Ion Industries Ltd

Sage Intacct

ION provides Sage Intacct - a true cloud financial management software that empowers organisations with real-time data, automation, and insights. With auto consolidation, multi entity management and multi dimensional reporting at its core it also helps to streamline accounting processes, control spend, and enable data-driven decisions.

Features

• True cloud accounting that helps organisations control costs
• Automates manual tasks and processes to drive efficiencies
• Real-time financial reporting to aid informed decision making
• Seamless centralisation of operations and automatic consolidation
• Custom dashboards for at-a-glance, drillable insights
• Add new entities quickly without additional implementation costs
• Ideal for education, with pre-built ESFA reports
• Automated AAR returns and DfE Chart of Accounts
• Customisable purchase workflows
• Custom reports at the click of a button

Benefits

• Greater role specific visibility on budgets and spending
• High quality financial insights at the click of a button
• Reduces time spent on manual tasks and data processing
• Less risk of manual error
• Audit-ready automated processes
• Cloud updates secure long-term value
• Control costs, drive efficiencies and gain quality insights

£16,980 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rob@ionhq.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

682743054012422

Contact

Rob Mathieson
0191 466 1231
rob@ionhq.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Sage Intacct service adheres to quarterly release schedules for planned maintenance completion. These schedules are announced in advance and are scheduled for Friday evenings outside of regular hours to minimise any impact on users of the service.
• System requirements: An internet connection and supported browser (Chrome, Edge, Firefox, Safari)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Support Desk is open Monday - Friday 9am - 5pm.; ; P1 - Urgent, response time 2 hours and fix time is 13 hours.; P2 - High, response time is 2 hours and fix time is 20 hours, 30 minutes; P3 - Medium, response time is 2 hours, fix time is when resource is available; P4 - Low, response time is 2 hours, fix time is when resource is available; ; In 2023, our average response time is 31 minutes.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: ION provides comprehensive support at an extra cost. With our support packages, clients gain access to a dedicated support manager who provides assistance via phone, chat, and onsite visits at additional costs. ; ; In terms of service levels achieved in 2023, ION exceeded our targets of 80% and finished on 99.7%. ; ; The support services package includes four priority levels: P1 (Urgent), P2 (High), P3 (Medium), and P4 (Low), each with specific response and fix times outlined. ; ; For instance, urgent incidents categorised as P1 require a response time of 2 hours and a fix time of 13 hours, aiming for an 80% resolution rate within the target timeframe.; ; High-priority incidents, categorised as P2, also have a 2-hour response time but allow 20 hours and 30 minutes for resolution. ; ; Medium and low priority incidents, categorised as P3 and P4 respectively, have fix times dependent on backlog prioritisation. ; ; Our comprehensive SLA ensures that clients receive timely and efficient support tailored to the urgency and impact of their issues, reinforcing ION's commitment to maintaining high service standards.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: ION provide a robust end to end implementation service including comprehensive role-based training tailored to our clients’ needs that can be delivered onsite as well as remotely in line with the needs of the organisation. ; ; As part of our training offering, we supply an array of supplementary resources such as dedicated knowledge bases and interactive workbooks that are available 24/7. Throughout the implementation phase, users will also benefit from a dedicated testing and training implementation copy of Sage Intacct.; ; Our blended methodology seamlessly integrates project management, consulting, and quality assurance, employing a systematic approach that identifies key milestones, quality gates, and training needs. ; ; Collaboratively, we create bespoke project plans, manage risks, and align expectations. In the Discovery phase, we define project scope, mitigate risks, and establish data migration approaches. Implementation includes setup and quality assurance. Training and UAT phases prepare users for system acceptance through a blend of onsite and online training sessions. Deployment moves the solution to production, followed by data migration. Finally, the Go Live phase marks formal handover and support in system operation. ; ; Throughout, ION provides tailored support to ensure a smooth transition and confident system utilisation.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Excel
• End-of-contract data extraction: ION adheres to all relevant guidelines and legislation such as GDPR and ICO during the extraction of data. ; ; As such, at the end of the contracts, we allow users to extract data via excel and csv file types. ; ; Archive read-only licenses are also available to users if there is a desire to keep the data on the system. Again, for this, nominal charges apply. All of this information is provided in an SLA at the beginning of contracted services, which is agreed upon by the client and is available to view on the Sage website at: https://www.sageintacct.com/customer-terms-uki/sla.; ; Additionally, Customer Data may be exported at any time. Sage will not delete Customer Data from the production environment for up to 90 days after termination or expiration of the Agreement and may assist you with exporting Customer Data during such period at our standard hourly consulting rate. ; ; After that 90-day period, Sage will have the right to delete all Customer Data and will have no further obligation to make it available to you.
• End-of-contract process: Once you have given notice to terminate your contract you will have up to 90 days to retrieve your data from the system. This can be exported from the solution in its original format, such as CSV or Excel, with a simple click-and-download function.; ; At the end of your contract, customers would have the opportunity to pay for a read-only license giving them access to their data for a 2 year period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service allows you to use Sage Intacct on the go, allowing you to manage financial tasks from anywhere. The optimised web pages that prioritise specific tasks, such as approvals and dashboards all look and feel the same as if you were using the web based version.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Sage Intacct offers robust integration capabilities through its API, empowering developers to create custom integrations tailored to specific business requirements. ; ; The open API supports complex business processes, enabling seamless data extraction and processing. The API is built into the system, ensuring stability, security, and reliability, with Software Development Kits (SDKs) and resource whitelisting, facilitating secure integrations.; ; Setting up the service through the API involves authentication with appropriate credentials, configuring the API endpoint URL, and making HTTP requests to interact with Sage Intacct objects. Users can create, update, query, and delete records using the API functions.; ; However, there are limitations to consider, such as concurrent connection limits per tenant, rate limits to avoid throttling, and field limitations for optimal performance. Sage Intacct's API utilises structured XML-RPC format, adhering to industry standards.; ; API Documentation is available upon request.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Sage Intacct offers customisation options that can be configured by the user or ION to adapt the software to specific business requirements:; ; Custom Fields: Users can add fields to standard objects like Customer, Vendor, and GL Account to capture unique data.; ; Custom List Views and Page Layouts: Tailor how data appears in list views and page layouts for easier navigation and analysis.; ; Smart Links: Create shortcuts to frequently accessed records or pages.; ; Smart Events: Automate actions based on predefined conditions, like updating fields when criteria are met. Trigger actions based on specific system events or changes.; ; Smart Rules: Create Smart Rules to perform validation and ensure data integrity. ; ; Customisation via API: With Web Services, you can leverage the cloud storage and advanced business logic of the Sage Intacct SaaS framework while providing your own customer-facing web application.; ; Once integrated, your application can create, update, read, or delete standard or custom objects in a Sage Intacct company (or tenant). Your application interacts with the system through the Web Services gateway using one of the Sage Intacct SDKs or using the underlying XML API framework directly.

Scaling

• Independence of resources: Sage Intacct’s SaaS based architecture enables the flexibility and scalability to support peak user usage without negatively impacting performance, combined with the computing power of AWS (Amazon Web Services). This is a comprehensive, ever evolving cloud computing platform, provided by Amazon, which gives Sage control of how traffic flows within the service. This is facilitated by an enterprise level agreement between Sage and AWS.

Analytics

• Service usage metrics: Yes
• Metrics types: User Activity and Audit Trails monitor user engagement within the system, covering logins, sessions, and actions like transaction creation, editing, or deletion.; ; Sage Intacct offers insights into system uptime, response time, and overall performance to ensure optimal software operation via a service status page.; ; Transaction Volumes quantifies the number of transactions processed, encompassing invoices, payments, journal entries, etc.; ; Data Storage measures the data volume stored in the system, including company information, transaction records, and attachments.; ; Depending on industry requirements, Sage Intacct also provides compliance-related metrics like audit trail completeness and adherence to GAAP (Generally Accepted Accounting Principles).
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sage Intacct

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export their data via a simple click and download approach into file outputs such as csv and excel. You are also able to utilise the fully functional API available with Sage Intacct to export your data. Data can be extracted from the exported formats and downloaded in PDF or XML according to users preference.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: All data sent to or from Sage Intacct is encrypted in transit using at least 256-bit encryption. Encryption at rest is ensured using Triple-DES 128-bit or AES-256 block-level storage encryption. All Sage laptops are protected with fulldisk encryption and a suite of end-point protection tools protect the devices from multiple security threats.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All data sent to or from Sage Intacct is encrypted in transit using at least 256-bit encryption. Encryption at rest is ensured using Triple-DES 128-bit or AES-256 block-level storage encryption. All Sage laptops are protected with fulldisk encryption and a suite of end-point protection tools protect the devices from multiple security threats.

Availability and resilience

• Guaranteed availability: ION are resellers of Sage Intacct who provide a 99.8% Guaranteed uptime. Their goal is to ensure Sage Intacct is available to you 24 hours a day, 7 days a week, 365 days a year. Relative to customer data, the SLA is inclusive of both a Restore Point Objective of no more than 4 hours and a Restore Time Objective (RTO) of no more than 24 hours.
• Approach to resilience: AWS uses multiple, resilient, high-bandwidth internet connections in its Data Centres, with access to thousands of global internet peering points. ; ; There are private peering arrangements with key carriers to ensure there is always a range of secure and physically protected paths into facilities to provide redundancy.; ; Amazon CloudWatch provides 24/7 monitoring services to detect and address issues impacting applications. ; ; Sage's goal is to provide 24/7 availability of the Sage Intacct application service, and offer subscription credits for availability below 99.8%. You can receive a credit of 10% of your subscription fees for the month in which the outage event(s) occurred for every percentage point that Service Availability falls below 99.8%. In addition, the availability of the Sage Intacct application service is backed up by a complete disaster recovery program.
• Outage reporting: Sage Intacct shares system availability and incident updates through their status pages and email alerts. Real-time updates, performance data, and incident details are available on the Sage Status Page. Regular maintenance occurs on Fridays from 2:30am - 5:30am. AWS Security Operations Centres globally monitor and manage security for the data centres, including physical access and intrusion detection. They provide 24/7 support to on-site security teams and conduct continuous monitoring activities like tracking access and responding to incidents.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Single login page to support both Sage Intacct login and Single Sign-On login via your identity provider of choice.; ; To use your 2 factor authentication, users select the use single sign-on option in the login page. Selecting this option removes the password field and causes the user to be authenticated by your identity provider.; ; You can set up 2 factor authentication using your existing SSO identity provider if they support the SAML 2.0 protocol for authenticating and authorising users.; ; Sage also provides the option of requiring 2 factor authentication every time a user signs on through an unrecognised device.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A-Lign
• ISO/IEC 27001 accreditation date: 21/02/2022
• What the ISO/IEC 27001 doesn’t cover: This covers all components of Sage Intacct's ISMS.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 18/11/2022
• CSA STAR certification level: Level 4: CSA C-STAR Assessment
• What the CSA STAR doesn’t cover: This covers all components of Sage Intacct's and AWS partnership to support the hosting of Sage Intacct.
• PCI certification: Yes
• Who accredited the PCI DSS certification: A-lign
• PCI DSS accreditation date: 01/04/2024
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27017:2015
  • ISO/IEC 27018:2019
  • ISO/IEC 27701:2019
  • ISO 22301:2019
  • ISO/IEC 20000-1:2018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27001; SOC 2 Type II
• Information security policies and processes: Sage Intacct's security team, comprised of certified (CISSP) professionals, oversees a comprehensive security program encompassing physical and logical aspects. Regularly updated policies, including Acceptable Use, General Security, and Application Security, ensure compliance and protection. The company maintains ISO 27001 certification, defining requirements for information security management systems. Data encryption, Role-Based Access Control (RBAC), and Multi-Factor Authentication enhance data protection. Physical security measures include controlled access to facilities, paper records, and IT systems, with data centers adhering to SOC 2 compliance standards, employing badge access, biometrics, and CCTV. This holistic approach, combined with a Business Continuity Plan and Disaster Recovery Plan, ensures readiness for unexpected events, safeguarding against cyber threats and data breaches.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Sage Intacct offers comprehensive change management services, minimising service disruptions during updates. Sage customers receive software updates, upgrades, and maintenance at no extra cost, which ; provides continuous improvement. Quarterly releases provide enhanced features, with advance notice and sandbox environments for testing. Security features include encryption, CISSP-certified professionals ensuring compliance, and industry-aligned application security measures. Media disposition, system lifecycle management, and business continuity plans bolster security. Sage Intacct prioritises robust change management and security practices, safeguarding service integrity throughout.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Sage Intacct performs quarterly external vulnerability assessments. Sage uses a suite of enterprise security tools for application security testing and vulnerability management, and their Secure Software Development and Technical Vulnerability Management Standards are aligned with industry standards and best practices (e.g. ISO 27001, OWASP) to ensure vulnerabilities are remediated.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Sage has implemented a suite of technical controls to protect against malware and its effects. A layered defence-in-depth approach is used in combination with a programme of user awareness. Employee devices are protected using a suite of enterprise endpoint protection systems managed by the 24/7 Cyber Defence Operations (CDO) team, with real-time monitoring, alerting and reporting. Sage's email systems have appropriately deployed layered technology protection for both inbound and outbound messaging. Sage also regularly conduct education and training programmes to test the effectiveness of our security campaigns, such as testing against malware and phishing attacks.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Protecting customer data is Sage's top priority, with suspected security incidents escalated as Priority 1. A board-approved Incident Management Policy enables swift escalation to the Crisis Management team. Sage employs a 24/7 Security Incident Response Team alongside AWS's team to manage incidents, adhering to ISO 27001:2013. Incident response includes reporting, assessment, containment, and resolution within 48 hours, with corrective actions documented and audited annually. All stakeholders and affected customers are promptly informed. Sage's globally approved Incident, Emergency, and Crisis Management Policy governs data breach management, with legal expertise mobilized as needed and timely notification to regulatory bodies like the ICO.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At ION, we are committed to driving positive social impact through every aspect of our operations. As stewards of technology, we recognise our responsibility to advocate for sustainable practices and combat climate change. Through our dedication to reselling software licenses and providing implementation and support services, we prioritise solutions that empower businesses to operate efficiently while minimising their environmental footprint. Our managed office is a testament to our commitment, as we continually strive to reduce carbon emissions and promote eco-friendly practices such as recycling and aiming for a 100% paperless office. Together, we are not just selling software – we are shaping a greener, more sustainable future for generations to come.

  Equal opportunity

  ION is dedicated to fostering equality and diversity within its workforce and eradicating unlawful discrimination. Our goal is to ensure that our employees represent all facets of society and our customer base, fostering an environment where each individual feels valued and empowered to perform at their best. We are committed to non-discriminatory practices across all aspects of our operations, including the provision of goods, services, and facilities to customers and the public. Our policy aims to: Ensure equality, fairness, and respect for all employees, regardless of their employment status or protected characteristics under the Equality Act 2010. Oppose and prevent all forms of unlawful discrimination, including in areas such as employment terms, grievance handling, dismissal procedures, and training opportunities. Promote equality and diversity as fundamental principles of good business practice, creating a workplace that is free from bullying, harassment, victimisation, and discrimination. Provide comprehensive training to managers and staff on their rights and responsibilities under the equality policy, emphasizing the importance of maintaining a respectful and inclusive workplace. Take complaints of bullying, harassment, victimisation, and discrimination seriously, addressing them through appropriate grievance and disciplinary procedures. Offer equal opportunities for training, development, and advancement to all employees, based on merit and without bias. Regularly review employment practices to ensure fairness and compliance with the law, while monitoring the composition of the workforce to track progress towards diversity and inclusion goals. Fully support the equality policy at all levels of senior management, with details of grievance and disciplinary procedures available in the staff handbook. Employees retain the right to raise grievances or pursue claims of discrimination through the organisations procedures or employment tribunals, without fear of retaliation.

  Wellbeing

  At ION, our people are our biggest asset. As well as being highly experienced and knowledgeable, we work to five key values that we believe enrich the ION experience, ensuring you have a dedicated and engaged team to work with. Strive – We strive for originality, fresh ideas, creativity, and a proactive approach. Purpose – We have clear strategic goals and focus our time and efforts on realising them. Accountability – We value ownership, acknowledging mistakes and seeing things through. Relationships – Great relationships drive businesses forward. Knowledge – Knowledge is power. Sharing knowledge is the key to unlocking that power.

Pricing

• Price: £16,980 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to a 2-week free trial of Sage Intacct, including a full system instance and a dedicated Sales Consultant for guidance. A sandbox and training materials facilitate navigation and understanding of the system's features.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rob@ionhq.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.