SEVEN365 LTD.

CONTRACT LEGAL MANAGEMENT

SaaS-based and AI-powered Contract Lifecycle Management Platform. The service enables organizations to democratize contract authoring as well as establish powerful post-signature contract management practices. It supports organizations across the entire contracting lifecycle and enables effective collaboration for internal and external stakeholders.

Features

• Guided Contract Features
• Template & Clause Library
• 360
• Collab
• Clause and Metadata extraction
• Clause-Level approvals
• Smart Search
• Real-time Reports
• Obligations Management
• Configurable alerts

Benefits

• Easier requisition of contracts by users
• Libraries with gold standard templates and clauses ensure contractual compliance.
• Enables easier location of contract critical information
• Enables communication between internal and external stakeholders
• Increases the efficiency of contractual review
• Enable handling of exceptional scenarios
• Equips users with capabilities to fetch documents immediately
• Real-time Reports provide actionable insights
• Tracking of Obligations and Deliverables arising from contracts.
• Enable users to keep track of critical contractual events

£35,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sam@seven365.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

748925265038891

Contact

Sam Bhaskar
+447841118452
sam@seven365.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Linux based system
  • Dedicated / reserved instances from the cloud or on premise
  • Distributed computing
  • Cluster of machines is required
  • Cloud & Standalone environment

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 30 minutes during business hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide four levels of Support depending on the severity of incident. ; ; • Critical (Severity 1) - Response time 30 mins with update every 1 hour until incident resolution. Support coverage will be provided during Business and Non-business hours; • High (Severity 2) - Response time is 1 hour with updates every 4 hours until incident resolution. Support coverage will be provided during Business hours and non-business hours; • Medium (Severity 3) - Response time is 2 hours with updates every 1 working day. Support coverage will be provided during Business hours; • Low (Severity 4) - Response time is 4 hours with updates every 1 working day until incident resolution. Support coverage will be provided during Business hours; ; Support is provided as part of license, we do not charge separately (apart from on-site support); ; Since our product is a SaaS product a Technical Account manager would be provided
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: In order to help users get started with the service we provide extensive online training sessions. Training sessions are conducted based on the user roles that each user would have. Multiple sessions are conducted in order to ensure high-user adoption of the platform. Users are also provided with documentation in order to enable them to use the platform in a much more efficient manner
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: User data is provided to users in the form of a data dump when their contract ends.
• End-of-contract process: All the data will be migrated and provided to customer as and when customer requires; ; Data extraction is not charged separately. We provide a free of cost backup of customer data

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can use the UI application to achieve various business operations. For e.g. Authoring of contract, approval, rejection of task etc.
• Accessibility standards: None or don’t know
• Description of accessibility: Accessible via Web browser. Users can perform actions according to their roles and permissions.
• Accessibility testing: NA
• API: Yes
• What users can and can't do using the API: Users do not have direct access to API. ; ; NA.; ; NA.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform is infinitely customizable and can be mirrored to reflect the buyer's business processes. ; ; Any requests for customization are received and would be made during implementation. ; ; 1. The configuration of the organization such as region, BU, Contract category/Sub- category; 2. User roles and access rights; 3. The contract details available on the home screen ; ; Certain customizations such as User roles, access rights and details available on the home screen can be made via the product interface. ; ; Customizations such as Changing the organization structure can be performed with the help of the Customer success manager.; ; Admin users as well as the Customer support team.

Scaling

• Independence of resources: We have auto-scalability of our services in order to guarantee users aren't affected by demand of other users

Analytics

• Service usage metrics: Yes
• Metrics types: Yes; ; 1. No of active users in the system; 2. No of inactive users ; 3. No of contracts in the system; 4. No of templates in the system
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encrypt data at rest using a variety of tools including (but not limited to:; ; 1. Utilizing managed databases by our infrastructure provider which have options to encrypt data at rest. In these cases, encryption keys are managed by the infrastructure provider.; ; 2. Utilizing the infrastructure provider's option to encrypt the underlying storage of the assets that persist data. Again, encryption keys are managed by the infrastructure provider.; ; 3. Company laptops are encrypted as outlined in the Endpoint Security Policy.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export data using the User interface in certain use cases. In case of bulk data requirements, they would need to raise a request with the Support team.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data at rest is encrypted using Azure keys. Only web server on port 443 is accessible over TLS(1.2) to the world.

Availability and resilience

• Guaranteed availability: We guarantee a 99.9% level of availability. We run on Microsoft Azure and Azure ensures 99.9% of availability. Azure provides payback if availability limit is breached.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Other Depends on the customers authentication tool since we integrate with customers authentication mechanism.; ; Through integration with client's authentication system.
• Access restrictions in management interfaces and support channels: We have elaborate rules and permissions management module.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: 1. Initially 2-factor AD authentication to access the bastion host of the cloud service provider; 2. Access the resource using a private key provided to the user.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • We are SOC 2 compliant
  • Undergoing audit for GDPR compliance
  • Working on ISO27001 this year

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2; Currently undergoing audit for GDPR compliance
• Information security policies and processes: The Pillars of Information Security program are; ; 1. Information Security Training; 2. Incident Management; 3. Vulnerability Management; 4. Data Classification; 5. Data Backup; 6. Data Retention; 7. Encryption; 8. Endpoint Security; 9. Physical Security; 10. Acceptable Use Policy; ; 1. The staff should report the issue immediately to their manager.; 2. If manager is unavailable, staff can directly approach the ISO/CEO to report the issue.; ; We ensure that such policies are followed by having appropriate penalties for any violation. The penalties can include; ; 1. Reprimand; 2. Demotion; 3. Suspension or Termination for serious offenses; 4. Detraction of benefits

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management process ensures that all software developed in the service of or any subdomain of should be version controlled.; ; We use a decentralized version control system like git. This allows engineers to work on bug fixes, new feature development and other independent projects simultaneously. Before synchronising with the central repository, it is recommended that engineers work on local branches created from an appropriate version of the central repository. All changes must be tested locally before the changes are deployed to users; ; The policy outlines procedures for conducting planned and unplanned changes as well.; ; We use a version-controlled system.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Reporting; The Information Security Officer is responsible for communicating detected vulnerabilities and package updates needed to the appropriate vulnerability management system where it can be tracked to resolution.; ; Remediating Vulnerabilities; The engineering staff is responsible for remediating any reported vulnerabilities. The remediation process should be tracked in the vulnerability management system. SLAs are in place to help prioritize vulnerability based on severity; ; Remediation Outcomes; The following are the possible Resolution statuses; 1. Fixed; 2. Inaccurate/Incorrect; 3. Vulnerable section unused; 4. Acceptable risk; ; 1. Perform various internal vulnerability scans and package monitoring on a constant basis. ; 2. Perform external vulnerability-scans/penetration-tests periodically.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We use monitoring tools in order to identify network intrusions. ; The support team is available 24/7 to find the root cause and fix the vulnerabilities.; The time period taken to respond to incidents depends on severity of incident.
• Incident management type: Undisclosed
• Incident management approach: 1. Report the incident immediately to your manager as soon as possible.; 2. If manager is not available, employees are to approach the ISO / CEO to report the incident.; ; The ISO is responsible for ensuring that reported security-incidents are added to the appropriate incident management system where it can be tracked to resolution.; ; On-Call-Engineer (OCE) is the first point of contact and responsible for addressing the incident and to identify the severity of the incident. The following are the levels of severity; ; • Low severity incidents; • Medium Severity incidents; • High severity incidents; • Critical severity incidents

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Fighting climate change; We have systems and process geared to save energy in our data centres
• Covid-19 recovery:

  Covid-19 recovery

  Covid-19 recovery; We have a process in place to manage services remotely and our teams are aware of Covid protocols
• Tackling economic inequality:

  Tackling economic inequality

  Tackling economic inequality; Our organisation work with teams in developing countries like India where we contribute towards the wellbeing and employment of resource from economically diverse background
• Equal opportunity:

  Equal opportunity

  Equal opportunity; We are a merit oriented organisation and our teams are balanced in representation and we conscious of this attribute
• Wellbeing:

  Wellbeing

  Wellbeing; The management are firm followers of well being and teams are encouraged to follow yoga and healthy food habits within the organisation

Pricing

• Price: £35,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sam@seven365.com. Tell them what format you need. It will help if you say what assistive technology you use.