X3 CONSULTING LTD

Sage X3: Financial Management & Reporting

Sage X3 offers comprehensive financial management capability. Choose from; finance, budget management, project accounting, procurement, fixed assets, dashboard reporting, supply chain, inventory, warehousing and manufacturing. Easy to use, easy to migrate to, secure, cloud based financial management software.

A leading global finance application from the UK's largest software vendor.

Features

• Modern, flexible, extensible, stable and secure application
• Cloud based, robust and scalable: from 4 users and up
• Manage complex contractual relationships across the value chain
• Manage resources and assets, whether staff, sub-contractors, stock or equipment
• Plan and execute across multiple locations on one central system
• Use from any web enabled device
• Inbuilt workflow and automation
• Comprehensive and powerful financial and business data management
• Project, Supply Chain & Quality Management options
• Integrated data analytics and visualisation tools

Benefits

• Maintain regulatory compliance. Meet fiscal and financial reporting requirements
• Optimise employees with secure online availability; anytime, anywhere
• Tailor Sage X3 to business process needs for greater efficiencies
• Rapid deployment. Finance from 40 days+ & Manufacturing 85 days+
• Full purchasing Delegation of Authority to control spending against budget
• Easily automate external data feeds and save time
• Full inter-company transaction management to reduce rekeying.
• Improve customer service (internal and external) through insightful data reporting
• Scan supplier invoices and auto process matching and approval
• Reduce time on tedious tasks by utilising the Workflow automation

£43.50 to £1,625.00 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.tucker@x3consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

643813043141194

Contact

Nick Tucker
03450943885
nick.tucker@x3consulting.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Refer to Service Delivery documentation. The service provision is standardised to ensure comparable performance commensurate to the size of user community consuming it.
• System requirements:
  • Compatible with MAC and Windows operating systems
  • Compatible with most handheld/mobile devices. Check on application for list
  • Internet connectivity required for device access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ticket acknowledgement is automatic via portal. ; ; Priority 1 matters responded to within 15 minutes. ; ; Please refer to the Service Description document for Support SLA details. ; ; UK Standard Business (9-5) hours apply for service availability unless extended hours option acquired (8-6).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Please refer to our Service Description for details on the SLA's for support.; ; All supported customers enjoy the same core service level agreement criteria in relation to priority ticket responses and support.; ; A regular support meeting, including technical resource, is scheduled monthly with each customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our role is to interpret the key finance and business controls and replicate those usually using as much standard solution software as possible whilst offering improvements to the day to day operational effectiveness of the relevant departments.; ; Through business analysis, experience and product knowledge we can guide you to generating an effective financial control platform which will accommodate reduced data entry and provide greater fiscal oversight.; ; Business process scoping is provided (onsite or remote) together with full support through testing, training and deployment to a live environment. A proven delivery process ensures time and budget goals are met.; ; Documentation is available and can be tailored to suit the exact needs of the project. Online help and tutorials are available.; ; Project management is integral to the whole project delivery process along with data migration (where needed), report design, user training, other system integration, hypercare and ongoing application support. ; ; Full system documentation defining standard delivered functionality is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The core financial data is capable of being retrieved using Microsoft SQL query tools to form a SQL backup containing all relevant information relating to the accounting period(s) covered. This can be ported into another Sage X3 application without additional work.; ; Sage X3 application tables are accessible using common reporting tools such as Excel (with the right permissions) for key data retrieval by non-technical users.; ; Depending on the modules in use and any additional "add-on" applications selected the extraction of data may result in more than one dataset being produced.; ; Charges may apply subject to the extent by which the data extract requires to be adapted from the standard. ; ; Note: extracted data will generally require further manipulation to import into an alternative ERP application. No guarantee on data suitability for anything other than Sage X3 is offered.
• End-of-contract process: At renewal a commercial agreement will be put in place to agree the charges applicable going forward. This will be provided in advance of the termination date. If the customer accepts the systems will continue without interruption. If the customer rejects the proposal then the contract will formally terminate.; ; At the end of the contract the user has the option to obtain a SQL copy of the data generated during the lifetime of the contract or renew for a further period of use for continued access/regulatory compliance. ; ; There are no additional costs in providing a SQL copy of the data on completion of the contract, which will be structured as per the application and require the user to either access it using an alternative Sage X3 software or reporting tools like, SQL Management Studio, Excel or other suitable data manipulation tools that can read SQL files.; ; Additional costs will be incurred for the management of the data into a set format at the request of the end user such as for the purposes of import to another ERP application.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screens on the mobile use are simplified versions of the full application. Standard functionality on the full application is present on the mobile app. Natural usability constraints apply given the small size of the mobile screen when reviewing some data or using some functions. Functional capabilities remain as per desktop use in terms of processing transactions and accessing data. Secure remote mobile use is provided as standard, subject to specific customer security requirements.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: API development is normally the purview of the delivery partner until such time as suitable training or knowledge transfer has occurred to the appropriate in-house customer technical resources if that is required. ; ; Publicly available API documentation defines the extent of use for each API relevant to the chosen application. A sandbox environment can be made available as part of the overall deployment if required at additional cost.; ; At https://developer.sage.com/x3 are full details on: -; - File import/export; - SOAP web services; - GraphQL API; - Data Integration API (REST); ; Functions within Sage X3 can be accessed via the various API methods to replicate/extend the core product out into suitable interfaces or to be fed data to process, batch or otherwise.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Throughout the implementation stage, elements of the service can be tailored to suit the specific requirements of the process being mapped. Users with the appropriate training or consultants supplied as part of the implementation delivery can customise all elements of the core Sage X3 application. ; ; It is possible to customise the application post go-live using the inbuilt 4GL development layer within Sage X3 or through the extension of the standard functionality using web services/API integration.; ; Careful consideration is required before embarking on extensive change to protect the Sage X3 application in line with vendor guidance with regard to future updates/patches. ; ; If done properly development using the internal Sage X3 development layer or appropriate API capability will be ring-fenced and protected as part of Sage X3 patch update process reducing risk of problems as patches are applied.

Scaling

• Independence of resources: In Private Cloud: Each installation operates on their own virtual platform with dedicated resources as a service delivery which ensures that the performance modelling relates only to their specific usage. ; ; Each virtual machine has a set of minimum guaranteed throughputs whether they be memory, processor or network speed. These are guaranteed by the underlying infrastructure.; ; The freedom to adjust and scale these resources "on the fly" means that they can quickly be recalibrated for change within the organisation over time.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide information on overall system uptime & performance metrics.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sage UK

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported using SQL tools (where permissions are granted) or using Microsoft Excel where the data can be retrieved in Excel or CSV format.; ; Within Sage X3 listed data can be extracted from the screen to Excel format and downloaded.; ; Using the Sage Enterprise Intelligence suite a direct Excel link can be formed for data pull (following user security permission setup) down from Sage X3 into Microsoft Excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel
  • PDF (where applicable)
• Data import formats:
  • CSV
  • Other
• Other data import formats: Microsoft Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Target availability is 100% within the agreed normal period (typically 7am until 7pm) per calendar month.; ; Minimum Service Level - 99.5%.; If less than 99.5% then Service Level credit against agreed fee structure of 5%.; ; MSL measured using ITSM automated tools.; ; Note service credits if offered relate to the hosting cost elements only, not Sage application charges. ; ; Planned maintenance as part of Sage X3 application management is delivered outside of the normal period. ; ; Emergency planned maintenance which has to be performed within the normal period does not impact the service level guarantee calculation where scheduled/agreed with the business at least 72 hours in advance.
• Approach to resilience: Resilience is provided through multiple redundancy capability which ensures at least 3 redundant components in relation to critical functions. ; ; Datacentre level failover to a second data centre located in a separate geographic location is the ultimate resilience included.; ; Further details are available on request.
• Outage reporting: If outage occurs this is included within customer reporting.; ; Specific individual reporting is available via the managed service.; ; Email alerts can be configured in agreement with the customer subject to notification policies of the customer on recipient emails from 3rd party automated services.; ; Where an outage occurs an escalation plan will be followed to ensure the correct customer recipients are kept informed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Support system access is via a secure server which is managed using single sign on credentials in conjunction with controlled passwords and user names. MFA and VPN controls exist.; ; Interface to the applications is via secure user login with limited administrator level credentials in place. All activity in the application by support is recorded.; ; The secure server layer audits all activities by users.; ; Administrative level access for the platform is via a broken key system with full traceability, monitoring and recording in place.; ; All datacentre access is recorded at both application and platform level.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 14/01/22
• What the ISO/IEC 27001 doesn’t cover: Sage X3 and application related service delivery and application support service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information Security is provided in a series of ways: -; Data at REST encryption, Data encryption whilst in transit. Secure segregation between technical services and functional consultants such that datacentre staff cannot access data. Auto recording of all access in to the Sage X3 datacentre instance of your data with complete traceability on identify who, what, when, why etc in terms of access. Screen recording of all entry points to the functional Sage X3 application. All of this is monitored within the data centre with escalation through a pre-determined set of steps where any unauthorised access is attempted. Weekly review meetings on system compliance take place between all service centres at a senior level to assess any anomalies that didn't give rise to immediate action. Darktrace is deployed as an AI external intruder layer for complete peice of mind. SIEM solutions can be delivered on request but will incur additional pricing once the solution has been designed. Please ask about this when you embark on discussions about Sage X3.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Automated platform software monitors the operating system components. A similar auditing tool maintains a reference between a baseline application setup and periodic change/updates reporting on them as they occur.; ; Application changes are performed in line with vendor guidelines and best practice. Platform changes are in line with NTSC and Cyber Essential guidelines. ; ; Where possible approved/recognised updates are within a 14 days of release and undertaken as part of weekly maintenance updates out of normal hours.; ; A weekly sweep to apply all operating system security and hot fixes occurs automatically as part of system maintenance.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Darktrace intruder detection and anti-virus software are continuously operational across the platform supplied.; ; Operating system level patches are applied weekly and at the very least within 14 days in line with Cyber Essentials/NTSC guidelines as part of out of hours maintenance.; ; Relevant application vendor patches are applied at the earliest point of release in a structured manner. ; ; Threats are assessed based on the CVE or operating system critical status applied publically (websites pertain) and through vendor updates/notifications.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Infrastructure management services are included with proactive system availability and system access monitoring. 24x7 NOC monitoring, 24x7 incident response. 99.5% service availability. Local Customer Services respond during working hours. ; ; Darktrace is provided as standard to monitor for unwanted intruder attempts with AI led conversion of unsolicited/recognised entries to quarantine.; ; Threats are treated as a P1 with a 15 minute response.; ; Sage X3 patching and upgrades are delivered by Sage plc bi-annually for the main Sage X3 application and on demand where network/technical components require CVE release compliance.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed using a web based application to record instances of issues and problems. Standard processes and escalations for common events exist.; ; Users report incidents using the web portal by logging a ticket on the portal.; ; A service level agreement provides for response times and the incidents are managed on a daily basis for review and update. ; ; Reports are provided using a self service ticket portal for authorised support users.; ; Incident reports are provided on completion of all P1 and P2 threat incidents to confirm the threat, mitigation and resolution steps applied.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Cloud based software like Sage X3 inherently reduces the need for staff to travel to a centralised office to perform their day to day activities reducing the carbon footprint of your organisation.; ; The ease with which data can be sourced, reviewed and shared electronically cuts down on the carbon impact of printing information for interpretation and sharing.

  Tackling economic inequality

  Using Sage X3 can noticeably improve the supply chain by supporting innovation throughout the supply chain to deliver via electronic integration a reduction in costs and a drive to higher quality of service through vendor management within the supply chain. Improved collaboration in itself can alter the supply chain relationships for the better as methods of working change and improve from using software which has solid fiscal and financial controls in place designed to help prevent avoidable mistakes such as double raising or processing of purchase orders or invoices respectively.

  Equal opportunity

  By delivering Sage X3 with a visual process map for each function we are able to help progress people into higher paid work by developing new skills relevant to furthering their role by simplifying the use of Sage X3 and enabling users to excel in their day to day activities without having to learn complex menus and options.

Pricing

• Price: £43.50 to £1,625.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.tucker@x3consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.