Thomson Reuters

Document Management and Contract Automation - HighQ

Given the number of legal documents your in-house team produces and handles every day, it’s critical to have a legal document management system that can introduce consistency and reduce manual work. HighQ can optimise team productivity and streamline legal services by automating the creation of your legal documentation.

Features

• Securely store documents and easily find what you need.
• Collaborate on documents and coauthor contracts seamlessly.
• Create secure workspace to collaborate with all stakeholders.
• Manage content in wikis, post updates in the blog.
• Manage group tasks, share group calendars.
• Create custom workflows and automate documents.
• Modular for structured data sharing.
• Access your legal documents from anywhere, anytime.
• MS Office, Office 365, Outlook and G-Suite integration.
• Made for Mobile and Desktop - Browser or App Based.

Benefits

• Gain complete visibility and control over your documents.
• Keep documents in sync across your department and team.
• Introduce consistency and control to your legal documents.
• Increase productivity by automating creation of legal documentation.
• Private Cloud - Host your data in the UK.
• Overcome mailbox sizes - Send a link to a download.
• Security - Ensure control over information.
• Audit trail - What's been sent, when and by who.

£85 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

342547326431655

Contact

Joanne Fowler
07990563250
joanne.fowler@thomsonreuters.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: None.
• System requirements:
  • Modern Web Browser
  • Windows
  • MAC OSX
  • MAC IOS
  • Android

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 minutes Monday to Friday, 8am to 6pm.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 8am - 6pm Service desk on business days with 24/7 Emergency support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training can be delivered remotely or onsite. There is a comprehensive online knowledge base.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data can be extracted by users with the appropriate permission via the user interface.
• End-of-contract process: All client data is deleted as part of the contract. HighQ will decommission the instance in full as part of the base contract. It is the client's responsibility to extract any data they wish to keep prior to the decommissioning process. Secure overwrite is available for an additional charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are available on mobile using a responsive design Files can be accessed via the HighQ Drive app for mobile on iOS and Android.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: HighQ includes access via browsers using secure HTTPS via desktop or mobile device, IOS and Android apps, REST API calls or HighQ Appliance that simplifies some of the more common API calls (e.g. SQL and AD synchronisation).
• Accessibility standards: None or don’t know
• Description of accessibility: Collaborate is accessible using any of the standard web browsers in conjunction with existing assistive software that supports the user's chosen web browser. The product has alt-text fields for all non-text content and supports the creation of alt-text metadata for non-text data uploaded into the system.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: All the main features are accessible via the API, including the addition and update of users. This is supported with a vibrant developer community to share and learn.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Custom branding can be applied at system and site level including the URL, visual appearance of the whole user interface and system generated emails.

Scaling

• Independence of resources: HighQ provide single tenancy solutions deployed in HighQ's private cloud. The high-performance network architecture is built to be resilient and scalable. Bandwidth is provided across multiple diverse links, which do not depend on any single backbone, ensuring that there is full network connectivity redundancy, even in the event of one of the providers failing.

Analytics

• Service usage metrics: Yes
• Metrics types: All logins, configuration changes and content accessed is audited by user, data, and IP address.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All files can be exported via the main user interface, and all other content can be exported to Excel and/or PDF.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XML feed
  • Excel
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • Automated schedule SQL connection via HighQ Appliance
  • API
  • ZIP file (for files)
  • Drag and drop from OSX/ Windows
  • HighQ AI Hub

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% Uptime which would be remunerated via service credits. https://highq.com/gb/terms-and-conditions/service-levels-and-it-security-controls-policy/
• Approach to resilience: Each client is hosted on two geographically separate datacentres within the same legal jurisdiction. All UK hosting centres are ISO 22301, and ISO 27031 compliant.
• Outage reporting: Email alerts are sent to client organisations upon detecting an outage. Any maintenance works are undertaken during pre-agreed maintenance windows and upgrades take place on a date/time pre-agreed with the client.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Access can also be given via SSO from inside the clients network, using the SAML 2.0 protocol.
• Access restrictions in management interfaces and support channels: Application access management is controlled by the client who can grant or revoke administrative privileges within the application to or from users in line with their own organisational policies and procedures. Infrastructure management is performed via secure management servers which are accessible only by VPN using two-factor authentication. Administrators cannot view client data where it is encrypted at rest.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 02/11/2018
• What the ISO/IEC 27001 doesn’t cover: Outsourced development. Protection of test data. Technical review of applications after operating platform changes.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/02/2020
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus aligned. CSA STAR - level 1.
• Information security policies and processes: Complete ISMS present which is built from ISO 27001 controls. Higher management involved in the process and sign off on policies/procedures. All employees undergo CRB/DBS and qualification checks as part of the recruitment process and sign an Information Security agreement and Acceptable Use Policy along with their employment contract before commencing their responsibilities at HighQ. In the event of a violation, disciplinary action may be taken.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All configuration management and change management is performed using the Agile methodology. Changes are developed and a product iteration is released. Each release is subject to penetration testing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We regularly perform penetration testing, undertake monthly vulnerability scans, and daily change scans. Patches are normally deployed within 2 weeks, and we receive threat intelligence from third party security vendors, e.g. CiSP, Mitre, and other publicly available sources. We also employ a source code vulnerability tracking system and use automated security assessment tools.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: HighQ employ enterprise logging and SIEM for all systems and perform regular checks upon those logs and events. Incidents are reviewed and classified in terms of impact and criticality. There is a defined security incident management practice (NIST 800-61r2). Depending upon the nature of the incident, the issue is either remediated immediately or mitigations designed into the next release.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security Incident Management Procedures are built from NIST 800-61r2.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Thomson Reuters is continually striving to improve our environmental impact around the world. In 2020, we adopted the most ambitious aim of the Science Based Targets initiative — a global collaboration to meet the goals of the Paris Agreement by limiting global temperature rise in line with climate science. Our new targets align with worldwide efforts to limit global temperature rise to 1.5°C above preindustrial levels, building upon our previous work of managing and measuring our carbon footprint, identifying reduction opportunities, becoming carbon neutral, and engaging our employees on important climate issues. Additionally, for the first time, we are now using 100% renewable energy for all our global operations and aim to do so in future years. We are working closely with our suppliers to drive lower emissions within our supply chain, helping fulfill the ambitions from our approved Science Based Targets.
• Covid-19 recovery:

  Covid-19 recovery

  The COVID-19 pandemic changed the way that we lived and worked. Our incident management team and senior leadership monitored the evolving situation and were vigilant in focusing on the health and well-being of employees. Employees were provided resources from the World Health Organization (WHO), Centres for Disease Control and Prevention (CDC), and local governments and authorities. A work-from-home policy was implemented to help keep employees safe and help stop the spread of the virus. Investment in systems and technology enabled our business to remain fully operational, allowing us to serve our customers at a time when they needed us the most. As the world dealt with unprecedented challenges, our employees thought of creative ways to help their colleagues, businesses, clients, and communities. Through virtual volunteering, providing trusted COVID-19 information, and supporting business with resources, we helped people across the globe.; Small businesses have been disproportionately impacted by COVID-19. Recognising the unique challenges of these smaller and midsized operations — many of which were not only trying to run their day-to-day operations, but also manage rising uncertainty and employee concerns — Thomson Reuters quickly developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigate this difficult period. Packed with authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center has been a critical information hub for those who need it most.
• Tackling economic inequality:

  Tackling economic inequality

  In support of diverse and minority-owned small businesses, Thomson Reuters has partnered with CVM, a supplier.io company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.; Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business. ; We have also adjusted our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender. ; Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.; We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.
• Equal opportunity:

  Equal opportunity

  Thomson Reuters promotes equal employment and provides reasonable accommodations for qualified individuals. We are committed to complying with applicable laws, rules and regulations governing non-discrimination wherever we do business and providing equal employment opportunities with regard to hiring, compensation, promotion, classification, training, apprenticeship, referral for employment and other terms of employment for all persons. We also make reasonable accommodations for qualified individuals with disabilities and for colleagues with sincerely held religious beliefs. ; In 2020, Thomson Reuters set a new goal to increase overall racial and ethnic diversity in our senior leadership levels (director and above) to 18% by the end of 2021 and 20% or more by the end of 2022. We also have a goal within our racial and ethnically diverse leadership to double the number of Black employees in senior leadership levels to 60 or more by the end of 2022. Another component of our diversity and inclusion approach is identification, development, and advancement of women globally for leadership positions. We also have a goal to increase the overall representation of women in senior leadership positions by 40% by the end of 2021 and 45% by the end of 2022. To bring all of these goals to life, we are focusing hard on metrics and accountability to meet the current and forward-looking needs of our organisation and customers. ; At the conclusion of 2020 across our senior leadership roles, we had 36% representation of women, 14.5% racial and ethnic representation, and 32% Black talent. The key to achieving these goals is our focus on driving further inclusivity, growing a strong pipeline of diverse talent, providing equitable access to opportunity, and being intentional in removing bias in our workplace.
• Wellbeing:

  Wellbeing

  The past two years have had a profound impact on all of us and our company has adjusted to new ways of working. The health and wellbeing of all of our employees is a priority of our leadership and we have put in place several initiatives related to mental, physical, financial and social wellbeing to support them. We recently launched a new “Flex My Way” program, which is a supportive workplace policy that promotes work-life balance and improved flexibility. Policies include flexible and hybrid working, caregiver paid time off, increased bereavement leave and work from anywhere in your country of employment for up to eight weeks per year. Our mental health resources include free access to an employee assistance program, a meditation app, mindfulness discussions, eLearning sessions, two annual Mental Health Days, mental health self-assessments and COVID-19 related resources. We are also signatories to the Mindful Business Charter, which was founded to rehumanize the workplace. Our physical health resources include health risk assessments, nutrition and sleep guides. Financial wellbeing resources include an app to help employees achieve specific financial goals and manage finances, counselling resources, and Thomson Reuters University courses to help employees expand their knowledge. Our social resources include the business resource groups mentioned above, mentoring programs, a digital platform that curates social learning and networking experiences for employees.

Pricing

• Price: £85 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to a UAT environment is available for limited time, in order to prove the solution works and is fit for purpose.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.