Deloitte LLP

Zoho SaaS Application Solutions and Support

Zoho: a SaaS suite of 50+ highly configurable applications that support business activities.

Deloitte: Zoho implementers, offering clients a unique proposition – innovative, flexible technology underpinned by 15+ years of software delivery expertise and deep industry knowledge. Configuring applications to meet clients requirements, train users and provide best-in-class support.

Features

• Real-time advanced analytics with reporting, imports, exports, dashboards and visualisation
• Sales, customer/supplier/partner/employee management, surveying, outreach and marketing applications
• HR, people and recruitment applications and employee management tools
• Finance management, invoicing, billing, payments and subscription management
• Asset, item, inventory, knowledge, request, complaints and claims management
• Document and information storage, sharing, database management
• Enhanced workflow, case management, automation and process management
• Configurable and easy to use drag-and-drop tailoring of applications
• APIs, development areas and low-code bespoke application builder
• Project, task, scheduling, software and programme management applications

Benefits

• A highly configurable modular suite of SaaS business applications
• Out-of-the-box integration between Zoho and third party apps, APIs
• Simple and quick to implement with fast delivery timelines
• Deloitte can build the applications to meet bespoke requirements
• Built-in automation which drives process efficiencies and saves time
• Innovative business solutions underpinned by Deloitte's solution expertise
• Self-serve so clients can make changes themselves
• Low-cost licensing which includes cloud hosting
• Scalable meaning ease of roll-out across business areas
• Flexible and modular, any number of applications can be implemented

£10 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

694904918621210

Contact

Donna Farrell
0207 303 0913
publicsectorbidteam@deloitte.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Zoho have planned maintenance and mostly the services would be accessible. The planned maintenance will be communicated to the users via flyers, and in-app banners. There are no specific hardware requirements since it is a cloud service.
• System requirements:
  • Windows / Linux / Mac OS X
  • Safari 13
  • Google Chrome 73
  • Mozilla Firefox 69
  • Edge 79
  • Opera 60
  • Install Acrobat reader & Spreadsheet viewer (optional)
  • Necessary to use browsers, APIs, and Plugins support TLS v1.2

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We provide standard levels of service which are detailed below, and clients have the opportunity to request enhanced service levels and further SLAs if required. All incidents will be acknowledged by our teams within 2 hours. We aim for 100% availability of service, and the Zoho solution has 99.9% uptime with real time availability published live. We typically use the following definitions for assigning severity to incidents, however enhanced SLAs can be provided.; ; Critical incident resolution: 2 days.; Major incident resolution: 3 days.; Moderate incident resolution: 10 days.; Major incident resolution: 3 days.; Cosmetic incident resolution: 30 days.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Deloitte have a dedicated Service Management team compromised of technical and service delivery professionals. We typically provide support to you require at the following levels:; ; Level 0: We provide end-to-end management of all incidents, through to client confirmed resolution, in adherence to all service level objectives. All issues are logged via our online ServiceNow portal, giving visibility of incident status, with detailed weekly reporting providing an overview of the performance of the service.; ; Level 1: Incident triage and resolution of any configuration issues. Incident diagnosis for technical issues and the application of restorative fixes. The team uses a range of tools and techniques, appropriate to the technology solution, to provide rapid response to client-impacting issues and expedite return to service.; ; Level 2: Detailed incident analysis for complex or multi-faceted incidents.; ; Level 3 Support: Development and testing of fixes required for resolution of incidents relating to a fault (or ‘defect’) in the solution.; ; Our standard support fee is charged as pay-as-you-go, based upon the SFIA rate cards. Alternative set fee support models can be provided if preferred.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our experienced delivery teams supports clients through agile implementation of new solutions and our delivery model makes us a flexible and scalable Partner to work with. During an engagement we always have a focus on continuous improvement and process optimisation, meaning the solution we deliver works for our clients, rather than the teams having to work around a new technology.; ; Deloitte provide training, at an extra cost, for users and SME's of the tool on the clients side to enable them to use the tool efficiently and reduce the reliance on Deloitte for changes to the system.; ; Documentation will be handed over including but not limited to user guides, support models, product specifications and training materials.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Excel
  • Powerpoint
  • Visio
  • Project Management Tools
• End-of-contract data extraction: There are multiple ways for users to extract data on the platform. The method used to extract would depend on the application which is in use. Extracts can be made in .csv format for most applications, as well as PDF and other formats. Deloitte can support with data extraction and handover.
• End-of-contract process: As standard, contracts will be costed to include implementation, licencing and support for the period of the contract. During the contract, any change request raised to the system outside the standard support fee would be chargeable. At the end of the contract, we would offer the option to support decommissioning activity at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Browser based applications are available on mobile devices, the screens render as required.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Zoho is a SaaS provider with over 50 applications that are used to manage activities across different parts of a business. It is a robust solution designed to build a strong foundation for a business function. ; ; More information about each application is available online; ; e.g. Zoho One Applications/Integration: https://www.zoho.com/one/applications/web.html
• Accessibility standards: None or don’t know
• Description of accessibility: Zoho's teams are working towards the implementation of WCAG (Web Content Accessibility Guidelines) and currently deliver several of the requirements but are yet to verify it.
• Accessibility testing: Zoho's teams are working towards the implementation of WCAG (Web Content Accessibility Guidelines) and currently deliver several of the requirements but are yet to verify it.
• API: Yes
• What users can and can't do using the API: Users are able to integrate with many different apps through Zoho using REST API's, the list of each applications API documentation can be found here: https://www.zoho.com/developer/rest-api.html; ; Users can also seamlessly integrate applications by using Webhooks. A Webhook is a type of API that facilitates the communication between applications by sending instant web notifications to and from each application. The list of applications that can use Webhooks with Zoho is growing. More information surrounding Webhooks can be found here: https://help.zoho.com/portal/en/kb/crm/automate-business-processes/actions/articles/webhooks-workflow#Scenarios; ; Zoho's applications can also be interacted with through automated import/export of data.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Zoho offers a suite of 50+ configurable applications that can be tailored to all business needs. The applications come with pre-built templates to cover a variety of requirements. Once implemented, users can make many system changes themselves without reliance on Deloitte for Change Requests (CRs). ; ; To allow users to make these changes, we deliver training in both classroom-based and in remote environments. Our training is formed of 2 key parts: (1) user training to enable the end users of the tool to gain a solid understanding of the features and functionality, and how to use them. (2) SME training for team members who will have configuration access to the tool with the ability to make system changes. ; ; This training will allow users with the correct permission levels to complete updates, including but not limited to, creating custom modules, update workflow, add/edit data fields, amending user permissions, driving automation, creating reports, and more.

Scaling

• Independence of resources: Zoho uses a scalable SaaS based infrastructure that will increase or decrease resources as required.

Analytics

• Service usage metrics: Yes
• Metrics types: In the background, Zoho tracks and collects Zoho usage metrics. A range of the applications provide reports that understand how the service provided is being used.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Zoho Corp.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. Keys are owned and maintained using an in-house Key Management Service (KMS). Additional layers of security are provided by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users of the Zoho platform will be able to extract data in various formats such as raw data reports and analytical dashboards. This can be done easily via the user interface. The formats that are exportable for most applications are detailed in the next section.; ; Automated extraction is also available in some applications. APIs are available for system-system exporting.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLS
  • HTML
  • Image
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • VCF
  • From other database feeds

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Zoho guarantees all of its users a monthly uptime of 99.9% (excluding the downtime caused by scheduled maintenance and planned updates which will be communicated well in advance).
• Approach to resilience: Zoho have a business continuity plan for our major operations such as support and infrastructure management. For redundancy, Data in primary Data Center (DC) is replicated in the secondary. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimum or no loss of time.
• Outage reporting: Users are able to visit https://status.zoho.com/ which displays the live state of Zoho applications; ; Users are also notified from notifications in each individual application

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Username or password with 2 factor authentication.; ; Roles and Profiles are assigned to each user to restrict what the user can see/actions they can perform.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-Assessment
• PCI DSS accreditation date: July 2018
• What the PCI DSS doesn’t cover: Zoho, being PCI compliant, consistently adheres to a set of guidelines set forth by companies that issue credit cards, for the following applications:; ; Zoho Books,; Zoho Invoice,; Zoho Inventory,; Zoho Subscriptions,; Zoho Expense,; Zoho Checkout
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27017
  • ISO/IEC 27018
  • SOC 2
  • ISO 9001:2015
  • ISO/IEC 27701:2019
  • SOC 2 + HIPAA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Zoho are ISO 27001, ISO 27017 and ISO 27018 certified. Zoho is also SOC 2 Type II compliant in Security, Confidentiality, Processing Integrity , Availability, and Privacy. These ISO and SOC audits are conducted annually, covers all the important and essential controls.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the service go through in depth testing to ensure that there is no regression on the service. A managed release process is followed for production releases
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Zoho have a vulnerability management process that scans for security threats using a combination of certified third-party scanning and in-house tools, with automated and manual penetration testing efforts. Furthermore, their security team actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis to spot security incidents that might affect the company’s infrastructure. Once they identify a vulnerability requiring remediation, it is logged, prioritized according to the severity, and assigned to an owner. Zoho further identify the associated risks and track the vulnerability until it is closed by either patching the vulnerable systems or applying relevant controls.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Zoho monitor and analyse information gathered from services, internal traffic in networks, and usage of devices and terminals. Zoho record this information in the form of logs. These logs are automatically monitored and analyzed to a reasonable extent that helps them identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. ; ; Once Zoho identify a vulnerability requiring remediation, it is logged, prioritized according to the severity, and assigned to an owner. Zoho further identify the associated risks and track the vulnerability until its closed by either patching the vulnerable systems or applying relevant controls.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Zoho have a dedicated incident management team. Zoho notify clients of the incidents in our environment that apply to you, along with suitable actions that you may need to take. Zoho track and close the incidents with appropriate corrective actions. Whenever applicable, Zoho will identify, collect, acquire and provide you with necessary evidence in the form of application and audit logs regarding incidents that apply to clients. Furthermore, Zoho implement controls to prevent recurrence of similar situations.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to integrating the ‘Fighting Climate Change’ theme within the UK Government’s Social Value Model into engagements through our methodologies, how we run projects, how we work in partnership with others and how we think about the future direction of our organisation. Specific action we could take to support a client would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria (MACs) deemed relevant to the contract. We have infrastructure in place to deliver against all five themes. We have dedicated Responsible Business, WorldClimate and Social Value Teams to help build and sustain our policies and partnerships, and social value propositions for our clients. ; ; Our WorldClimate Strategy drives responsible climate/sustainability choices within our business and beyond. Our strategy focuses on four objectives where we can make the biggest impact: Achieving Net Zero by 2030, well ahead of the 2050 timeframe set by the Paris Agreement and underpinned by a carbon reduction target validated by the Science Based Targets initiative (SBTi); Operating Green by designating a senior leader to be responsible for climate in each geography, prioritising discussion of climate change on executive agendas, and embedding climate-smart considerations into decisions on office operations, real estate, and investments; Empowering Individuals by engaging and educating our employees on climate change impacts - decisions about what they consume, use, and buy; and Engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.; Our staff are empowered to undertake volunteering activities (3.5 hours per month) with our climate-related charity partners as social value commitments aligned to both a client’s values and the community impacted by an engagement.
• Covid-19 recovery:

  Covid-19 recovery

  We are committed to integrating the five social value themes within the UK Government’s Social Value Model into engagements through our methodologies, how we run projects, how we work in partnership with others and how we think about the future direction of our organisation. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria (MACs) deemed relevant to the contract. We have infrastructure in place to deliver against all five themes. We have dedicated Responsible Business and Social Value Teams to help build and sustain our policies and partnerships, and social value propositions for our clients. ; 5 Million Futures (5MF), our social impact strategy, aims to help five million people get to where they want to be through access to education and employment. The objective of the strategy is to address economic inequality by overcoming barriers to education and employment, empowering individuals with the skills needed to succeed in today’s economy. Focused on inclusion and equal opportunity, and aligned to the UN’s Sustainable Development Goals, 5MF is part of Deloitte’s Global WorldClass commitment to empower 50 million people by 2030. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. Our strategy also promotes wellbeing. Connecting with over 70 schools, charities, and social enterprises across the UK, 5MF supports a broad range of societal partners, providing pro bono, volunteering and fundraising. Our staff are empowered to undertake volunteering activities (3.5 hours per month) with these partners as social value commitments aligned to a client’s values and the community impacted by an engagement.
• Tackling economic inequality:

  Tackling economic inequality

  We are committed to integrating the five social value themes within the UK Government’s Social Value Model into engagements through our methodologies, how we run projects, how we work in partnership with others and how we think about the future direction of our organisation. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria (MACs) deemed relevant to the contract. We have infrastructure in place to deliver against all five themes. We have dedicated Responsible Business and Social Value Teams to help build and sustain our policies and partnerships, and social value propositions for our clients. ; 5 Million Futures (5MF), our social impact strategy, aims to help five million people get to where they want to be through access to education and employment. The objective of the strategy is to address economic inequality by overcoming barriers to education and employment, empowering individuals with the skills needed to succeed in today’s economy. Focused on inclusion and equal opportunity, and aligned to the UN’s Sustainable Development Goals, 5MF is part of Deloitte’s Global WorldClass commitment to empower 50 million people by 2030. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. Our strategy also promotes wellbeing. Connecting with over 70 schools, charities, and social enterprises across the UK, 5MF supports a broad range of societal partners, providing pro bono, volunteering and fundraising. Our staff are empowered to undertake volunteering activities (3.5 hours per month) with these partners as social value commitments aligned to a client’s values and the community impacted by an engagement.
• Equal opportunity:

  Equal opportunity

  We are committed to integrating the five social value themes within the UK Government’s Social Value Model into engagements through our methodologies, how we run projects, how we work in partnership with others and how we think about the future direction of our organisation. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria (MACs) deemed relevant to the contract. We have infrastructure in place to deliver against all five themes. We have dedicated Responsible Business and Social Value Teams to help build and sustain our policies and partnerships, and social value propositions for our clients. ; 5 Million Futures (5MF), our social impact strategy, aims to help five million people get to where they want to be through access to education and employment. The objective of the strategy is to address economic inequality by overcoming barriers to education and employment, empowering individuals with the skills needed to succeed in today’s economy. Focused on inclusion and equal opportunity, and aligned to the UN’s Sustainable Development Goals, 5MF is part of Deloitte’s Global WorldClass commitment to empower 50 million people by 2030. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. Our strategy also promotes wellbeing. Connecting with over 70 schools, charities, and social enterprises across the UK, 5MF supports a broad range of societal partners, providing pro bono, volunteering and fundraising. Our staff are empowered to undertake volunteering activities (3.5 hours per month) with these partners as social value commitments aligned to a client’s values and the community impacted by an engagement.
• Wellbeing:

  Wellbeing

  We are committed to integrating the five social value themes within the UK Government’s Social Value Model into engagements through our methodologies, how we run projects, how we work in partnership with others and how we think about the future direction of our organisation. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, and the Social Value Model Award Criteria (MACs) deemed relevant to the contract. We have infrastructure in place to deliver against all five themes. We have dedicated Responsible Business and Social Value Teams to help build and sustain our policies and partnerships, and social value propositions for our clients. ; 5 Million Futures (5MF), our social impact strategy, aims to help five million people get to where they want to be through access to education and employment. The objective of the strategy is to address economic inequality by overcoming barriers to education and employment, empowering individuals with the skills needed to succeed in today’s economy. Focused on inclusion and equal opportunity, and aligned to the UN’s Sustainable Development Goals, 5MF is part of Deloitte’s Global WorldClass commitment to empower 50 million people by 2030. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. Our strategy also promotes wellbeing. Connecting with over 70 schools, charities, and social enterprises across the UK, 5MF supports a broad range of societal partners, providing pro bono, volunteering and fundraising. Our staff are empowered to undertake volunteering activities (3.5 hours per month) with these partners as social value commitments aligned to a client’s values and the community impacted by an engagement.

Pricing

• Price: £10 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial versions available online via the Zoho website.
• Link to free trial: https://www.zoho.com/one/signup.html

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.