Skip to main content

Help us improve the Digital Marketplace - send your feedback

Thomson Reuters

Thomson Reuters Legal Tracker

Tracker is the highest rated, most widely used legal matter management, e-billing and analytics system. It enables in-house legal departments to gain visibility of all legal work, implement better cost control practices, reduce spend (typically by 5-15% in the first year), realise departmental efficiencies and generate reports in real time.

Features

  • Typical 3 month implementation
  • Hosted: no software/hardware required; minimal IT resource demands
  • Compatible with PC/Mac internet browsers, tablets and mobile devices
  • Accessible by both in-house and outside counsel
  • Customer information stored in UK data centre
  • 120,000 law firms on-boarded, 80% of UK top 100
  • 1800+ customers, 600,000+ users in 192 countries
  • All maintenance and upgrades deployed automatically

Benefits

  • Collaborate with outside counsel in one system
  • Gain visibility of all legal work across the organisation
  • Track legal department spending against matter budgets
  • Report on all information in the system in real time
  • Store documents with matters and share with outside counsel
  • Evaluate performance with objective and subjective metrics
  • Streamline invoice workflow; manage receipt, audit, review and approval
  • Automate collection of unbilled work (accruals)
  • Automate invoice auditing to ensure billing guidelines are enforced
  • Record internal time spent on each matter

Pricing

£1,202.00 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 5 3 8 6 9 0 4 7 8 4 9 5 7 9

Contact

Thomson Reuters Joanne Fowler
Telephone: 07990563250
Email: joanne.fowler@thomsonreuters.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
The price paid includes all support and maintenance upgrades. Legal Tracker is highly configurable but Thomson Reuters does not permit any code changes to the system.
System requirements
  • Legal Tracker is accessed by a secure hosted internet site
  • Access to the internet via common browsers
  • There are no client-side local installations
  • Microsoft Azure UK South and West

User support

Email or online ticketing support
Email or online ticketing
Support response times
Level 1 - within 4 hours, Level 2 - within 1 business day, Level 3 - within 2 business days
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Except for scheduled maintenance periods Legal Tracker is available for online processing 24 hours a day 7 days a week. If necessary the Legal Tracker Support Team may take Legal Tracker offline for scheduled maintenance during following times: Major (Saturday 8am to Sunday 8am Pacific Time) Minor every day from 9pm to 12am (Pacific time). If Legal Tracker becomes unavailable and requires unscheduled maintenance, the Legal Tracker Support Team shall attempt to post a notice of the unscheduled maintenance on the web pages available to Customer and its law firms. Further details on the 3 levels of Support are included in Thomson Reuters Legal Tracker Service Definition.Please note: Except as may be set forth in Agreement, the support services do not include: (i) visits to Customer’s site or (ii) any services for any third party equipment or software.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Thomson Reuters will provide reference materials in electronic format at no charge, including Implementation Checklist and Guide, Quick Reference Guides for Users, Company Administrators and Accounting Code Reviewers, Quick Reference Guides for Law Firm lawyers and other staff, Law Firm Billing Managers and Law Firm Administrators. Standard implementation or configuration of the system is included as part of the subscription price but is charged as an extra month’s fee.
Thomson Reuters will provide any further customized material, data entry or conversion services or on-site training on a time and materials basis if requested in writing. Thomson Reuters provides unlimited virtual one-hour training sessions for users and law firm users at specified times each week/month. The training sessions are open enrolment and subject to availability.
Service documentation
No
End-of-contract data extraction
De-provisioning based on timely cancellation notice as per agreed contractual terms. Data return is governed by SLAs, also contained in standard contract terms and conditions.
End-of-contract process
The service is typically offered with a one or two year agreement and can be cancelled thereafter or renewed annually after the initial term.
De-provisioning based on timely cancellation notice as per agreed contractual terms. On cancellation all data is returned in accordance with SLAs contained in in standard contract terms and conditions.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Compatible with tablets
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Legal Tracker exposes several APIs for client use. Some of the APIs are SOAP based, while others (i.e. Matter Upload) are REST based. APIs are exposed to enable integration with other systems. There are no limitations to set up or to make changes.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Legal Tracker is highly configurable but we do not permit any code changes to the system. Only authorised users working on legal matters access the system, no 3rd party access is granted for those not working on legal matters. There is no liability on either side for mis-use of system. There is also protection for any disclosed confidential information on either side unless under situations set-out in contract.

Scaling

Independence of resources
Legal Tracker currently supports over 1,800 corporate clients and nearly 600,000 users in 193 countries. Legal Tracker is highly scalable and capable of handling any demand placed upon it.

Analytics

Service usage metrics
Yes
Metrics types
Real time management information through both reporting and graphical, interactive dashboards.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is a data warehouse available for Legal Tracker.

While extraction from the database can only be performed by Thomson Reuters authorised personnel, Tracker makes available numerous export options to the users, depending on their role and permissioning. This includes: user information, time entry, budgets, financials, contracts, invoices, audits, reports, events and many more.
Data export formats
  • CSV
  • Other
Other data export formats
  • Text
  • PDF
  • APIs
  • CSV
  • OAuth
  • XLS & XLSX
  • SFTP
  • XML
  • PowerPoint
Data import formats
  • CSV
  • Other
Other data import formats
  • Text
  • APIs

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
SLA 99.5%, SLA and related terms are included in Thomson Reuters Legal UKI Master Terms.
Approach to resilience
Legal Tracker operates within a fault-tolerant, virtualisation system. Thus, the failure of any single component generally will have no impact on the system. Additionally, data is replicated in real time to a geographically remote, disaster recovery data centre that runs constantly in warm fail-over mode. Please see Disaster Recovery & Business Continuity whitepaper, available on request.
Outage reporting
Planned Maintenance is advertised directly on Legal Tracker. Users are also alerted via e-mail.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
IP whitelisting
Access restrictions in management interfaces and support channels
Legal Tracker is managed and supported through the primary interface. Management is performed by the client with one or more "super user" accounts. These accounts use the same security measures as regular accounts. By default, support staff have the ability to log into client systems to provide assistance. This access can be disabled and managed by the client as desired.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standards Institute
ISO/IEC 27001 accreditation date
07/10/2016
What the ISO/IEC 27001 doesn’t cover
ISO 27001 certification covers the Thomson Reuters' data centres in the UK. All product specific elements are covered by SOC-2 audit.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 1
  • SOC 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Tracker is audited annually under SOC-2 type by Ernst & Young. The audit report is made available on request. Please see the SOC-2 audit report and System Architecture & Security whitepaper, available on request.
Information security policies and processes
We are committed to our information security Risk Management Program and our charter is approved by the Executive Committee. We have an extended team of certified security and privacy subject matter experts located globally and dedicated to the security of our products and services. Our information security policies and standards are aligned to an international standard to provide assurance globally of practices that ensure confidentiality, integrity and availability of our products and services. We demonstrate our commitment to a secure operating environment by our ongoing certification program focused on our strategic data centres using the ISO 207001 standard. At a high level the following teams report into the Chief Information Security Officer (CISO): Strategy & Governance, Security Operations Centre, Business Continuity & Compliance, Enterprise Security Services, Architecture & Engineering. The CISO reports into Chief Technology Officer who in turn reports directly to the Chief Executive.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Legal Tracker has a robust configuration and change management process. Please see the Tracker SOC-2 audit report for information on these these processes, available on request.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We maintain all production systems at the most recent level of patches/fixes recommended. Detection and alerting mechanisms record all external attempts to access our network, or to interrupt/degrade service. Internal File-store and SQL servers don't initiate outbound traffic. Web servers respond to encrypted HTTPS connections and send computer-generated SMTP email notifications.
Penetration Testing is performed, authorised vendors attempt known exploits and Hack in a replica environment. Weekly, vulnerability assessments are performed and quarterly static and dynamic scans are performed. We use an intrusion detection system to collect information on network activity and search for any attacks on The internal networks.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
A production and geographically separated hot fail-over with near real-time data sync is used in addition to onsite disk-to-disk bit-level backups. DR testing is completed at least annually and is part of the SOC-2 audit. The SOC-2 audit report is available upon request, for non-confidential information regarding Thomson Reuters' incident and event monitoring security procedures. Also available on request is the Disaster Recovery & Business Continuity whitepaper.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process is designed to ensure incidents are dealt with consistently and to restore normal service operation as quickly as possible, minimise any adverse impact on business operations, to ensure that the levels of service quality and availability are maintained. We provide appropriate and timely information to customers during high impact incidents. Incident management provides input to the problem management process after normal service has been restored, to facilitate effective problem and error control and reduce the number of related future Incidents. Information is recorded and Daily Service Reviews are conducted to review the status of managed incidents.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

In 2020, Thomson Reuters joined the Science Based Targets initiative, committing to reduce Scope 1 & 2 greenhouse gas (GHG) emissions by 50% by 2030 from 2018 baseline levels, as well
as reducing absolute Scope 3 GHG emissions from fuel and energy-related activities, business travel, and employee commuting by 25% by 2025 from 2019 baseline levels. Additionally, Thomson
Reuters aims to require 65% of suppliers by spend to have Science Based Targets by 2025. Since 2021, we have sourced renewable energy for 100% of our operations. We have achieved this largely through the purchase of renewable power by matching our electricity usage with renewable energy credits acquired around the world.
Largely through investment in renewable power for our facilities, we’ve been able to drive more than a 93% reduction in Scope 1 &2 GHG emissions from our 2018 baseline. To date, business travel
emissions are 66% lower than our 2019 baseline and we have made progress on our engagement target with our supply chain, with 32.5% of suppliers by spend committed to Science Based
Targets. In addition to the switch to renewable energy, Thomson Reuters remains carbon neutral through offsetting the remaining portion of its GHG footprint through carbon offsets. We spent
an average of 8% of our total US-based spend with diverse suppliers and our commitment is to maintain this for 2023 despite macroeconomic pressures and inflation impact. We continue to
refine our procurement process to incentivise working with suppliers who share our commitment to sustainability.

Covid-19 recovery

In 2020, the global COVID-19 pandemic created unprecedented health risks to our employees, customers and suppliers, and containment measures intended to mitigate the impact of the pandemic resulted in global economic crisis and uncertainty. In response to the pandemic, we immediately transitioned most of our staff to a virtual work environment. At the same time, we worked with
our approximately 500,000 customers to ensure continued access to our products and services. Thomson Reuters developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigated this difficult period. We still continue to provide this support and we provide authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center was and continues to be a critical information hub for those who need it most.

Tackling economic inequality

In support of diverse and minority-owned small businesses, Thomson Reuters partners with CVM, a supplier.io company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.
Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business.
We have also changed our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender.
Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.
We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.

Equal opportunity

In 2022/23, we continued to increase the representation of racially/ethnically diverse talent in senior leadership. Racially/ethnically diverse representation in senior leadership increased by 2% year-over-year and the number of Black employees in senior leadership increased by one year-over year. We have successfully increased Black senior executive hiring as a result of focused efforts to establish relationships with senior Black talent and achieving diverse candidate slates for executive recruitment. we continue to focused actions to support growth and improve retention include highlighting Black high potential talent in CEO talent reviews, stay interviews, career coaching and opportunity matching, and mentorship by executive team members. Recruiting diverse talent, of course, is just part of the equation. We also need to make sure we’re doing everything we can to accelerate the
careers of people from diverse backgrounds once they’re here, by exposing them to differentiated development opportunities and sponsorship.
This year, we did that by expanding our Diverse Talent Academy program, in partnership with McKinsey, to equip our future leaders
with the skills, peer networks, and sponsorship to achieve their aspirations and grow within Thomson Reuters.
With specific Academies focused on Hispanic/Latino, Black, and Asian talent, the program reached over 200 racial and ethnically diverse colleagues across the company, more than doubling its reach and impact from the previous year.

Wellbeing

At Thomson Reuters, the impact of the pandemic has motivated us to expand our efforts in employee wellbeing. Since 2022 we have rolled out new initiatives and commitments. On May 2 and October 25, we’re encouraging all our employees to take a break These mental health days are now a permanent feature of our commitment to supporting employee wellbeing. Technology is helping us deliver mental health supports and we’re investing in the tools our people need to assess their mental health and to support their team members, and families. We have launched new psychological and resilience self-assessment tools to help employees identify their strengths and risks and develop individualised strategies. Using the Headspace app, we introduced a 14-day mindfulness challenge which can include activities ranging from mini meditation in the morning to breathing exercises before bed.
When dealing with mental health and wellbeing at work, it’s critical to create safe spaces for important conversations, learning and sharing without judgement. To support our people leaders in creating safe spaces to talk about mental health, we have launched a mental health playbook – a resource guide for addressing mental health concerns with their colleagues. Other tools we’ve introduced include an extensive series of live and on-demand webinars for people managers and employees on topics such as on meditation, suicide prevention, change and anxiety and resilience.
While a company can create programs and provide tools for their employees, modelling behaviour is essential. We encourage all our executives and people leaders to speak out on issues of mental health and wellbeing to help break the stigma. It’s important as leaders that we let our people know that it’s okay to say you’re not okay.
We’re on a journey to being a global leader in wellbeing, and our work has only just begun.

Pricing

Price
£1,202.00 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.