Anexsys Ltd

Sightline

Sightline provides intuitive support for case teams performing eDisclosure (eDiscovery) for investigations, public inquiries, inquests, dispute resolution, tribunals, DSARs, and FOIA requests. Using the latest tools, cull more, prioritise better, and review faster at lower cost, all supported by our in-house team of development and legal process experts.

Features

• Intuitive document review interface
• Flexible hosting options to meet your unique needs
• Supports advanced analytics and traditional data reduction techniques
• Complete control of where your data is stored and processed
• Flexible and customisable workflows and integrations to support review needs
• Fully supported managed service
• Self-service collections and processing across all Microsoft platforms
• Productions and disclosures adapted to your needs and practice directions
• Customisable AI-enhanced solutions that navigate complex investigations while increasing efficiency
• Multiple languages supported at processing and review stages

Benefits

• Access to digital forensic experts (data collection to witness reporting)
• Expert project management and technical support on demand
• Expert advice on document processing and data reduction techniques
• Analytics features provided at no extra cost to optimise reviews
• Review efficiency savings of 20% from our proprietary platform enhancements
• Access to bespoke solutions from our UK in-house software team
• Customer self-sufficiency achieved through Anexsys training plans
• No charge for sub-15-minute tasks, typically saving 15% fees
• Highest degree of customisation and greatest control of data locations.
• Dedicated Client Success Managers support you to maximise your investment

£40 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@anexsys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

371718167927205

Contact

Rob Crowley
020 3217 0300
tenders@anexsys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: The service does not have any constraints.
• System requirements:
  • At least 2GB of RAM and 4GB for optimum performance
  • Any currently supported Windows OS running Google Chrome (preferred)
  • Any currently supported Windows OS running Microsoft Edge
  • Any currently supported Mac OS X supporting Chrome
  • While not supported, many users use Safari and Firefox successfully
  • While not supported, many users use Chrome for tablet successfully
  • Browser must accept cookies for dual-factor authentication
  • Minimum resolution is 1280 x 720 pixels
  • 10Mbps broadband internet connection

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Our core support hours are Monday to Friday, 08:30 to 18:30. Users can log support requests using our ticketing facility 24/7. Outside of office hours, we will provide an initial response to support requests within three hours. We also offer enhanced support hours covering weekends and bank holidays by prior arrangement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our team will support your project from the first stages of scoping and data collection to the processing, review, and production stages. Our complete onboarding process ensures we understand your needs from the outset. You will have direct access to our security-cleared technical project managers. They all have extensive experience, and a large technical team supports them. Our support team can assist with more complex tasks such as creating layouts, search term reports, applying analytics functionality, and creating productions. We will seek your approval for any additional costs for completing complex tasks.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our onboarding process starts with a kick-off meeting where we agree on the ordering and engagement process, key contacts, timelines, design templates and workflows, define security arrangements and agree on milestones. We also analyse existing skills within your team and determine what levels of training will be required. We then arrange online or face-to-face training using dummy data. We support all our training with comprehensive user guide documentation. We also support each new case with its own engagement process. With any new case, a scoping call will be required to determine data sources, sizes, whereabouts, and requirements specific to the case, such as de-duplication and search criteria. We will use previously agreed, bespoke templates to set up your new workspace, applying case-specific adjustments as required. We will also provide further training on the specific workspace at this stage so that reviewers are introduced to their case-specific data and workflows.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • MP4
  • Microsoft Office formats
• End-of-contract data extraction: We offer various closure options. We can export the entire database, including all the files, on an encrypted hard drive. Data can then be restored in the future if required. Similarly, we can export the documents with the agreed metadata on an encrypted hard drive. Finally, we can delete all data. We also have options for the source data initially supplied for processing. Such source data can be stored for an agreed period, copied and returned, or deleted from our systems. We will only delete the data from our servers once you have confirmed that you can access your archive. We use forensically sound deletion processes, rendering data irretrievable from our systems.
• End-of-contract process: Deleting data is free of charge, and we do not charge for returning physical evidence within the UK. Our case closure letter outlines upfront the associated costs for each option, and options are priced on a sliding scale, depending on case size. Once archive instructions have been actioned, project data is deleted from our systems, and a certificate of destruction is issued.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Designing Sightline from the ground up allowed us to start with a fresh perspective, unencumbered by constraints. We worked closely with our clients to solve their most significant challenges: speed, efficiency, cost savings, technology adoption, insights and security. The result is a streamlined, intuitive solution that delivers outcomes impossible with any other application. Sightline is different by design. Integrating ECA, a complete review experience, and powerful analytics into a unified platform allows you to log in only once to investigate, analyse, review, and produce documents to support the entire matter lifecycle.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We utilised a third-party accessibility expert vendor to validate and certify Sightline for ADA compliance. In addition to automated tests completed by the third party, they worked directly with users with accessibility needs to test the application.
• API: Yes
• What users can and can't do using the API: With its direct connectors to Office 365 tenants for collection and preservation (Sightline Legal Hold using the Purview APIs) along with Sightline Collect, powered by Onna, Sightline can integrate to many common native data stores such as M365, Slack, Box.net, Dropbox, Salesforce.com, ZenDesk, and more. All these connectors are via API direct integration. The M365 Outlook connector makes use of the Graph API. We are currently developing the ability to collect from Teams, SharePoint, and OneDrive using Microsoft's Graph APIs. Sightline’s Single Sign On (SSO) supports any client platform that uses OpenID, SAML 2.0, or Auth0 protocols. Using Consilio ID, a new backend application designed to work directly with our client’s SSO providers, Sightline can support SSO for nearly all sources of Single Sign On including Azure AD, Okta, Ping, Duo, etc.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The Sightline platform provides flexibility to enhance and customise the application. Beyond core Sightline, we can offer a range of proprietary enhancements to the platform. This capability allows us to build unique workflows and support structured and unstructured datasets. It also allows us to embed other technology platforms. All this ensures that we can continue to meet ever-more complex use cases. Throughout the onboarding process, our team works closely with you to determine the ideal workspace layouts, workflows, and tagging and coding options. Our experts are always available to make adjustments as the case progresses, ensuring a seamless and tailored experience. The platform's robust security features can also be customised to suit your specific needs, down to the user, folder, and document level.

Scaling

• Independence of resources: Sightline has supported over 100 reviewers working concurrently in a single database without issue. Sightline’s concurrency testing protocol is for 200 concurrent reviewers in a single project database. There is no known limit on simultaneous users in an instance. Sightline will scale horizontally and vertically.

Analytics

• Service usage metrics: Yes
• Metrics types: Sightline offers various reports for statistical and graphical presentation of data. The Tally Report provides metrics, KPIs, plus any other metadata or work product attribute in the database, whether a standard field or a custom project field. Other reports range from data exploration (Communications Explorer, Concept Explorer, and Search Term Hit Reports) to reviewing progress by assignment, user, or document history. Each report has its own set of controls, allowing some reports to be configured and saved as custom reports, shared with other users, scheduled for automated running and distribution, and exported from the system.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User permissions tightly control document and case report downloads and printing, and explicit permission by case managers is sought before enabling this functionality. Our team completes standard large data exports in accordance with your individual case requirements. We can then use our Secure FTP service or supply data on physical media for you to collect or have couriered to your physical site.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • All major load file formats including DAT, LST and CSV
  • PDF
  • Natives
  • Text files
  • Images
  • Audio files including MP3 and WAV
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Archive formats including ZIP and RAR
  • Email formats including PST, MBOX and EML
  • MS Office, Open Office and Lotus 123 formats
  • Document formats such as PDF, TXT, HTML and DWG
  • Image formats including JPG, BMP and PNG
  • Media formats such as AVI, WAV, MP3 and MP4

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As we have control over hosting, we can offer a range of uptime SLAs to meet your needs. These start at 99.5% of the total number of minutes in each calendar month outside of planned maintenance windows and increase to meet the most demanding requirements. Or we can allow you to take complete control by managing a platform you host within your infrastructure. Our support hours are 08:30 to 18:30, Monday to Friday. Following our initial acknowledgement, you can expect a comprehensive response to low-urgency queries in four business hours, medium-urgency queries in two business hours, and high-urgency queries within one hour, 24/7.
• Approach to resilience: Anexsys is an ISO 27001, ISO 9001 and Cyber Essentials Plus accredited organisation. Our data centres are ISO 27001 and SOC 2 compliant. The processes and security arrangements we have in place (protecting both physical and digital assets) are regularly audited for compliance, internally and externally. We have documented disaster recovery and business continuity procedures. You can view these by request. Sightline is built on a high-availability network architecture with primary and redundant multi-tier systems (including multiple ISPs) to provide best-in-class infrastructure. Sightline’s web servers, application servers, network, storage, memory, and all backend processing systems are all on immediate fail-over for high availability.
• Outage reporting: The platform is actively monitored, and in the event of an outage or significant downtime, our in-house infrastructure team will be notified, and project managers will, in turn, issue email alerts to you. Email alerts will contain detailed information regarding our plans to address the issue(s), the root cause, and the expected length of the outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: User access is configured to match the job roles of employees and clients. Permissions are highly granular and flexible. Permissions can control which databases and data can be accessed, which application functions can be used, and access to the administrator interface. An increased level of access is required to import and configure data into the platform and administrative tasks.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 06/01/2015
• What the ISO/IEC 27001 doesn’t cover: Our accreditation covers all of our services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • FedRAMP
  • SSAE-16 SOC 1 and SOC 2
  • ISO 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Anexsys’ policies for handling client data are laid down by our parent, Consilio, and ensure that data and devices are stored securely and protected from unauthorised access while in our possession. We treat all client data as confidential. Our enterprise privacy structures and policies ensure that we meet international, EU and UK privacy regulations. These include the Data Protection Act 2018, the General Data Protection Regulations, the Computer Misuse Act 1990, Part 2 of the Serious Crime Act 2015, the Communications Act 2003, the Regulatory and Investigatory Powers Act 2000, GDPR, HIPAA, ITAR, CCPA, and others. They also include HMG security requirements such as security considerations for protecting OFFICIAL information on a corporate network, the Cloud Security Principles, End User Device security guidance and Browser Security guidance. Compliance with ISO standards ensures that we are committed to meeting your needs and protecting our information and data. Completing regular internal and external audits of our quality and information security management systems is a mechanism to show that we are continually improving and learning.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We control changes to operational software, system upgrades, application module upgrades, vendor-supplied software, product enhancements, and patches through our change management procedure, detailed in our information security management system. Changes are requested through our ticketing system, including full details and a risk assessment for approval. A member of our management team must approve any change where there is a possible alteration to any security controls, a financial cost, or a third-party authorisation is required. Once approved, the infrastructure team follows a specific implementation procedure, including planning, testing, backups, and version control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our ISO 27001 Information Security Management System documentation documents the management of our technical vulnerabilities. In summary, measures include maintaining an inventory of assets, ensuring a patching regime is adhered to for all devices, and conducting a monthly vulnerability scan by a third party. We also restrict software installation on all company devices and audit devices regularly. OS patches are applied monthly, and application patches are applied as soon as reasonably possible after they are released by the platform vendor.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our platform's configuration and cloud-based infrastructure allow for controlled, audited and monitored access. We have a 24/7 InfoSec team that monitors all our systems. All processes are monitored and restarted automatically, with all storage being highly available, and appropriate distributed consensus is applied to minimise data loss. Only highly available load balancers are accessible from the internet with specific access controls limiting traffic into the private networks where all activity occurs. Our ISO 27001 Information Security Management System documents all monitoring and support processes.
• Incident management type: Supplier-defined controls
• Incident management approach: In the event of a verified information security incident, we will inform you as soon as possible. From that point on, the incident manager will handle all communication. We will provide a substantive update (e.g., the nature of the incident and affected data) within 24 hours and updates every 24 hours thereafter until the incident is resolved.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We operate as a highly distributed company, with many employees working remotely. Our operating model minimises our need for physical office space and employees' commute requirements, minimising our corporate energy footprint. We incorporate environmental sustainability practices into our operations where feasible through, e.g., leasing office space in Energy Star labelled or LEED-certified properties and using Energy Star equipment where practicable. We encourage employees to use energy-saving practices, including turning lights off in unused spaces, turning computers off and printers to idle when not in use, providing recycling bins in common areas/break rooms, using energy-efficient light bulbs, and installing window shades to reduce heat. As part of our commitment to minimising the environmental impacts of our business, we recently formed an Employee Affinity Group focused on sustainability. Members of this group will work to identify and roll out sustainable business practices, promote sustainability, and engage with local communities to support sustainable practices. As part of our commitment to environmental sustainability, we have partnered with "Greener Litigation", an initiative to reduce the environmental impact of dispute resolution. We are actively promoting its Greener Litigation Pledge among our clients. This pledge commits clients to take proactive measures to minimise the environmental impact of their practices and reduce emissions. The pledge outlines four specific actions clients should undertake, all aligned to limit global warming to 1.5°C.

  Covid-19 recovery

  We recognise the need to continue to support our local communities in their COVID-19 recovery. We have retained our more flexible, remote delivery model for staff, including outsourced review, rather than returning to a centralised, office-based approach. Through COVID-19, we recognised that we can maintain service, quality and security while delivering in a manner adaptable to the needs of working families, the less able, and others who find it challenging to attend city-centre office locations full-time. As a result, we have provided more opportunities to a broader range of community members, including those who struggle to find suitable skilled employment through no fault. We are also committed to investing financial resources, offering staff time (including mentoring via the Social Mobility Foundation) and making charitable donations. Our staff committee agree on the charities we support annually, and examples of our charitable work in 2023 include participation in The London Legal Walk (which provides life-changing legal advice to those in need) and the Royal Parks Half Marathon (raising money for over 1,000 UK charities including the Royal Parks, British Heart Foundation, Cancer Research UK, GOSH, Mind, and Tommy's) and charitable donations to AgeUK, Mind and Homeless.org (selected due to their focus on community support and recovery from COVID-19). We have teamed up with several schools and sixth-form organisations to provide work experience placements and career talks, and we offer three work experience placements every school year. We have also signed the Save the Children pledge, calling on governments worldwide to fund a global vaccine programme fully. This allowed countries with more vaccines than they needed to share their surplus provision with other countries to ensure that global vaccine supply met demand.

  Tackling economic inequality

  We advertise all vacancies publicly using a wide range of fora and use double-masked shortlisting to prevent unconscious bias. Our offices are wheelchair accessible, and all requests for reasonable adjustments are accepted. Our platforms have accessibility features, including high-contrast displays, large fonts, screen readers and Braille display compatibility. We provide free training on eDisclosure via the Social Mobility Foundation, which we developed specifically to support the disadvantaged in skilled employment. We retain contact with course participants, providing advice and mentorship as they move towards their career goals. We use consultants EmployAbility to improve inclusivity and have created training to enhance understanding of disability in the workplace. We are an Armed Forces Covenant signatory. We encourage applications from ex-law enforcement and veterans (via the Career Transition Partnership and Forces Families Jobs Forum). We have adopted the Halo Code to ensure that our policies do not unintentionally prevent diversity and have signed BITC’s Race at Work charter. We also work with Aspiring Solicitors (part of the Diversity Access Scheme) to help diverse candidates secure training contracts with UK law firms. We work with Amber, a charity for young homeless and long-term unemployed people. We support them by providing counselling sessions, fundraising for bed space, and IT basics training sessions. We also help DABD support NEETs in London to achieve employment and social mobility by helping them with their events.

  Equal opportunity

  Our Client Advisory Board (CAB) includes representatives from 13 corporate and law firm customers who are part of their organisations' leadership teams and actively involved in D&I work. The CAB provides guidance, with all parties sharing ideas and advice for improvement. In 2021, we launched a programme to give our clients diversity metrics for the teams assigned to their matters. Our group has had a Diversity & Inclusion (D&I) programme since 2018. We are a group signatory of the CEO Action for Diversity & Inclusion, the most significant CEO-driven business pledge to advance these values within the workplace. We report and analyse the demographic metrics of our workforce annually. In 2020, our group launched a series of campaigns to encourage more employees to voluntarily self-identify their diverse characteristics, including race/ethnicity, gender, veteran status, age and disability status. Those efforts gathered more complete data on Priority Groups to improve our ability to analyse and set goals. Now that we have obtained more complete data, we can develop benchmarks for recruiting, hiring, promoting and overall workforce composition. We have established several employee affinity groups to foster our inclusive culture and support a diverse workforce. We support dozens of VCSE organisations whose missions are to promote diversity, equality, and inclusion, as well as those that provide resources for underserved members of our communities. This support includes financial contributions and our employees' donations of time and talent. We also promote D&I in our profession through marketing campaigns and social media. One example is delivering lunches to the healthcare professionals who support our communities. Our group has supported LawWorks UK, London Legal Support Trust and AgeUK this year.

  Wellbeing

  Our Health & Wellness Affinity Group’s mission is to help our staff grow a strong foundation of health & wellness through best practices, provide appealing integrative programmes and direct the investment of business resources in ways that promote healthy, sustainable working practices. Examples of initiatives include virtual 5k events, meditation, our Employee Assistance Programme, on-demand wellness classes (provided by Wellbeats) and free, independent financial advice on tax, budgeting and pensions. We have introduced a series of stress management webinars to give our staff tools to support them in everyday life and achieve a better work-life balance. In addition, we also have monthly training sessions on business and wellbeing subjects, such as Health & Safety when working from home, Equality & Diversity and LGBTQ+ awareness. Staff are encouraged to attend the monthly session with their peers to stimulate participation. Our staff are also automatically enrolled on our healthcare provider, Unum, which offers many health-related benefits. Unum also provides a 24/7 support hotline, allowing our employees unlimited access to information, advice and emotional support throughout the year. There is an option for staff to upgrade to Vitality, which offers even more health benefits and is subsidised by the business.

Pricing

• Price: £40 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@anexsys.com. Tell them what format you need. It will help if you say what assistive technology you use.