Thomson Reuters

Thomson Reuters Legal Tracker

Tracker is the highest rated, most widely used legal matter management, e-billing and analytics system. It enables in-house legal departments to gain visibility of all legal work, implement better cost control practices, reduce spend (typically by 5-15% in the first year), realise departmental efficiencies and generate reports in real time.

Features

• Typical 3 month implementation
• Hosted: no software/hardware required; minimal IT resource demands
• Compatible with PC/Mac internet browsers, tablets and mobile devices
• Accessible by both in-house and outside counsel
• Customer information stored in UK data centre
• 120,000 law firms on-boarded, 80% of UK top 100
• 1800+ customers, 600,000+ users in 192 countries
• All maintenance and upgrades deployed automatically

Benefits

• Collaborate with outside counsel in one system
• Gain visibility of all legal work across the organisation
• Track legal department spending against matter budgets
• Report on all information in the system in real time
• Store documents with matters and share with outside counsel
• Evaluate performance with objective and subjective metrics
• Streamline invoice workflow; manage receipt, audit, review and approval
• Automate collection of unbilled work (accruals)
• Automate invoice auditing to ensure billing guidelines are enforced
• Record internal time spent on each matter

£1,202.00 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

653869047849579

Contact

Joanne Fowler
07990563250
joanne.fowler@thomsonreuters.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The price paid includes all support and maintenance upgrades. Legal Tracker is highly configurable but Thomson Reuters does not permit any code changes to the system.
• System requirements:
  • Legal Tracker is accessed by a secure hosted internet site
  • Access to the internet via common browsers
  • There are no client-side local installations
  • Microsoft Azure UK South and West

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Level 1 - within 4 hours, Level 2 - within 1 business day, Level 3 - within 2 business days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Except for scheduled maintenance periods Legal Tracker is available for online processing 24 hours a day 7 days a week. If necessary the Legal Tracker Support Team may take Legal Tracker offline for scheduled maintenance during following times: Major (Saturday 8am to Sunday 8am Pacific Time) Minor every day from 9pm to 12am (Pacific time). If Legal Tracker becomes unavailable and requires unscheduled maintenance, the Legal Tracker Support Team shall attempt to post a notice of the unscheduled maintenance on the web pages available to Customer and its law firms. Further details on the 3 levels of Support are included in Thomson Reuters Legal Tracker Service Definition.Please note: Except as may be set forth in Agreement, the support services do not include: (i) visits to Customer’s site or (ii) any services for any third party equipment or software.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Thomson Reuters will provide reference materials in electronic format at no charge, including Implementation Checklist and Guide, Quick Reference Guides for Users, Company Administrators and Accounting Code Reviewers, Quick Reference Guides for Law Firm lawyers and other staff, Law Firm Billing Managers and Law Firm Administrators. Standard implementation or configuration of the system is included as part of the subscription price but is charged as an extra month’s fee.; Thomson Reuters will provide any further customized material, data entry or conversion services or on-site training on a time and materials basis if requested in writing. Thomson Reuters provides unlimited virtual one-hour training sessions for users and law firm users at specified times each week/month. The training sessions are open enrolment and subject to availability.
• Service documentation: No
• End-of-contract data extraction: De-provisioning based on timely cancellation notice as per agreed contractual terms. Data return is governed by SLAs, also contained in standard contract terms and conditions.
• End-of-contract process: The service is typically offered with a one or two year agreement and can be cancelled thereafter or renewed annually after the initial term. ; De-provisioning based on timely cancellation notice as per agreed contractual terms. On cancellation all data is returned in accordance with SLAs contained in in standard contract terms and conditions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Compatible with tablets
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Legal Tracker exposes several APIs for client use. Some of the APIs are SOAP based, while others (i.e. Matter Upload) are REST based. APIs are exposed to enable integration with other systems. There are no limitations to set up or to make changes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Legal Tracker is highly configurable but we do not permit any code changes to the system. Only authorised users working on legal matters access the system, no 3rd party access is granted for those not working on legal matters. There is no liability on either side for mis-use of system. There is also protection for any disclosed confidential information on either side unless under situations set-out in contract.

Scaling

• Independence of resources: Legal Tracker currently supports over 1,800 corporate clients and nearly 600,000 users in 193 countries. Legal Tracker is highly scalable and capable of handling any demand placed upon it.

Analytics

• Service usage metrics: Yes
• Metrics types: Real time management information through both reporting and graphical, interactive dashboards.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: There is a data warehouse available for Legal Tracker.; ; While extraction from the database can only be performed by Thomson Reuters authorised personnel, Tracker makes available numerous export options to the users, depending on their role and permissioning. This includes: user information, time entry, budgets, financials, contracts, invoices, audits, reports, events and many more.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Text
  • PDF
  • APIs
  • CSV
  • OAuth
  • XLS & XLSX
  • SFTP
  • XML
  • PowerPoint
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Text
  • APIs

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA 99.5%, SLA and related terms are included in Thomson Reuters Legal UKI Master Terms.
• Approach to resilience: Legal Tracker operates within a fault-tolerant, virtualisation system. Thus, the failure of any single component generally will have no impact on the system. Additionally, data is replicated in real time to a geographically remote, disaster recovery data centre that runs constantly in warm fail-over mode. Please see Disaster Recovery & Business Continuity whitepaper, available on request.
• Outage reporting: Planned Maintenance is advertised directly on Legal Tracker. Users are also alerted via e-mail.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: IP whitelisting
• Access restrictions in management interfaces and support channels: Legal Tracker is managed and supported through the primary interface. Management is performed by the client with one or more "super user" accounts. These accounts use the same security measures as regular accounts. By default, support staff have the ability to log into client systems to provide assistance. This access can be disabled and managed by the client as desired.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: 07/10/2016
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 certification covers the Thomson Reuters' data centres in the UK. All product specific elements are covered by SOC-2 audit.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 1
  • SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Tracker is audited annually under SOC-2 type by Ernst & Young. The audit report is made available on request. Please see the SOC-2 audit report and System Architecture & Security whitepaper, available on request.
• Information security policies and processes: We are committed to our information security Risk Management Program and our charter is approved by the Executive Committee. We have an extended team of certified security and privacy subject matter experts located globally and dedicated to the security of our products and services. Our information security policies and standards are aligned to an international standard to provide assurance globally of practices that ensure confidentiality, integrity and availability of our products and services. We demonstrate our commitment to a secure operating environment by our ongoing certification program focused on our strategic data centres using the ISO 207001 standard. At a high level the following teams report into the Chief Information Security Officer (CISO): Strategy & Governance, Security Operations Centre, Business Continuity & Compliance, Enterprise Security Services, Architecture & Engineering. The CISO reports into Chief Technology Officer who in turn reports directly to the Chief Executive.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Legal Tracker has a robust configuration and change management process. Please see the Tracker SOC-2 audit report for information on these these processes, available on request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We maintain all production systems at the most recent level of patches/fixes recommended. Detection and alerting mechanisms record all external attempts to access our network, or to interrupt/degrade service. Internal File-store and SQL servers don't initiate outbound traffic. Web servers respond to encrypted HTTPS connections and send computer-generated SMTP email notifications.; Penetration Testing is performed, authorised vendors attempt known exploits and Hack in a replica environment. Weekly, vulnerability assessments are performed and quarterly static and dynamic scans are performed. We use an intrusion detection system to collect information on network activity and search for any attacks on The internal networks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A production and geographically separated hot fail-over with near real-time data sync is used in addition to onsite disk-to-disk bit-level backups. DR testing is completed at least annually and is part of the SOC-2 audit. The SOC-2 audit report is available upon request, for non-confidential information regarding Thomson Reuters' incident and event monitoring security procedures. Also available on request is the Disaster Recovery & Business Continuity whitepaper.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is designed to ensure incidents are dealt with consistently and to restore normal service operation as quickly as possible, minimise any adverse impact on business operations, to ensure that the levels of service quality and availability are maintained. We provide appropriate and timely information to customers during high impact incidents. Incident management provides input to the problem management process after normal service has been restored, to facilitate effective problem and error control and reduce the number of related future Incidents. Information is recorded and Daily Service Reviews are conducted to review the status of managed incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  In 2020, Thomson Reuters joined the Science Based Targets initiative, committing to reduce Scope 1 & 2 greenhouse gas (GHG) emissions by 50% by 2030 from 2018 baseline levels, as well ; as reducing absolute Scope 3 GHG emissions from fuel and energy-related activities, business travel, and employee commuting by 25% by 2025 from 2019 baseline levels. Additionally, Thomson ; Reuters aims to require 65% of suppliers by spend to have Science Based Targets by 2025. Since 2021, we have sourced renewable energy for 100% of our operations. We have achieved this largely through the purchase of renewable power by matching our electricity usage with renewable energy credits acquired around the world.; Largely through investment in renewable power for our facilities, we’ve been able to drive more than a 93% reduction in Scope 1 &2 GHG emissions from our 2018 baseline. To date, business travel ; emissions are 66% lower than our 2019 baseline and we have made progress on our engagement target with our supply chain, with 32.5% of suppliers by spend committed to Science Based ; Targets. In addition to the switch to renewable energy, Thomson Reuters remains carbon neutral through offsetting the remaining portion of its GHG footprint through carbon offsets. We spent ; an average of 8% of our total US-based spend with diverse suppliers and our commitment is to maintain this for 2023 despite macroeconomic pressures and inflation impact. We continue to ; refine our procurement process to incentivise working with suppliers who share our commitment to sustainability.

  Covid-19 recovery

  In 2020, the global COVID-19 pandemic created unprecedented health risks to our employees, customers and suppliers, and containment measures intended to mitigate the impact of the pandemic resulted in global economic crisis and uncertainty. In response to the pandemic, we immediately transitioned most of our staff to a virtual work environment. At the same time, we worked with; our approximately 500,000 customers to ensure continued access to our products and services. Thomson Reuters developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigated this difficult period. We still continue to provide this support and we provide authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center was and continues to be a critical information hub for those who need it most.

  Tackling economic inequality

  In support of diverse and minority-owned small businesses, Thomson Reuters partners with CVM, a supplier.io company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.; Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business.; We have also changed our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender.; Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.; We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.

  Equal opportunity

  In 2022/23, we continued to increase the representation of racially/ethnically diverse talent in senior leadership. Racially/ethnically diverse representation in senior leadership increased by 2% year-over-year and the number of Black employees in senior leadership increased by one year-over year. We have successfully increased Black senior executive hiring as a result of focused efforts to establish relationships with senior Black talent and achieving diverse candidate slates for executive recruitment. we continue to focused actions to support growth and improve retention include highlighting Black high potential talent in CEO talent reviews, stay interviews, career coaching and opportunity matching, and mentorship by executive team members. Recruiting diverse talent, of course, is just part of the equation. We also need to make sure we’re doing everything we can to accelerate the ; careers of people from diverse backgrounds once they’re here, by exposing them to differentiated development opportunities and sponsorship. ; This year, we did that by expanding our Diverse Talent Academy program, in partnership with McKinsey, to equip our future leaders ; with the skills, peer networks, and sponsorship to achieve their aspirations and grow within Thomson Reuters. ; With specific Academies focused on Hispanic/Latino, Black, and Asian talent, the program reached over 200 racial and ethnically diverse colleagues across the company, more than doubling its reach and impact from the previous year.

  Wellbeing

  At Thomson Reuters, the impact of the pandemic has motivated us to expand our efforts in employee wellbeing. Since 2022 we have rolled out new initiatives and commitments. On May 2 and October 25, we’re encouraging all our employees to take a break These mental health days are now a permanent feature of our commitment to supporting employee wellbeing. Technology is helping us deliver mental health supports and we’re investing in the tools our people need to assess their mental health and to support their team members, and families. We have launched new psychological and resilience self-assessment tools to help employees identify their strengths and risks and develop individualised strategies. Using the Headspace app, we introduced a 14-day mindfulness challenge which can include activities ranging from mini meditation in the morning to breathing exercises before bed.; When dealing with mental health and wellbeing at work, it’s critical to create safe spaces for important conversations, learning and sharing without judgement. To support our people leaders in creating safe spaces to talk about mental health, we have launched a mental health playbook – a resource guide for addressing mental health concerns with their colleagues. Other tools we’ve introduced include an extensive series of live and on-demand webinars for people managers and employees on topics such as on meditation, suicide prevention, change and anxiety and resilience.; While a company can create programs and provide tools for their employees, modelling behaviour is essential. We encourage all our executives and people leaders to speak out on issues of mental health and wellbeing to help break the stigma. It’s important as leaders that we let our people know that it’s okay to say you’re not okay.; We’re on a journey to being a global leader in wellbeing, and our work has only just begun.

Pricing

• Price: £1,202.00 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.