Oyster Information Management Solutions Limited

iManage Work Document Management, Email Management and iManage Records Manager

iManage is dedicated to making knowledge work enabling organisations to uncover and activate the knowledge that exists inside their teams content and communications.
Our AI, document and email management creates connections across data, systems, and people while leveraging the context of organisations to fuel deep insights, business decisions, and collaboration.

Features

• Document Management
• Email Management
• Content Organisation
• Personalised Search using machine learning and data analytics
• Protection of content in iManage and non-iManage repositories
• Sharing and Collaboration
• Smart Worklists
• Detect sophisticated threats from internal or external actors
• Smart Timeline
• Manage and control all records from a single policy

Benefits

• Suggested email filing keeps you ahead of inbox overload
• Document timelines, dashboards and analytics
• Searching across all work product is automatically tuned to you
• Secure mobile access
• Seamless integration with the applications you’re already using
• User designed workflows, navigation and contextual help
• Organisation policies govern audited document access and sharing
• Implement need-to-know security enforcement at scale
• Share securely with internal and external collaborators
• Reduce the risk of data breaches

£31.55 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josef.elliott@oyster-ims.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

470722662335867

Contact

Josef Elliott
0207 199 0620
josef.elliott@oyster-ims.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Supported platforms only
• System requirements: Fully SaaS so just a browser required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday:; Priority 1 Errors: 1 Business Hour; Priority 2 Errors: 4 Business Hours; Priority 3 Errors: 6 Business Hours; Priority 4 Errors: 1 Business Day; ; Cloud Customers have access to support assistance 24 hours per day, Monday - Sunday, 365 days per year, for Priority 1 Errors.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: This is in progress.
• Onsite support: Yes, at extra cost
• Support levels: Support assistance is available during Business Hours for Cloud Customers. Response Time Objectives for calls submitted outside the coverage window will apply to the next Business Day. In addition, Cloud Customers have access to support assistance 24 hours per day, Monday through Sunday, 365 days per year, for Priority 1 Errors.; ; We provide a cloud support manager for all customers and a technical account manager may be added for an additional fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: IManage provides a cloud onboarding welcome package. As part of the package, the iManage cloud onboarding team provides assistance with the following: (i) implementation stages and checkpoints, (ii) data migration, (iii) go-live preparation, (iv) post go-live responsibilities and (v) iManage cloud support assistance.; ; iManage also has iManage cloud training and certification that it makes available to its cloud customers.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: IManage provides no less than 90 days for cloud customers to download their data. iManage can also provide the customer with a number of options for the actual extraction of the data.
• End-of-contract process: IManage makes the data available for no less than 90 days after contract termination / expiration. If a cloud customer needs additional assistance, such assistance will be provided by iManage professional services, for an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/a Browser based
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: IManage Work can be accessed using a web browser on any desktop, using mobile phones and tablets, and using the Work panel in Microsoft Outlook with the iManage Work Desktop for Windows desktop application. iManage Work also provides an embedded experience through iManage Work Desktop for Windows with Microsoft Office and Adobe application integrations.
• Accessibility standards: None or don’t know
• Description of accessibility: IManage Work can be accessed using a web browser on any desktop, using mobile phones and tablets, and using the Work panel in Microsoft Outlook with the iManage Work Desktop for Windows desktop application. iManage Work also provides an embedded experience through iManage Work Desktop for Windows with Microsoft Office and Adobe application integrations.
• Accessibility testing: In progress.
• API: Yes
• What users can and can't do using the API: The iManage Work REST APIs enable users to perform operations such as viewing documents, browsing workspaces, and searching for documents on the iManage Work server through the HTTP protocol.; ; Several operations that are performed through the iManage Desktop client applications can be performed and/or automated using iManage Work REST APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is available through the use of our APIs. The extent of the customisations available are set forth in the API documentation. Additionally, further customisation may be available from iManage or a certified partner of iManage.

Scaling

• Independence of resources: The iManage cloud is capable of petabyte scale, including automatic scaling and self-healing, with multiple, redundant, synchronised data centers. Additionally, we offer multi-tenant architecture with logical and physical data isolation.

Analytics

• Service usage metrics: Yes
• Metrics types: IManage provides a SLA for the availability of the cloud service. iManage also provides reporting on user counts / storage levels (upon request).
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: IManage

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: We also support Customer Managed Encryption Keys
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: IManage provides no less than 90 days for cloud customers to download their data. iManage can also provide the customer with a number of options for the actual extraction of the data. Currently, there are approximately 40 products available to assist with import/export.
• Data export formats:
  • CSV
  • Other
• Other data export formats: In the format in which it's stored in the service
• Data import formats:
  • CSV
  • Other
• Other data import formats: Any electronic file type as defined by customer

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9%; ; Service Credits are provided pursuant to the following table (percentages are based on the monthly fee or 1/12th of the annual fee):; Less than 99.9% but not less than 99.0% - 10%; Less than 99.0% but not less than 98.0% - 25%; Less than 98.0% but not less than 95.0% - 50%; Less than 95.0% - 100%
• Approach to resilience: Available upon request.
• Outage reporting: There is a notification page on the iManage support website. This page can be subscribed to by users so that they receive an email alert.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: IManage enforces an access control policy based on least privileges principles.; ; iManage maintains an authorisation management system.; All iManage Personnel accessing systems containing Customer Data have a separate, unique username.; iManage restricts access to Customer Data solely to iManage Personnel who have a need to access the Customer Data or as otherwise required by applicable Law.; ; iManage uses industry standard practices to identify and authenticate all iManage Personnel who attempt to access iManage network or information systems.; Where authentication credentials of iManage Personnel are based on passwords, iManage requires that such passwords meet minimum requirements for length and complexity.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 28 March 2018
• What the ISO/IEC 27001 doesn’t cover: IManage general administration (i.e., non-cloud)
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: May 4th 2021
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: All offered in this submission
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017
  • ISO 27018
  • ISO 22301
  • COC 2 Type 2 (All Trust Principles)
  • SOC 2+
  • SOC 3

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CyberSecurity+
• Information security policies and processes: Alex - or possibly David

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have a cloud-gating process to ensure availability, confidentiality and security of changes we make to the service.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: IManage uses reasonable efforts to ensure that the Cloud Services operating systems and applications that are associated with Customer Data are patched and otherwise secured to mitigate the likelihood and impact of security vulnerabilities in accordance with iManage’s patch management processes and within a reasonable time after iManage has actual or constructive knowledge of any critical or high-risk security vulnerabilities. iManage conducts vulnerability testing on a monthly basis. We get our information from contracted third parties and public resources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a SIEM tool that helps us monitor for security events. We also have an escalation process to respond to such events, wherein response time is dependent on severity of the event.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a customer support team that accepts reports on incidents. We also have an operations monitoring team that checks for anomalies. If there is a confirmed incident, the operations team manages it to closure. Customers are informed if necessary by the support portal.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Oyster IMS is committed to support action to prevent climate change. Our Carbon Reduction Plan forms part of Oyster IMS’ actions towards Net Zero emissions, overseen by our Environmental, Social and Governance (ESG) Group. This Carbon Reduction Plan has been completed in accordance with PPN 06/21 and associated guidance and reporting standards for Carbon Reduction Plans.

  Covid-19 recovery

  Oyster IMS continued to service customers throughout the Covid-19 pandemic and has ensured that all activity has tried to have a positive effect on helping our customers recover as well. We have continued to provide 100% of our services on a hybrid basis but are increasingly moving back to more face-to-face meetings as and when this suits our clients.

  Tackling economic inequality

  To tackle inequality in employment, skills and pay at Oyster IMS we train our managers and all other employees about our equal opportunities policy to all employees that encourages equality, diversity, and inclusion. We carry out annual equal pay reviews with an aim to have a clear pay structure and ensure all employees are aware what they need to do if they want to take on higher-paid roles.

  Equal opportunity

  Oyster IMS is committed to encouraging equality, diversity, and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of our society, and for each employee to feel respected and able to give their best. We monitor the make-up of our workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability as well as aiming to be an equal opportunities employer that reflects the expertise and diversity of our local community and ensure we source and attract a diverse pool of candidates.

  Wellbeing

  At Oyster IMS, we promote and develop work-life balance practices to ensure we maximise employment opportunities for all and continue to offer flexible working hours, home working opportunities, part-time opportunities to improve the range of opportunities we offer. We actively create a working environment free from bullying, harassment, victimisation, and unlawful discrimination, promoting dignity and respect for all and where individual differences and contributions of all employees are recognised and valued.

Pricing

• Price: £31.55 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access can be given to site for an agreed period, in order to prototype the solution as part of the sales cycle once the requirements have been identified

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josef.elliott@oyster-ims.com. Tell them what format you need. It will help if you say what assistive technology you use.