Zoho has always aimed to tackle economic inequality and give back to the community. This is reflected in the following:; Coined by our CEO, transnational localism is the philosophy that underpins our staffing and office location plans. Instead of focusing on crowded urban centres, we've been opening spoke offices in smaller towns and villages. The goal is to improve local infrastructure, boost the economy of these smaller towns and villages, and provide more employment opportunity. ; As part of our philosophy of transnational localism, we believe in hiring locally for each spoke office. This helps promote local talent and bring high-paying jobs back to the villages and towns where we are based.

  Equal opportunity

  As part of our efforts to tackle inequality, Zoho Corporation Limited have made efforts to provide equal opportunities and tackle workforce inequality.; All roles at Zoho Corporation are open to all people irrespective of gender, sex, race, ability, or religion. We hire solely based on skill and have a diverse team.; We eschew discrimination on any grounds, including age, colour, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, and other unique characteristics that define our associates. Instead, we espouse, fairness, striving to ensure that a merit-based approach allows wage parity among associates with comparable experiences and responsibilities, irrespective of their gender.; Our campus has been designed to be accessible to all, including differently-abled colleagues. The layout design includes ramps and lifts in every building, allowing ease of mobility and access to all.; Apart from the usual shuttle facilities, special cab service covering a certain distance is given for women during their third trimester.

  Wellbeing

  Zoho Corporation Limited adheres to industry standards in remuneration, ensuring that compensation is equitable across genders. Recognising the diverse needs of our people, we provide essential support such as parental leave, aligning with our efforts to build an organisation that values and cares for every individual.; We have trained medical practitioners and a dedicated medical clinic available on all days of the week. Employees can freely avail their services.; The Hazard Identification & Risk Assessment (HIRA) Framework is followed rigorously at the premises.; We provide in-house counselling to our employees for free via our team of trained and qualified therapists. ; We organize free medical check-ups for our employees on an annual basis.; We organize regular blood donation camps in association with various blood banks.; We have open house sessions conducted by the CEO periodically where employees can raise any concerns.; Day Care facilities provided for employees kids; The compliance monitoring framework involves ongoing reviews and enhancements of occupational health programmes, guided by feedback, data analysis, and emerging best practices.

Pricing

• Price: £48 to £63 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: In our free version, you can add up to 3 users. One user will be able to send out contracts for signing, create five contracts every month, store and manage up to 10 contracts, add up to 5 counterparties, create 1 approval workflow and use our two inbuilt contract templates.
• Link to free trial: https://www.zoho.eu/contracts/signup.html

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zohouk-gcloud@eu.zohocorp.com. Tell them what format you need. It will help if you say what assistive technology you use.