Skip to main content

Help us improve the Digital Marketplace - send your feedback


SAP Business ByDesign (BYD)

SAP Business ByDesign® is a complete suite of integrated business software for small & medium sized organisations. It contains all the functionality you need to run efficiently. It is delivered in the cloud, on-demand and is flexible and cost effective. It allows you to run whilst SAP manage your IT.


  • Work the Way You Want
  • Get running quickly and stay ahead of your competitors
  • Project Management with integrated time and expenses
  • CRM start where needed, grow where the opportunity takes you
  • Realtime reporting using preconfigured adaptable Business Intelligence
  • Designed to be easy to use and learn
  • On demand solution delivered as software as a service
  • Manage by exception helps ensure you don't miss something important
  • Key Performance Indicators and Dashboard Management
  • choose from 35 fully integrated end-to-end business scenarios


  • Take advantage of multi-GAAP accounting
  • Peace of mind easily adapt when your business changes
  • Work the Way You Want
  • Keeping business on the right track with accurate information
  • Manage by exception ensuring you don't miss something important
  • Manage proactively and keep executives abreast of operational performance
  • Guaranteed compliance all regulations supported including IFRS & GAAP
  • Improve reconciliation and reporting by using one document principle bydesign
  • Increase asset utilisation by using comprehensive asset management features
  • Financial Analysis and Planning Plan with insight and confidence


£16,000 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 0 1 2 6 8 3 6 2 1 9 2 7 2 7


Telephone: 07771964312

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
System requirements
  • Access is through an internet browser
  • Mobile solutions are included and downloaded from relevant Appstores
  • Microsoft Office integration is included within annual subscription fee
  • Support and Maintenance included within annual subscription fee
  • Full documented API included within annual subscription fee
  • Security, privacy and compliance included
  • Upgrades delivered quarterly in downtime on a Sunday morning
  • Legal and fiscal compliance guaranteed includes GDPR and MTD
  • Integrated to SAP Cloud Analytics
  • Online Training included in annual subscription fee

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Standard support is delivered within the standard annual subscription agreement. Orchard House Solutions is able to deliver a configured support arrangement to meet the organisations requirements. Support is delivered standard UK Time 07:30 through 19:30.
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Orchard House Solutions Customer Success Service was conceived as a solution to support our customers needs to ensure successful stress free usage of Business ByDesign, as well as make sure service availability remains at a level where a return on Investment, data quality and adoption remain high. For customers interested in a more personalised engagement, Customer Success keeps you running at peak performance and gives you more time to strategise for innovation.

The Customer Success team is at the centre of the Orchard House Solutions services; each member of our team is paired with a Mentor to help them resolve trickier problems faster.

Customer Success Service costs an additional 20% of the subscription fee with a minimum fee of £10K.
Support available to third parties

Onboarding and offboarding

Getting started
SAP Business ByDesign is a self-documenting solution with extensive in-built help, community forums, blogs, wiki entries, SAP YouTube channel for guidance videos, as well as online user guides and administrator guides.

The Help section within SAP Business ByDesign is also customisable, meaning that a company can add in their own documents and content, including videos.

This is of particular use when it comes to on-boarding of new staff; not only can users add their own notes for specific sections, but authorised users could add specific content, such as a job description/duties, or even a "How to Video" for specific roles and functions within that role.

A typical implementation will not require additional user documentation, but will include on-site "train the trainer" sessions to key users who co-ordinate and delivery training to the user base. However, at customer request training can be provided to end users and additional documentation can be provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data held within SAP Business ByDesign may be exported by:

* Mass Data Maintenance functionality
* Open APIs that are standards-based Web Services
* iFlow integration scenarios for standard integration via solutions SAP Process Integration or SAP Cloud Platform
* Reporting, dashboards and analytics
* Excel from all results lists, where permissions allow this

SAP Business ByDesign has a native link with MS Excel in order to utilise the power of that solution - so any report that can be created, against any of the data in the solution, can then easily be passed into MS Excel.
End-of-contract process
As a SaaS based offering, Business ByDesign provides full technical support and maintenance of the systems within their data centres. This includes all upgrades (performed on a quarterly cycle), bug fixes etc.
An exit plan will be determined on a case by case basis, with steps and charges discussed and mutually agreed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The HTML5 UI delivers the same functionality look and feel across any browser.

Mobile Apps of SAP Business ByDesign are role-based apps . These mobile apps ensure that your managers, salespeople, project staff and time writers always can work, enter their data and perform important tasks.

The Mobile Apps are available for the following devices: iPhone, iPad, and Android devices.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
As part of the standard UI it's possible to register a service request.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Definition tests etc
What users can and can't do using the API
SAP currently provides 70 integration scenarios with 265 Web Service APIs to enable the standard integration of on-premise, cloud-based, and third-party solutions with SAP Business ByDesign. These services are listed at the following URL along with all associated documentation, and are too numerous to list here -

Sandbox testing is via the customer's test tenant provision, included as standard in the customer agreement with SAP.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
User interface can be corporately branded by an administrator. Role-based authorisations determine the screen layouts, views and access for each user, as defined by an administrator. Fields, screens, components and objects can be extended (standard)and created (bespoke) by a developer using the software development kit (SDK) based on Visual Studio shell. New fields can be created, existing fields can be relabelled and hidden by an administrator or authorised key user. Administrators and/or key user can create data sources, reports, report views and selections based on standard and bespoke business objects. An administrator or a developer can create and amend PDF output documents using a plug-in for Adobe LiveCycle Designer. User interface can be personalised by end users, such as resizing and reordering results columns, saving search queries and setting these as the default query for a particular view. End users may add additional fields to results lists and so on through personalisation, where the fields have been made available by an administrator.


Independence of resources
Combined with virtualisation, decoupling hardware from the operating system and applications, multi-tenancy occurs when many customers are served on one instance. Virtual machines (VMs) share the hardware environment, and one system can accommodate more than 100 tenants.

Using adaptive computing, virtual machines are not shut down to be rescaled or updated, and changes can be made while they are running applications, with minimal downtimes. To enable this, a new VM is prepared and the application is simply “moved” to the new VM. Moving and rescaling VMs dynamically enables resource independence from the demands of other customers using the same service.


Service usage metrics
Metrics types
Service usage metrics are as follows:
* User Subscriptions: Current month and last 6 months
* User Interactions by Day
* User Interactions by Hour
* User Login by IP Address and Performance
* Usage by Screen
* Screen Usage Trend
* Screen Adoption By User
* User Logon Activity
* API Usage Statistics
* SOAP API Usage Statistics
* OData API Usage Statistics
* System Availability: Average Availability by month
* System Availability: Downtime Details (instances)
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data from the solution in a number of ways:

* All results lists in the solution enable the export of the results to XLSX format, where the user authorisations permit this action
* Key business objects such as customers/accounts and opportunities provide the ability to export a summary to PDF format
* Business analytics enable flexible reporting that can be exported to CSV or XML format, or printed (including to file)
* Administrators can export data sets using the in-built migration tools, to XML format
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Webservice (JSON, SOAP, REST)
  • XML
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
System availability SLA is 99.5% system availability during each calendar month for production versions.

Credits are made available 2% of the Monthly Subscription Fees for each 1% below 99.5% System Availability
Approach to resilience
SAP data centres have the following features to ensure continuity of service:
* Redundant additional power network in case of power outage
* Backup batteries and generators
* Redundant additional coolant systems in case of coolant system failure
* Redundant additional internet connection to guarantee connectivity
* Data stored in backup location to save-guard against natural disasters and malicious attacks
Outage reporting
Where there is a service outage, all affected customers will receive email updates from SAP to their nominated IT representative for each of their affected systems.

Details included are the system affected, the date/time of the incident start and when it was resolved, a description of the original issue, details of the root cause, problem resolution and corrective action being taken to prevent repeat occurrences.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.
Access restrictions in management interfaces and support channels
SAP has been audited according to the highest standards – SAS70
and ISAE3402(ISO27001) and holds the relevant accreditations.
All datacentres are manned 24×7, 365 days a year.

A biometrics security system restricts access to authorised personnel, and the datacentres are partitioned so authorised personnel can access only their designated areas.

In the datacentres, business data is stored securely. Users who want to access the business data must authenticate themselves, and their identity has to be verified using identity and access management (IAM).
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
SAP has been audited according to the highest standards – SAS70
and ISAE3402(ISO27001) and holds the relevant accreditations.
All datacentres are manned 24×7, 365 days a year.

A biometrics security system restricts access to authorised personnel, and the datacentres are partitioned so authorised personnel can access only their designated areas.

In the datacentres, business data is stored securely. Users who want to access the business data must authenticate themselves, and their identity has to be verified using identity and access management (IAM).

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Quality from our customers’ perspective
Every SAP employee has a quality assurance role, whether developing software or providing services and support. We cooperate closely with customers, partners, and suppliers, and regularly monitor our customers’ perception of our quality. Our quality culture is based on employee commitment, and we use innovative methods to support continuous product, process, and service quality improvement.

Our quality management systems
We have a quality management system in place that defines standardized processes for our organizations Global Development, Services, and IT. These globally applicable processes enable our employees to share and apply best practices to improve quality and customer satisfaction.

Third-party certification bodies provide independent confirmation that SAP meets the requirements of international standards. Since 1998 SAP has held an ISO 9001 certificate. We are also certified according to ISO 27001, ISO 22301, and BS 10012. All locations worldwide work according to one common process framework, including data security and privacy regulations. SAP regularly check compliance through internal reviews and audits.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
The SAP Cloud helps companies power value-driven digital experiences.

More than 700 of the world’s leading enterprises, including 50% of the comScore top 100 US web properties, rely on our solutions to build trusted relationships with over 1.4 Billion customers while powering scalable, secure, privacy compliant customer data management.

The management of SAP Cloud has strategically adopted and certified to the ISO27001, ISO27018 and SOC Type2 frameworks, applying best-practice security to business processes.

SAP is a world leader in enterprise applications in terms of software and software-related service revenue. Based on market capitalization, SAP is the world’s third-largest independent software manufacturer.
PCI certification
Who accredited the PCI DSS certification
PCI Security Standard Council
PCI DSS accreditation date
What the PCI DSS doesn’t cover
The SAP digital payments add-on has obtained the Payment Card Industry Attestation of Compliance. This attestation confirms compliance with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2. You can find the PCI Attestation of Compliance in the SAP Cloud Trust CenterInformation published on SAP site by entering SAP digital payments add-on under Compliance Compliance Finder.

The SAP digital payments add-on is designed in such a way that neither the add-on itself nor the consumer application that is connected to it, such as SAP S/4HANA Cloud, stores or even processes credit card numbers. The SAP digital payments add-on solution uses PCI DSS-certified external partners (known as payment service providers or PSPs), which process and store the original card data. The PSPs replace the credit card number with a token. The token is the only identification that is processed and stored in the SAP software.
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • ISO/IEC 9001
  • ISO/IEC 22391
  • BS10012.17
  • SOC 1
  • SOC 2
  • SOC 3
  • Good Practice Quality Guidelines and Regulations (GxP)
  • Cloud Computing Compliance Controls Catalogue (C5)
  • Trusted Information Security Assessment Exchange (TISAX)
  • Statement of Applicability (SoA)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
CSA CCM version 3.0
Information security policies and processes
All SAP security policies are strictly aligned to ISO27001 Standards.

Orchard House Solutions Consultants access our BYD customers' systems via secure https connections that require a unique user ID and password.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We align our change management processes to the customer's requirements.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability checks are made constantly and any issues that are identified are eliminated immediately with the greatest priority.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
SAP Data Centre have a Network Operations centre which continuously monitor their networks and communication lines. SAP has constant monitoring running millions of tests per month.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
SAP and OHS both align to ITIL incident management processes.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

1. All of our services support organisations in the quest to deliver a carbon neutral existence by promoting removal of unnecessary infrastructure, remote working and a flexible working environment. Our services are digital with a default paperless principle. As a company, we only run electric vehicles and have chosen from creation to be a work from home environment. Our only major supplier (SAP) is actively pursuing intention to become carbon-neutral in its own operations by the end of 2023
2. Since 2017, SAP has also been pursuing a science-based climate target certified by the Science Based Targets initiative (SBTi) to make its own contribution to limiting global warming to 1.5°C above preindustrial levels. While its zero-carbon goal applies chiefly to its own operations, SAP’s science-based climate target also encompasses the upstream and downstream value chain. SAP has been using 100% renewable energy to power all of its data centers since 2014. Thanks to its green cloud, SAP can offer customers cloud solutions that are carbon-neutral.
3. SAP supports the Sustainable Development Goals set in 2015 by the United Nations General Assembly, focusing particularly on goal 13, Climate Action. Here, SAP’s greatest strength lies in its ability to help its more than 400,000 customers worldwide implement climate protection measures through offerings such as the Climate 21 program.
Covid-19 recovery

Covid-19 recovery

Orchard house and our services promote organisations in their digital revolution and this includes supporting organisations in their recovery from the COVID19 pandemic by enabling remote working, remote implementation, remote support and training of business operations. The result of these services supports organisations in a more agile workplace ensuring flexible working arrangements can be fully supported in a post pandemic world.
Tackling economic inequality

Tackling economic inequality

Using our services we enable organisations to support employment of people in different regions and be supported in their jobs. We offer training and support via several mediums to ensure that no recipient isn't catered for. Orchard House is engaged in the development of young people via our Apprenticeship scheme and partnership with Nottingham University supporting the first opportunities for graduates leaving education. The result of this is all of our team has the opportunity to achieve vocational, industry specific and professional qualifications ensuring they are able to progress throughout their career with Orchard House or elsewhere.
Equal opportunity

Equal opportunity

As an organisation we recognise the difference in everyone and support all candidates and employees to fulfil their potential. All employees are supported in training appropriate to their needs through the provision of self paced training and certifications. Our services enable organisations to meet the needs of all employees. As a cloud provider we encourage a flexible employment engagement ensuring that employees can operate flexibly around their needs such as flexible hours, flexible locations etc. All our training materials are self paced and supported by our team ensuring that users are able to realise and be recognised for their potential.


Orchard House places high importance on the health and wellbeing of it's employees, partners, suppliers, customers and communities. Our employees automatically qualify for private healthcare which includes not only the provisions should medical treatment be needed, but also incentives and benefits for maintaining a healthy lifestyle. In addition our core cover provides entitlement for talking therapies to assist with mental health. The incentives and benefits include discounted gym membership, cashback on healthy food, complimentary cinema tickets and coffee, Apple Watch at discounted rate. We encourage our team to participate in a healthy lifestyle encouraging and supporting our team to carry out activities such as walking to school, walking the dog, taking regular breaks from there work station etc.


£16,000 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
Free 30-day trial of SAP Business ByDesign where OHS will provide you with a first-hand look at:
The simple and intuitive interface
Capabilities including finance, sales and project management
Role-based views to experience the solution as a CEO or CFO
Easy workflows designed to connect every function of your business

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.