LEGADO TECHNOLOGIES LIMITED

Legado

Legado makes digital interactions with customers secure, simple and personal using a cloud-native platform that can be flexibly deployed using a set of scalable and modular APIs. The platform has dozens of pre-built features for customer communications, workflows, intelligence and data insights.

Features

• Secure communications via Digital Vault
• Encrypted document delivery
• Customer workflows
• Mail merge & personalisation
• MI and Analytics Suite
• Omni-channel notifications
• Document revoke and versioning
• Activity tracking and stages
• Conditional logic
• AI content insights

Benefits

• Integrate and embed within your existing digital experience or CRM
• Fully end-to-end encrypted communications (documents and instant messaging)
• Create batches of documents that are personalised for each recipient
• Notify customers when new communications are available via Email/SMS
• Drive customer engagement with a personalised digital experience
• Create bespoke customer workflows to digitise processes
• Use MI and Analytics to ensure regulatory compliance
• Modernise customer interactions and reduce carbon output
• Modular value-add features to drive customer engagement
• Provide personalised digital customer updates for case and claim management

£500.00 to £999,999 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josif@joinlegado.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

418416731167837

Contact

Josif Grace
07456636655
josif@joinlegado.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Legado's platform is fully API-enabled and modular, meaning you can integrate with your existing back-office systems, case management, CRM-tools and more, ensuring a seamless experience for all users.
• Cloud deployment model: Hybrid cloud
• Service constraints: There are no constraints.
• System requirements: Internet Connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Issue Type: Incident; Priority: Critical; Target (minutes): 120, SLA Type: Response; Target (minutes): 1440, SLA Type: Resolution; ; Priority: High; Target (minutes): 120, SLA Type: Response; Target (minutes): 4320, SLA Type: Resolution; ; Priority: Medium; Target (minutes): 1440, SLA Type: Response; Target (minutes): 7200, SLA Type: Resolution; ; Priority: Low; Target (minutes): 1440, SLA Type: Response; Target (minutes): 43200, SLA Type: Resolution
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We have conducted comprehensive testing of our web chat platform with assistive technology users, including those utilising screen readers, voice recognition software, and keyboard-only navigation. Our testing sessions focused on ensuring full accessibility and usability, aiming to identify and rectify any barriers encountered by individuals with visual, auditory, and motor impairments. Feedback from these sessions has been instrumental in refining our chat interface, enhancing keyboard navigation, and ensuring compatibility with various assistive technologies to provide an inclusive user experience.
• Onsite support: Yes, at extra cost
• Support levels: Our support framework is structured to accommodate a wide range of requirements, from basic troubleshooting to in-depth technical support:; ; Standard Support: Provides access to our helpdesk, software updates, and general troubleshooting. This level is most suitable for small to medium-sized enterprises (SMEs) that require consistent support.; ; Premium Support: Delivers expedited response times, direct access to senior technicians, and bespoke service configurations. This level is designed for businesses with critical operations that demand immediate and expert assistance.; ; The costs vary by tier; Standard Support typically comes included with our service subscriptions, whereas Premium Support incurs an additional charge, dependent on the extent of services needed.; ; For our higher-tier clients, we offer a dedicated Technical Account Manager (TAM) or Cloud Support Engineer (CSE) to ensure a smooth experience. The TAM or CSE provides strategic support, performance optimisation recommendations, and acts as a direct link to our engineering teams, ensuring your requirements are given priority.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To ensure our users start using our service smoothly, we provide comprehensive support through our dedicated Customer Success Team. This team facilitates both online and onsite training tailored to meet the specific needs of our users, ensuring they can leverage the full potential of our platform from the outset. Additionally, we offer extensive user documentation that covers all aspects of our service, from basic functionalities to advanced features, allowing users to self-learn at their own pace. Our approach is designed to empower users with the knowledge and skills needed to efficiently navigate and utilise our service, ensuring a seamless and productive user experience.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Web-based guides and FAQ
  • Email based guides and FAQ
• End-of-contract data extraction: At the conclusion of a contract, we ensure users can easily extract their data from our platform, offering flexibility tailored to each client's specific needs. Clients can choose from a range of data extraction options, including standard formats like CSV, PDF, or XML, ensuring compatibility with their onward systems or requirements. For those needing more bespoke solutions, our team is available to facilitate custom data extraction methods, which can be developed and implemented at an additional cost. This consultative approach allows us to meet the unique data portability needs of each client, ensuring a smooth and efficient transition of their valuable information.
• End-of-contract process: At the end of the contract, we facilitate a smooth transition for our clients. This includes providing options for data extraction, where clients can retrieve their data in standard formats like CSV, PDF, or XML. For bespoke extraction needs, our team offers tailored solutions, which may incur additional costs.; ; Included in the contract price are the core services and features of our platform, along with standard customer support and access to user documentation for seamless operation. Additional costs may apply for services beyond the standard package, such as bespoke data extraction, custom feature development, advanced training sessions beyond the initial setup, and specialised support or consultancy services.; ; Our aim is to ensure transparency and flexibility, allowing clients to choose the level of service that best fits their needs, with clear communication on what is included and what constitutes an extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our mobile service is optimised for on-the-go access, featuring a user-friendly interface designed for touchscreens and streamlined navigation suited to smaller screens. The desktop version provides a broader view, more detailed functionalities, and is tailored for in-depth tasks requiring a larger display. Both versions maintain core functionalities and seamless synchronisation to ensure a consistent user experience across devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Our service interface serves as the designated conduit for interaction between Legado's core features and external systems or users. It clearly defines the operations we offer, such as fetching data, submitting information, or performing updates, and the manner in which these actions are carried out. This ensures reliable and secure exchanges. Through this interface, Legado can effortlessly integrate with other software, devices, or services, promoting compatibility and expandability while preserving the integrity and autonomy of Legado's internal structure.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: In Legado, we've conducted interface testing with assistive technology users to ensure our application is accessible and user-friendly. This involved participants using screen readers, voice recognition, and other assistive tools to navigate our interface. We focused on identifying and addressing any barriers, making sure that Legado is inclusive and accommodating to all users, regardless of their technological needs or preferences. Feedback from these sessions has been instrumental in refining our design and functionality to meet a wide range of user requirements.
• API: Yes
• What users can and can't do using the API: With the Legado API, users gain comprehensive control over managing client documents and information, making it a versatile tool for sectors such as Finance, Legal, and HR. After setting up a client's digital vault, users can upload, manage, and share documents effortlessly, with the added benefit of automatic data extraction for metadata enrichment.; ; To initiate the service through the API, users simply request a test account and API Key by reaching out to api@joinlegado.com. This setup process is straightforward, ensuring users can quickly start managing their digital vaults.; ; The API empowers users to make a wide array of changes, including:; ; Organising files and folders, uploading documents, and managing contacts.; Sharing documents and setting permissions to enhance collaboration.; Extracting document data, setting reminders, and updating contact details for comprehensive document management.; ; The design of our API ensures flexibility and ease of use, enabling users to adapt the service to their specific needs without encountering limitations. Users can seamlessly integrate the API into their existing systems, allowing for a tailored approach to document and information management that aligns with their operational requirements.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: At Legado, we offer comprehensive customisation options, both at the front-end and back-end, to ensure our platform perfectly aligns with your business needs:; ; Front-End:; ; Embedded: Integrate Legado's UI into your apps using React components, iFrames, or Micro-Frontends. Fully white-label to match your branding.; White Label: Personalise our ready-to-use solution with your brand for a seamless user experience without the need for development.; Bespoke (API): Utilise our APIs for a fully customised solution, tailored to your requirements.; ; Back-End:; ; Modular Feature Set: Our platform's back-end is designed for flexibility, allowing you to toggle features on or off to suit your specific operational needs.; Custom Features: Through our consultative approach, we collaborate with you to develop custom features, ensuring our solution meets your unique business challenges.; ; Regardless of the deployment route you choose, Legado provides a swift setup with our pre-built platform, enabling efficient management of your digital vault. Our dual approach to customisation ensures that you can tailor both the user interface and the functional capabilities of our platform, making Legado a versatile choice for businesses across various sectors.

Scaling

• Independence of resources: Utilising Microsoft Azure, we ensure a consistent user experience through scalable infrastructure that dynamically adjusts to demand. Azure's load balancing evenly distributes traffic, preventing overload and maintaining service quality. With global data centres, we minimise latency by serving users from the nearest location. Continuous monitoring with Azure's tools enables us to preemptively address potential issues, guaranteeing reliability and responsiveness for all users, irrespective of external demands on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Our service provides comprehensive metrics on user engagement, document management, and system performance. We track user activities such as login frequency and feature usage, alongside document metrics like upload rates and sharing statistics. System reliability is monitored through uptime and response times. For bespoke needs, we offer custom metrics tailored to specific client requirements. All these insights are accessible through an intuitive dashboard, reports or API, enabling clients to optimize their usage, streamline document workflows, and make data-driven decisions to enhance their experience with our platform.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: To protect data at rest, we implement stringent encryption measures using industry-standard algorithms, such as AES-256, ensuring that all stored data is encrypted and inaccessible without proper authentication. We also apply comprehensive access controls and authentication mechanisms to restrict access to sensitive data, ensuring only authorised personnel can access it. Regular security audits and compliance checks further reinforce our commitment to data security, helping to identify and mitigate potential vulnerabilities. This multi-layered approach ensures the utmost protection of data at rest within our network, safeguarding against unauthorized access and breaches.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data directly from our platform using built-in export functionalities, which allow for downloading in common formats like CSV, PDF, or XML. This process is designed to be user-friendly, ensuring users can easily access and save their data with just a few clicks. For more complex or customised data export requirements, our team is available to assist, ensuring users can retrieve their data in a format that meets their specific needs.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • XML
  • JSON
  • RDF
  • Custom (At additional cost)
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • Excel
  • TXT
  • XLS
  • JSON
  • Other (At additional cost)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: In addition to double encryption on-device and at the data centre, we employ secure data transmission protocols to protect data between the buyer's network and ours. Utilising Transport Layer Security (TLS), we ensure that all data in transit is encrypted, preventing interception or tampering. We also implement strict access controls and network security measures, including firewalls and intrusion detection systems, to safeguard against unauthorised access. Our comprehensive approach ensures the highest level of data security and privacy, maintaining the integrity and confidentiality of buyer data at all times.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Within our network, we protect data by implementing robust encryption for both data-at-rest and data-in-transit, adhering to the government's first cloud security principle of 'Data-in-transit protection'. We use advanced encryption standards, such as AES-256, to secure data stored on our servers. For data moving within our network, we enforce secure communication protocols like TLS to ensure end-to-end encryption. Additionally, we employ network segmentation, firewalls, and access controls to further safeguard data from unauthorised access and potential threats, maintaining a high level of security and confidentiality for all data within our network.

Availability and resilience

• Guaranteed availability: Our Service Level Agreements (SLAs) guarantee a 99.9% uptime for our services, ensuring high availability and reliability. In the event that we fail to meet this guaranteed level of availability, we offer refunds to our users as part of our commitment to maintaining high standards of service. The refund process is straightforward and detailed in our SLA documentation, where users can claim refunds proportional to the duration and impact of the service disruption they experienced. This policy reflects our dedication to accountability and customer satisfaction, providing users with assurance and trust in our services.
• Approach to resilience: Available on request.
• Outage reporting: Our service employs a multi-channel approach to report any outages, ensuring transparency and timely communication. We maintain a public dashboard that displays real-time service status, including any ongoing outages or disruptions. This dashboard is accessible to all users, providing a clear, at-a-glance view of service health.; ; Additionally, we offer an API that enables users to programmatically monitor service status, allowing for integration into their own monitoring systems or dashboards. This API provides detailed information about service performance and any incidents.; ; For direct and immediate notifications, we also have an email alert system in place. Users can subscribe to receive outage notifications, ensuring they are promptly informed about any issues affecting the service. This comprehensive reporting strategy ensures that users are well-informed and can take necessary actions or adjustments in response to service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: We offer flexible authentication methods tailored to user requirements, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and custom authentication mechanisms. Depending on customer preferences, users can authenticate via their existing credentials, such as corporate credentials or third-party identity providers, ensuring seamless and secure access to the service.
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted based on role-based access control (RBAC), ensuring that only authorised personnel can perform administrative tasks. User permissions are granularly defined, limiting access to sensitive functionalities and data. Additionally, multi-factor authentication (MFA) adds an extra layer of security to verify the identity of users accessing these interfaces, further safeguarding against unauthorised access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 20/12/23
• What the ISO/IEC 27001 doesn’t cover: Our ISO/IEC 27001 certification primarily focuses on our information security management systems (ISMS) related to the provision of our services. However, it does not extend to physical security measures, such as those at data center facilities, or regulatory compliance specific to individual industries or regions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ICO Registration

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We adhere to rigorous information security policies and processes, grounded in industry best practices and standards such as ISO 27001 and GDPR. Our security framework encompasses data protection, access control, incident response, and regular audits to ensure compliance and safeguard against threats.; ; Our reporting structure is hierarchical, with a dedicated Information Security Officer (ISO) overseeing policy implementation and compliance. The ISO reports directly to senior management, ensuring that information security is prioritised at the highest levels of our organisation.; ; To ensure adherence to our policies, we conduct regular training sessions for all staff, fostering a culture of security awareness. We also implement strict access controls and employ regular audits and monitoring to detect and address any deviations from our policies. Non-compliance is met with immediate corrective actions, guided by predefined procedures to mitigate any potential risks. This structured approach ensures that our information security policies are rigorously followed and continuously improved upon.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes ensure that all components of our services are meticulously tracked throughout their lifecycle. Each component is documented in a configuration management database (CMDB), allowing for precise monitoring from deployment to decommissioning. Changes undergo a rigorous assessment process, where their potential security impact is evaluated through a structured review involving security and operational teams. This includes risk analysis and testing in controlled environments before approval and implementation. This thorough approach ensures that every change is made securely, maintaining the integrity and reliability of our services.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process involves continuously assessing potential threats to our services. We utilise a combination of internal assessments and external threat intelligence sources to identify vulnerabilities. Patches are deployed swiftly, adhering to our policy of addressing critical vulnerabilities within 48 hours of identification. Our information on potential threats is sourced from reputable security advisories, industry collaborations, and cybersecurity forums, ensuring we are informed of the latest vulnerabilities and threats. This proactive approach ensures the ongoing security and resilience of our services.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes are designed to swiftly identify potential compromises through continuous system surveillance and anomaly detection. Utilising advanced security tools and analytics, we monitor for unusual activity indicative of a security breach. Upon detecting a potential compromise, our incident response team is immediately alerted. They assess the situation and initiate a predefined response protocol to contain and mitigate the incident. Our response to incidents is rapid, aiming to address potential compromises within hours of detection, ensuring minimal impact and maintaining the integrity of our services.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management processes are well-defined, encompassing pre-defined protocols for common events. Users report incidents through designated channels, such as our support portal or helpline. Following incident resolution, we provide comprehensive incident reports detailing the event's impact, root cause analysis, and measures taken to prevent recurrence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  At Legado, our dedication to combating climate change extends to aiding businesses in optimising their customer communications, decreasing reliance on print, packaging, and physical postage. By transitioning to our cloud-based platform, companies can streamline their communication processes, delivering messages digitally and reducing paper waste. Our platform offers efficient document management, enabling businesses to store, manage, and share documents electronically, eliminating the need for physical copies. This not only reduces environmental impact but also enhances operational efficiency and cost-effectiveness. With Legado, businesses can embrace sustainable communication practices while enhancing their customer experience.

  Covid-19 recovery

  In response to the Covid-19 crisis, Legado is dedicated to aiding businesses in their recovery journey. Our cloud-based communication platform serves as a vital tool for organisations striving to adapt and rebound from the pandemic's impact. By embracing digital channels for communication, businesses can effectively engage with customers while adhering to social distancing guidelines and reducing the risk of virus transmission. ; ; Legado enables businesses to streamline their processes, automate workflows, and ensure operational continuity during these challenging times. Through our platform, businesses can optimise their customer communications, delivering timely and personalised messages without the need for in-person interactions. Whether it's disseminating important updates, managing invoices, or addressing customer queries, ; ; Legado empowers businesses to maintain meaningful connections with their clientele while prioritising health and safety. Moreover, our platform facilitates seamless remote collaboration and teamwork, enabling employees to work together efficiently from any location. With features like document sharing, task management, and virtual meetings, teams can remain productive and aligned on goals despite physical distancing constraints. As organisations navigate the complexities of the post-pandemic landscape, Legado provides the necessary tools and support to adapt, recover, and flourish. Our platform not only enhances operational resilience but also fosters sustainability by reducing reliance on traditional paper-based processes and face-to-face interactions.

  Wellbeing

  In the realm of well-being, Legado recognises the paramount importance of fostering a supportive and nurturing environment for individuals. Our platform serves as a catalyst for promoting mental and emotional wellness by facilitating seamless communication, collaboration, and connection among colleagues, teams, and communities.; ; Through Legado, organisations can implement initiatives aimed at promoting employee well-being, such as wellness challenges, virtual support groups, and access to resources for stress management and mental health. Our platform enables leaders to communicate openly and transparently with employees, fostering a culture of trust, empathy, and support.; ; Moreover, by offering flexible work arrangements and remote collaboration tools, Legado empowers individuals to achieve a healthy work-life balance, reducing stress and burnout associated with traditional office environments. Through features like virtual meetings, document sharing, and task management, teams can collaborate effectively while prioritising their well-being.; ; At Legado, we believe that prioritising well-being is not just a responsibility but also an opportunity to create thriving, resilient, and empowered communities. Together, let's leverage technology to cultivate environments where individuals can flourish personally and professionally, promoting a culture of holistic wellness and fulfilment.

Pricing

• Price: £500.00 to £999,999 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Our free version includes essential features like document storage, basic collaboration tools, and limited user access. However, advanced functionalities such as custom branding and premium support are not included. There's a limited time period of up to three months.
• Link to free trial: Sign up by contacting sales.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josif@joinlegado.com. Tell them what format you need. It will help if you say what assistive technology you use.