Oasis Discovery Partners Ltd

Oasis Discovery Private G-Cloud

Oasis specializes in building and managing custom cloud solutions for complex workloads. By integrating compliance, infrastructure, software, and a variety of managed services, Oasis provides secure, comprehensive solutions to modern data challenges.

Features

• Data processing and hosting for legal review/investigation
• Document duplication and near duplicate detection
• Automatic detection of personal information (PII) for DSAR
• Relativity, Brainspace, NexLP, Veritone included in suite of technology
• Industry leading Technology Assisted Review to save time and money
• Data visualisation and Artificial Intelligence available across multiple applications
• Multi layered secure remote access for all users
• Client portal for support and 'self service'
• Management of all security updates, patches and virus protection
• SSAE16, ISO 270001, GDPR compliant data centres

Benefits

• Oasis makes eDiscovery easy by managing specialist infrastructure and software
• Oasis suite of technology keeps pace with eDiscovery challenges
• Avoid limitations and restrictions of a single eDiscovery application
• Find facts fast using AI powered solutions
• Learn from the best - expert training on all applications
• Collate evidence in single repository for analysis
• Automatic solution scaling - fit for large and small projects
• Empower legal teams to manage the end-to-end eDiscovery process
• Fast client on-boarding with services available in hours
• Pay for what you use, per month, no commitments

£5 a gigabyte

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hunter.Collins@repariodata.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

382663454362175

Contact

Hunter Collins
+1 9139547755
Hunter.Collins@repariodata.com

Service scope

• Service constraints: Prior to agreeing a contract, buyers should contact Oasis to confirm initial solution and scope. Oasis works in partnership with all our clients to make sure the solutions we provide are 'fit for purpose' in order to maximize investment and save time.
• System requirements: None- All applications hosted by Oasis in secure private cloud

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA for responding to customer support request is 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our support structure is designed to provide a holistic approach whereby customers submit requests to our ticketing systems. Tickets are then reviewed and allocated as appropriate. All customers will be allocated a Technical Account Manager as standard. There is no additional cost associated to support provisioning.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: At Oasis we have a team of industry experts on hand to assist clients in every facet of working with the eDiscovery technology we provide. Whilst the day to day project management and user support is undertaken by our clients, Oasis is there to support those teams in applying the technology in the right way, and to assist in tasks like data processing.; ; The Oasis Client Experience team are there to assist clients from the start, including:; ; • Client on-boarding including administrator training on all applications. We provide user documentation, hands on web based training through video conferencing facilities. If required, training can be provide on site.; • Server and system management training; • Application workflows – custom processes to help Oasis clients get the most out of the technologies available to them; • Application consultancy – use the solutions most fit for purpose from client to client, or project to project; • Data processing support – leverage the Oasis team to help when large volumes of data need processing fast and accurately; • Custom development – the Oasis development team can test and assess any custom applications and scripts you wish to bring to your environment
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: There are multiple ways for customers to extract data, whether at contract end or during the course of the engagement (i.e. when projects end). Examples include:; ; - Native data and associated metadata, images and text via load file in .DAT, .CSV or proprietary format; - Custom application based export including Relativity ARM application from both Relativity Server and Relativity One; ; Exported data can be provided in a logical download via secure transfer tools or physical download to removable media. In all cases a detailed chain of custody process is adhered to (with reports provided when required) and data is encrypted at every stage.
• End-of-contract process: At the end of the contract access to the Oasis eDiscovery Cloud environment will be terminated. At the client’s instruction Oasis can either delete all client data from the servers, or export the data in the client's chosen format and deliver via secure file transfer or encrypt portable media. Evidence of data export and data destruction are provided to every client at the end of the engagement.

Using the service

• Web browser interface: Yes
• Using the web interface: "Litsy" is a full-featured management application purpose-built for the business of eDiscovery:; ; Ticketing & Job Queues– Tickets (project instructions) can be customized to reflect the organization’s services.; ; Communication – Activities in Litsy – including new ticket creation, updates, changes to instructions and questions –are communicated via automatic email updates. Owners can create their own distribution lists at the project level and can even customize the subject line of the emails.; ; Billing Summaries – Detailed spreadsheets can be created at the Client or Matter level.; ; Dashboards/Reporting – Dashboards report on your team’s productivity and visualize the work they do.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Service module is access via secure URL and can be customised to each client. Activities that clients can perform include, but are not limited to:; ; User account creation and management; Database creation and management; Task management and reporting (data processing, publishing and exporting); User performance management; Billing summary and invoice creation
• Web interface accessibility testing: None known at this time
• API: Yes
• What users can and can't do using the API: Oasis provides clients with a suite of scripts and integrations using the well known Relativity API structure.; In addition to this clients can bring their own scripts and integrations (based on the same Relativity framework) to be implemented on their projects in the Oasis hosted Relativity infrastructure.; When required, Oasis can create custom scripts and integrations for clients, these activities are chargeable and defined in specific SOWs.
• API automation tools: Other
• API documentation: Yes
• API documentation formats: Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Ongoing and proactive system performance analysis. Load balancing technologies ensure consistent distribution of system resources. High demand resources are placed on a dedicated platform to ensure quality of service is met for our shared environment. Services include multi-tenancy and single-tenancy options.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Via one to one discussions with Support team

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Monthly Uptime Information to support agreed SLAs
  • Active and inactive user accounts
  • Active and inactive data volume being hosted
  • Data processing volumes
  • Data processed using analytics technologies
  • Volume of data across all projects
  • Reports across all projects for invoice analysis and creation
  • End user activity including document review activity
  • Data import and data export processes and volumes
  • Support ticket volumes, topics and response metrics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Fileshares
  • Virtual Machines
  • Databases
• Backup controls: Oasis controls all backups. Clients may request adjusted schedules or adjusted frequencies via ticketing request.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Oasis understands that its customers depend on the IT systems provided, maintained and supported by Oasis, and that these items are of critical importance to a business.; ; Relativity and Virtual Server Availability is measured continuously, but for the purposes of this SLA will be measured in units of minutes during the applicable month for which the Service Credits will apply. The following table summarizes the Service Credits due for failing to meet the Availability target:; ; Service Availability 99.9% Potential service credit 5%; Service Availability 99.8% Potential service credit 10%; Service Availability 99.7% Potential service credit 15%; ; A Virtual Server will be deemed “available” if the virtualization hardware and hypervisor layers delivering the clients virtualized servers are available and responding to Oasis’ monitoring tools. Or if any server downtime doesn’t impact any necessary functionality within the Client’s network.; ; If availability for any service drops below the relevant threshold in any given month, the customer will be eligible to receive a service credit. A service credit is a reduction of fees payable by the customer in the month following a service delivery report showing a failure to meet the SLA and/or a refund.
• Approach to resilience: Full redundancy built around telecommunications, power, network interfaces and server hardware including storage with dual controllers. Further information is available upon request.
• Outage reporting: Customer communications are managed by our dedicated client support teams. Communications include email, telephone or customer preferred methods.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Strict role based access provisioning issued using least privilege allocation. All management interface and support channels require MFA for every login attempt. All administrators have separate accounts for privileged and non privileged activities, all activity is logged and reviewed periodically.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment
• ISO/IEC 27001 accreditation date: 31st October 2017
• What the ISO/IEC 27001 doesn’t cover: Oasis staff are 100% remote workers, therefore our scope excludes the physical security controls, these controls are provided and assigned to our supplier management through contract provisioning (which are in scope and audited as such).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27017 and ISO27018
  • Our data centres hold PCI, ISO27001, 9001, 20001 and ISAE3402

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Management System (ISMS) is certified to ISO27001, ISO27017 and ISO27018, it is managed by our Security Steering Committee, members of this committee include the Chief Executive Officer, Chief Operating Officer, Director of Information Technology, Chief Information Security Officer and our Vice President of Technology. Our ISMS includes all required policies and procedures to meet the requirements of our security standards and certifications. Our ISMS requires all staff to read and agree to specific Information Security practices. Internal and External audits are completed annually (at minimum) and include review and audit of user compliance. Our ongoing training, awareness and education ensures all staff are aware of ongoing best practice for information security, our internal standards, applicable regulatory, statutory and contractual obligations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Every change to an Information Resource (e.g. operating system, computing hardware, networks, applications, data centers) that supports the Oasis Discovery business is subject to our Change Management Policy and must adhere to our internal change management procedures. Subject to the level of change (standard, normal or emergency), our internal CAB completes a required risk assessment, including review of potential security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), monthly maintenance programs (including full patch management), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioural patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Appropriate contact in place with special interest groups providing specialist security updates on an ongoing basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioural patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Alerts are received (email, telephone, application) for all potential compromises and sent to our Security Steering Committee and IT dept, upon evaluation for severity and level of risk, appropriate actions and ownership are assigned via our incident management procedures.
• Incident management type: Supplier-defined controls
• Incident management approach: Our ISMS Steering Committee manage our information security incident management program. Incidents are reported via email, telephone, ticket creation or direct 1-2-1 communication. We have pre-defined procedures to follow, including: Collection of information, verification of incident, severity and scope assessment, risk assessment, design required action plan and assign owners, review of completed actions, secondary risk assessment, trend analysis and lessons learnt activities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Data is protected by network segmentation and Access controls. Separation between client data is virtual with individual network segments created for clients, separate Active Directory partitions are in place. All client data is segregated and stored on logically distinct and encrypted SAN volumes

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: All Virtus data centres are powered with 100% renewable energies. (VIRTUS currently procures it’s energy from Bryt Energy, who only supply wind, hydro and solar energy. That means there’s absolutely no biomass energy involved, making our fuel mix 100% green.); Virtus are certified as "excellent" by the efficiency accreditations agency BREEAM. Every Virtus site is accredited to ISO50001.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  All Oasis services are designed to help fight climate change. Our data centres are carbon neutral and use 100% renewable energies. All Oasis staff are home based and use only power for a singular device (laptop) and mobile phone. As part of the Oasis wellness program, Oasis staff members are regularly picking litter up from local community areas.

Pricing

• Price: £5 a gigabyte
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Processing and hosting of data up to 10GB and hosted for 1 month can be made available for a service trial. Data being used for the trial should be treated as 'test' data and not part of an active/live matter

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Hunter.Collins@repariodata.com. Tell them what format you need. It will help if you say what assistive technology you use.