Skip to main content

Help us improve the Digital Marketplace - send your feedback

Thomson Reuters

Document Management and Contract Automation - HighQ

Given the number of legal documents your in-house team produces and handles every day, it’s critical to have a legal document management system that can introduce consistency and reduce manual work. HighQ can optimise team productivity and streamline legal services by automating the creation of your legal documentation.


  • Securely store documents and easily find what you need.
  • Collaborate on documents and coauthor contracts seamlessly.
  • Create secure workspace to collaborate with all stakeholders.
  • Manage content in wikis, post updates in the blog.
  • Manage group tasks, share group calendars.
  • Create custom workflows and automate documents.
  • Modular for structured data sharing.
  • Access your legal documents from anywhere, anytime.
  • MS Office, Office 365, Outlook and G-Suite integration.
  • Made for Mobile and Desktop - Browser or App Based.


  • Gain complete visibility and control over your documents.
  • Keep documents in sync across your department and team.
  • Introduce consistency and control to your legal documents.
  • Increase productivity by automating creation of legal documentation.
  • Private Cloud - Host your data in the UK.
  • Overcome mailbox sizes - Send a link to a download.
  • Security - Ensure control over information.
  • Audit trail - What's been sent, when and by who.


£85 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 4 2 5 4 7 3 2 6 4 3 1 6 5 5


Thomson Reuters Joanne Fowler
Telephone: 07990563250

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
System requirements
  • Modern Web Browser
  • Windows
  • Android

User support

Email or online ticketing support
Email or online ticketing
Support response times
30 minutes Monday to Friday, 8am to 6pm.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
8am - 6pm Service desk on business days with 24/7 Emergency support.
Support available to third parties

Onboarding and offboarding

Getting started
Training can be delivered remotely or onsite. There is a comprehensive online knowledge base.
Service documentation
Documentation formats
End-of-contract data extraction
All data can be extracted by users with the appropriate permission via the user interface.
End-of-contract process
All client data is deleted as part of the contract. HighQ will decommission the instance in full as part of the base contract. It is the client's responsibility to extract any data they wish to keep prior to the decommissioning process. Secure overwrite is available for an additional charge.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
All features are available on mobile using a responsive design Files can be accessed via the HighQ Drive app for mobile on iOS and Android.
Service interface
User support accessibility
None or don’t know
Description of service interface
HighQ includes access via browsers using secure HTTPS via desktop or mobile device, IOS and Android apps, REST API calls or HighQ Appliance that simplifies some of the more common API calls (e.g. SQL and AD synchronisation).
Accessibility standards
None or don’t know
Description of accessibility
Collaborate is accessible using any of the standard web browsers in conjunction with existing assistive software that supports the user's chosen web browser. The product has alt-text fields for all non-text content and supports the creation of alt-text metadata for non-text data uploaded into the system.
Accessibility testing
What users can and can't do using the API
All the main features are accessible via the API, including the addition and update of users. This is supported with a vibrant developer community to share and learn.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Custom branding can be applied at system and site level including the URL, visual appearance of the whole user interface and system generated emails.


Independence of resources
HighQ provide single tenancy solutions deployed in HighQ's private cloud. The high-performance network architecture is built to be resilient and scalable. Bandwidth is provided across multiple diverse links, which do not depend on any single backbone, ensuring that there is full network connectivity redundancy, even in the event of one of the providers failing.


Service usage metrics
Metrics types
All logins, configuration changes and content accessed is audited by user, data, and IP address.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All files can be exported via the main user interface, and all other content can be exported to Excel and/or PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML feed
  • Excel
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Automated schedule SQL connection via HighQ Appliance
  • API
  • ZIP file (for files)
  • Drag and drop from OSX/ Windows
  • HighQ AI Hub

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% Uptime which would be remunerated via service credits.
Approach to resilience
Each client is hosted on two geographically separate datacentres within the same legal jurisdiction. All UK hosting centres are ISO 22301, and ISO 27031 compliant.
Outage reporting
Email alerts are sent to client organisations upon detecting an outage. Any maintenance works are undertaken during pre-agreed maintenance windows and upgrades take place on a date/time pre-agreed with the client.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Access can also be given via SSO from inside the clients network, using the SAML 2.0 protocol.
Access restrictions in management interfaces and support channels
Application access management is controlled by the client who can grant or revoke administrative privileges within the application to or from users in line with their own organisational policies and procedures. Infrastructure management is performed via secure management servers which are accessible only by VPN using two-factor authentication. Administrators cannot view client data where it is encrypted at rest.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Outsourced development. Protection of test data. Technical review of applications after operating platform changes.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus aligned. CSA STAR - level 1.
Information security policies and processes
Complete ISMS present which is built from ISO 27001 controls. Higher management involved in the process and sign off on policies/procedures. All employees undergo CRB/DBS and qualification checks as part of the recruitment process and sign an Information Security agreement and Acceptable Use Policy along with their employment contract before commencing their responsibilities at HighQ. In the event of a violation, disciplinary action may be taken.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All configuration management and change management is performed using the Agile methodology. Changes are developed and a product iteration is released. Each release is subject to penetration testing.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We regularly perform penetration testing, undertake monthly vulnerability scans, and daily change scans. Patches are normally deployed within 2 weeks, and we receive threat intelligence from third party security vendors, e.g. CiSP, Mitre, and other publicly available sources. We also employ a source code vulnerability tracking system and use automated security assessment tools.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
HighQ employ enterprise logging and SIEM for all systems and perform regular checks upon those logs and events. Incidents are reviewed and classified in terms of impact and criticality. There is a defined security incident management practice (NIST 800-61r2). Depending upon the nature of the incident, the issue is either remediated immediately or mitigations designed into the next release.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Security Incident Management Procedures are built from NIST 800-61r2.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Thomson Reuters is continually striving to improve our environmental impact around the world. In 2020, we adopted the most ambitious aim of the Science Based Targets initiative — a global collaboration to meet the goals of the Paris Agreement by limiting global temperature rise in line with climate science. Our new targets align with worldwide efforts to limit global temperature rise to 1.5°C above preindustrial levels, building upon our previous work of managing and measuring our carbon footprint, identifying reduction opportunities, becoming carbon neutral, and engaging our employees on important climate issues. Additionally, for the first time, we are now using 100% renewable energy for all our global operations and aim to do so in future years. We are working closely with our suppliers to drive lower emissions within our supply chain, helping fulfill the ambitions from our approved Science Based Targets.
Covid-19 recovery

Covid-19 recovery

The COVID-19 pandemic changed the way that we lived and worked. Our incident management team and senior leadership monitored the evolving situation and were vigilant in focusing on the health and well-being of employees. Employees were provided resources from the World Health Organization (WHO), Centres for Disease Control and Prevention (CDC), and local governments and authorities. A work-from-home policy was implemented to help keep employees safe and help stop the spread of the virus. Investment in systems and technology enabled our business to remain fully operational, allowing us to serve our customers at a time when they needed us the most. As the world dealt with unprecedented challenges, our employees thought of creative ways to help their colleagues, businesses, clients, and communities. Through virtual volunteering, providing trusted COVID-19 information, and supporting business with resources, we helped people across the globe.
Small businesses have been disproportionately impacted by COVID-19. Recognising the unique challenges of these smaller and midsized operations — many of which were not only trying to run their day-to-day operations, but also manage rising uncertainty and employee concerns — Thomson Reuters quickly developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigate this difficult period. Packed with authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center has been a critical information hub for those who need it most.
Tackling economic inequality

Tackling economic inequality

In support of diverse and minority-owned small businesses, Thomson Reuters has partnered with CVM, a company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.
Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business.
We have also adjusted our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender.
Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.
We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.
Equal opportunity

Equal opportunity

Thomson Reuters promotes equal employment and provides reasonable accommodations for qualified individuals. We are committed to complying with applicable laws, rules and regulations governing non-discrimination wherever we do business and providing equal employment opportunities with regard to hiring, compensation, promotion, classification, training, apprenticeship, referral for employment and other terms of employment for all persons. We also make reasonable accommodations for qualified individuals with disabilities and for colleagues with sincerely held religious beliefs.
In 2020, Thomson Reuters set a new goal to increase overall racial and ethnic diversity in our senior leadership levels (director and above) to 18% by the end of 2021 and 20% or more by the end of 2022. We also have a goal within our racial and ethnically diverse leadership to double the number of Black employees in senior leadership levels to 60 or more by the end of 2022. Another component of our diversity and inclusion approach is identification, development, and advancement of women globally for leadership positions. We also have a goal to increase the overall representation of women in senior leadership positions by 40% by the end of 2021 and 45% by the end of 2022. To bring all of these goals to life, we are focusing hard on metrics and accountability to meet the current and forward-looking needs of our organisation and customers.
At the conclusion of 2020 across our senior leadership roles, we had 36% representation of women, 14.5% racial and ethnic representation, and 32% Black talent. The key to achieving these goals is our focus on driving further inclusivity, growing a strong pipeline of diverse talent, providing equitable access to opportunity, and being intentional in removing bias in our workplace.


The past two years have had a profound impact on all of us and our company has adjusted to new ways of working. The health and wellbeing of all of our employees is a priority of our leadership and we have put in place several initiatives related to mental, physical, financial and social wellbeing to support them. We recently launched a new “Flex My Way” program, which is a supportive workplace policy that promotes work-life balance and improved flexibility. Policies include flexible and hybrid working, caregiver paid time off, increased bereavement leave and work from anywhere in your country of employment for up to eight weeks per year. Our mental health resources include free access to an employee assistance program, a meditation app, mindfulness discussions, eLearning sessions, two annual Mental Health Days, mental health self-assessments and COVID-19 related resources. We are also signatories to the Mindful Business Charter, which was founded to rehumanize the workplace. Our physical health resources include health risk assessments, nutrition and sleep guides. Financial wellbeing resources include an app to help employees achieve specific financial goals and manage finances, counselling resources, and Thomson Reuters University courses to help employees expand their knowledge. Our social resources include the business resource groups mentioned above, mentoring programs, a digital platform that curates social learning and networking experiences for employees.


£85 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Access to a UAT environment is available for limited time, in order to prove the solution works and is fit for purpose.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.