Lawcadia

Lawcadia

Lawcadia is an end-to-end legal operations platform for in-house legal teams. Features include legal front door, matter intake, matter management, document and email management, document automation, workflow automation, external counsel management, matter-based RFPs, spend management, invoice review, eBilling and BI reporting.

Features

• Workflows + Automation
• Matter Intake and Matter Management
• External Spend Management
• Document Automation
• eBilling
• BI Reporting
• Advanced Search
• iManage Integration
• Document and Email Management
• Complex Approvals Workflows

Benefits

• Streamline and automate in-house lawyer processes
• Improve matter intake quality and delivery
• Control who has access to what through detailed matter permissions
• Easily save emails and documents into the matter workspace
• Automate the creation of documents, eg. NDAs
• Control external legal spend through scope & budget management
• Brief external counsel using a structured approach, including RFPs
• Highly configurable workflow engine and BI Reporting tool
• eBilling and invoice review for billing compliance
• Detailed approval setup and configurations for internal sign-offs

£15,000 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at skirk@lawcadia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

390689806474539

Contact

Sacha Kirk
+44 20 3318 2511
skirk@lawcadia.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/a
• System requirements:
  • Supported web browser
  • 1Mbps internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Lawcadia aims to respond initially within 30 minutes during business hours. Customers can register support requests 24/7.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Lawcadia has not been formally tested for WCAG.
• Web chat accessibility testing: Lawcadia has not been formally tested for WCAG.
• Onsite support: Yes, at extra cost
• Support levels: Lawcadia provides Standard support as part of all subscriptions at no additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our clients are at the heart of our business, and we believe that we are only successful when our clients are getting the most out of our platform.; ; Our Customer Success Managers will work with you from the beginning to ensure a smooth implementation and provide project management, training on-site or remote, user guides, support and can even map your existing processes to our platform.; ; Beyond the initial implementation, we will continue to partner with you and help you to expand your use of the platform as your legal function and requirements grow.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data stored in Lawcadia can be extracted in CSV.
• End-of-contract process: Lawcadia allows customers to conduct their own transition-out data extraction.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Lawcadia can work on any device, including auto-scaling for mobile devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Lawcadia's Client Admin function allows authorised users to manage users, matter permissions, workflows, integrations, audit logs, and BI reporting.
• Accessibility standards: None or don’t know
• Description of accessibility: Lawcadia has not been formally tested for WCAG.
• Accessibility testing: Lawcadia has not been formally tested for WCAG.
• API: Yes
• What users can and can't do using the API: Lawcadia is a completely API-driven platform. Upon client request by an authorised person, Lawcadia can expose certain end points for the purposes of integrations.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customers can create their own workflow plugins.

Scaling

• Independence of resources: Lawcadia has auto-scaling for its server resources, which automatically adjust for network load.

Analytics

• Service usage metrics: Yes
• Metrics types: Lawcadia captures detailed information about platform usage and user access. These can be either exported in CSV or provided on a scheduled basis.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Data is encrypted at rest and in transit. Cloudflare provides data in transit TLS key management. The AWS KMS used for data at rest cloud level encryption. There is a dual layer encryption i.e., Cloud Level – AWS KMS, and Application Level – AES256.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All data stored in Lawcadia can be exported in CSV.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Lawcadia has a guaranteed uptime of 99.9% excluding scheduled downtime.
• Approach to resilience: Physical location and legal jurisdiction:; Please refer to the third-party i.e., AWS page for details at https://docs.aws.amazon.com/whitepapers/latest/nhs-cloud-security-guidance-using-aws/principle-2-asset-protection-and-resilience.html; ; Data centre security:; Please refer to AWS' security controls at https://aws.amazon.com/compliance/data-center/controls/; ; Data encryption:; Please refer to the details at https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html; ; Data sanitisation and equipment disposal: NA; ; Physical resilience and availability:; Please refer to the details at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disaster-recovery-resiliency.html
• Outage reporting: In any case of service outages, Lawcadia management contacts the clients via email and/or phone call.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Lawcadia significantly restricts employee access to client data. Only UK and Australian-based customer success personnel have access to high-level matter and client information (matter name, usernames, and contact details) to be able to provide first-level customer support.; All the sensitive data is segregated and protected by application-level encryption; therefore, database administrators cannot read the client data in plain text. All software development and QA testing are conducted in separate sandbox and testing environments, and no client data is used for testing, only sample, fictional data.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Partner Global
• ISO/IEC 27001 accreditation date: 29-Nov-2023
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Lawcadia's Information Security Management System (ISMS) is ISO 27001:2022 certified. Lawcadia's entire business and platform is within scope of this certification. This includes a large number of policies and procedures, including board level polices (Business Continuity Plan, Crisis Management Plan and Disaster Recovery Plan), and other operational policies including ISMS Scope, Information Security Policy, Statement of Applicability, Incident Management Procedure, BYOD Policy, Mobile Device & Teleworking Policy, Lawcadia Device & Network Management Policy, IT Asset Procurement Policy, Acceptable Use Policy, Access Control Policy, Privilege Management Policy, Policy on the Use of Cryptographic Controls, Operating Procedures for ICT and Policy for Controls against Malware.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Lawcadia has a robust change management system in place that is part of Lawcadia's ISMS framework and is ISO 27001 certified.; Every release is managed by a release management process that prioritises the issues, allocates resources, tests the issues in different environments, automates testing integrated with CI/CD pipelines, and performs manual and automated code reviews. ; Only after the above steps (but not limited to) a release is pushed to the production. In addition to this, Lawcadia undertakes independent penetration tests at least annually, and before all major releases, which are conducted by a CREST-certified 3rd party supplier.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Lawcadia Systems:; Regularly update all systems and software with the latest patches and security updates. (CMDB Lifecycle).; Configure firewalls to restrict unauthorised access and block malicious traffic. (ABM - ZeroTrust & Bit Defender on all employee devices).; Implement email filtering and web filtering to prevent users from accessing malicious websites or downloading malware-infected files. (Office365 and ZeroTrust).; ; Lawcadia Platform:; Scan all the Lawcadia platform attachments for potential malware (ClamAV); ; Use antivirus and anti-malware software to detect and remove malicious code. (SonarQube); ; Scan platform infrastructure for potential threats via the following:; Threat-mapper, Cloudflare WAF, AWS System Firewall, Cloudflare DDoS protection, SIEM
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Real-time infrastructure monitoring and alerts are in place. ; ; In addition to that, a periodic Platform Monitoring Meeting is held every six weeks. This meeting reviews Valimail DMARC, Cloudflare Network and Security Logs, Cloudflare Load Balancing Log Analysis, Cloudflare Uptime Logs Analysis, AWS Server Health Analysis, CPU Usage, Memory Usage, Current Free Disc Space, Backup Health of Shared Private Cloud Clients. ; ; The Incident Management Procedure states, In the case of an incident ; - As soon as reasonably practicable, upon Lawcadia being notified of a suspicious event.; - Within 24 hours after due diligence and analysis confirm the impact of an event.
• Incident management type: Supplier-defined controls
• Incident management approach: The Incident Management Procedure at Lawcadia is designed to ensure quick detection and response to security incidents. The procedure document cannot be shared but here is the summary of the procedure in place:; ; • Initial Response; • Evaluation; • Containment and Mitigation; • Investigation and Analysis; • Communication and Reporting; • Remediation and Recovery; • Review and Lessons Learned

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  At Lawcadia, diversity and inclusivity are fundamental values. With a female co-founder and two women holding senior leadership roles, we champion gender equality and strive to create an environment where everyone can thrive. We celebrate the diverse backgrounds, cultures, and traditions within our team, fostering an inclusive workplace culture where all voices are heard and valued.

Pricing

• Price: £15,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at skirk@lawcadia.com. Tell them what format you need. It will help if you say what assistive technology you use.