HighQ DocAuto, powered by Contract Express
Given the number of legal documents your in-house team produces and handles every day, it’s critical to have a legal document management system that can introduce consistency and reduce manual work. HighQ can optimise team productivity and streamline legal services by automating the creation of your legal documentation.
Features
- Securely store documents and easily find what you need.
- Collaborate on documents and coauthor contracts seamlessly.
- Create secure workspace to collaborate with all stakeholders.
- Manage content in wikis, post updates in the blog.
- Manage group tasks, share group calendars.
- Create custom workflows and automate documents.
- Modular for structured data sharing.
- Access your legal documents from anywhere, anytime.
- MS Office, Office 365, Outlook and G-Suite integration.
- Made for Mobile and Desktop - Browser or App Based.
Benefits
- Gain complete visibility and control over your documents.
- Keep documents in sync across your department and team.
- Introduce consistency and control to your legal documents.
- Increase productivity by automating creation of legal documentation.
- Private Cloud - Host your data in the UK.
- Overcome mailbox sizes - Send a link to a download.
- Security - Ensure control over information.
- Audit trail - What's been sent, when and by who.
Pricing
£199.00 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 5 2 2 2 8 7 0 1 5 2 5 9 1 8
Contact
Thomson Reuters
Joanne Fowler
Telephone: 07990563250
Email: joanne.fowler@thomsonreuters.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Private cloud
- Hybrid cloud
- Service constraints
- None.
- System requirements
-
- Modern Web Browser
- Windows
- MAC OSX
- MAC IOS
- Android
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 30 minutes Monday to Friday, 8am to 6pm.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- 8am - 6pm Service desk on business days with 24/7 Emergency support.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Training can be delivered remotely or onsite. There is a comprehensive online knowledge base.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- All data can be extracted by users with the appropriate permission via the user interface.
- End-of-contract process
- All client data is deleted as part of the contract. HighQ will decommission the instance in full as part of the base contract. It is the client's responsibility to extract any data they wish to keep prior to the decommissioning process. Secure overwrite is available for an additional charge.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- All features are available on mobile using a responsive design Files can be accessed via the HighQ Drive app for mobile on iOS and Android.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- HighQ includes access via browsers using secure HTTPS via desktop or mobile device, IOS and Android apps, REST API calls or HighQ Appliance that simplifies some of the more common API calls (e.g. SQL and AD synchronisation).
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Our customers are at the heart of everything we do, and we understand that our products, and many of our interactions with our customers take place online. To make those experiences work for everyone we endeavor to create, procure, and design products, services, and websites with accessibility in mind. To facilitate this work, we have a dedicated team of accessibility specialists who consult on and test our products. This team is available to assist with questions related to the accessibility of Thomson Reuters products.
- API
- Yes
- What users can and can't do using the API
- All the main features are accessible via the API, including the addition and update of users. This is supported with a vibrant developer community to share and learn.
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Custom branding can be applied at system and site level including the URL, visual appearance of the whole user interface and system generated emails.
Scaling
- Independence of resources
- HighQ provide single tenancy solutions deployed in HighQ's private cloud. The high-performance network architecture is built to be resilient and scalable. Bandwidth is provided across multiple diverse links, which do not depend on any single backbone, ensuring that there is full network connectivity redundancy, even in the event of one of the providers failing.
Analytics
- Service usage metrics
- Yes
- Metrics types
- All logins, configuration changes and content accessed is audited by user, data, and IP address.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- All files can be exported via the main user interface, and all other content can be exported to Excel and/or PDF.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML feed
- Excel
- HTML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Excel
- Automated schedule SQL connection via HighQ Appliance
- API
- ZIP file (for files)
- Drag and drop from OSX/ Windows
- HighQ AI Hub
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.9% Uptime which would be remunerated via service credits. https://highq.com/gb/terms-and-conditions/service-levels-and-it-security-controls-policy/
- Approach to resilience
- Each client is hosted on two geographically separate datacentres within the same legal jurisdiction. All UK hosting centres are ISO 22301, and ISO 27031 compliant.
- Outage reporting
- Email alerts are sent to client organisations upon detecting an outage. Any maintenance works are undertaken during pre-agreed maintenance windows and upgrades take place on a date/time pre-agreed with the client.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- Access can also be given via SSO from inside the clients network, using the SAML 2.0 protocol.
- Access restrictions in management interfaces and support channels
- Application access management is controlled by the client who can grant or revoke administrative privileges within the application to or from users in line with their own organisational policies and procedures. Infrastructure management is performed via secure management servers which are accessible only by VPN using two-factor authentication. Administrators cannot view client data where it is encrypted at rest.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- DAS
- ISO/IEC 27001 accreditation date
- 02/11/2018
- What the ISO/IEC 27001 doesn’t cover
- Outsourced development. Protection of test data. Technical review of applications after operating platform changes.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 19/02/2020
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials Plus aligned. CSA STAR - level 1.
- Information security policies and processes
- Complete ISMS present which is built from ISO 27001 controls. Higher management involved in the process and sign off on policies/procedures. All employees undergo CRB/DBS and qualification checks as part of the recruitment process and sign an Information Security agreement and Acceptable Use Policy along with their employment contract before commencing their responsibilities at HighQ. In the event of a violation, disciplinary action may be taken.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All configuration management and change management is performed using the Agile methodology. Changes are developed and a product iteration is released. Each release is subject to penetration testing.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We regularly perform penetration testing, undertake monthly vulnerability scans, and daily change scans. Patches are normally deployed within 2 weeks, and we receive threat intelligence from third party security vendors, e.g. CiSP, Mitre, and other publicly available sources. We also employ a source code vulnerability tracking system and use automated security assessment tools.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- HighQ employ enterprise logging and SIEM for all systems and perform regular checks upon those logs and events. Incidents are reviewed and classified in terms of impact and criticality. There is a defined security incident management practice (NIST 800-61r2). Depending upon the nature of the incident, the issue is either remediated immediately or mitigations designed into the next release.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Security Incident Management Procedures are built from NIST 800-61r2.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
In 2020, Thomson Reuters joined the Science Based Targets initiative, committing to reduce Scope 1 & 2 greenhouse gas (GHG) emissions by 50% by 2030 from 2018 baseline levels, as well
as reducing absolute Scope 3 GHG emissions from fuel and energy-related activities, business travel, and employee commuting by 25% by 2025 from 2019 baseline levels. Additionally, Thomson
Reuters aims to require 65% of suppliers by spend to have Science Based Targets by 2025. Since 2021, we have sourced renewable energy for 100% of our operations. We have achieved this largely through the purchase of renewable power by matching our electricity usage with renewable energy credits acquired around the world.
Largely through investment in renewable power for our facilities, we’ve been able to drive more than a 93% reduction in Scope 1 &2 GHG emissions from our 2018 baseline. To date, business travel
emissions are 66% lower than our 2019 baseline and we have made progress on our engagement target with our supply chain, with 32.5% of suppliers by spend committed to Science Based
Targets. In addition to the switch to renewable energy, Thomson Reuters remains carbon neutral through offsetting the remaining portion of its GHG footprint through carbon offsets. We spent
an average of 8% of our total US-based spend with diverse suppliers and our commitment is to maintain this for 2023 despite macroeconomic pressures and inflation impact. We continue to
refine our procurement process to incentivise working with suppliers who share our commitment to sustainability.Covid-19 recovery
In 2020, the global COVID-19 pandemic created unprecedented health risks to our employees, customers and suppliers, and containment measures intended to mitigate the impact of the pandemic resulted in global economic crisis and uncertainty. In response to the pandemic, we immediately transitioned most of our staff to a virtual work environment. At the same time, we worked with
our approximately 500,000 customers to ensure continued access to our products and services. Thomson Reuters developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigated this difficult period. We still continue to provide this support and we provide authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center was and continues to be a critical information hub for those who need it most.Tackling economic inequality
In support of diverse and minority-owned small businesses, Thomson Reuters partners with CVM, a supplier.io company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.
Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business.
We have also changed our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender.
Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.
We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.Equal opportunity
In 2022/23, we continued to increase the representation of racially/ethnically diverse talent in senior leadership. Racially/ethnically diverse representation in senior leadership increased by 2% year-over-year and the number of Black employees in senior leadership increased by one year-over year. We have successfully increased Black senior executive hiring as a result of focused efforts to establish relationships with senior Black talent and achieving diverse candidate slates for executive recruitment. we continue to focused actions to support growth and improve retention include highlighting Black high potential talent in CEO talent reviews, stay interviews, career coaching and opportunity matching, and mentorship by executive team members. Recruiting diverse talent, of course, is just part of the equation. We also need to make sure we’re doing everything we can to accelerate the
careers of people from diverse backgrounds once they’re here, by exposing them to differentiated development opportunities and sponsorship.
This year, we did that by expanding our Diverse Talent Academy program, in partnership with McKinsey, to equip our future leaders
with the skills, peer networks, and sponsorship to achieve their aspirations and grow within Thomson Reuters.
With specific Academies focused on Hispanic/Latino, Black, and Asian talent, the program reached over 200 racial and ethnically diverse colleagues across the company, more than doubling its reach and impact from the previous year.Wellbeing
At Thomson Reuters, the impact of the pandemic has motivated us to expand our efforts in employee wellbeing. Since 2022 we have rolled out new initiatives and commitments. On May 2 and October 25, we’re encouraging all our employees to take a break These mental health days are now a permanent feature of our commitment to supporting employee wellbeing. Technology is helping us deliver mental health supports and we’re investing in the tools our people need to assess their mental health and to support their team members, and families. We have launched new psychological and resilience self-assessment tools to help employees identify their strengths and risks and develop individualised strategies. Using the Headspace app, we introduced a 14-day mindfulness challenge which can include activities ranging from mini meditation in the morning to breathing exercises before bed.
When dealing with mental health and wellbeing at work, it’s critical to create safe spaces for important conversations, learning and sharing without judgement. To support our people leaders in creating safe spaces to talk about mental health, we have launched a mental health playbook – a resource guide for addressing mental health concerns with their colleagues. Other tools we’ve introduced include an extensive series of live and on-demand webinars for people managers and employees on topics such as on meditation, suicide prevention, change and anxiety and resilience.
While a company can create programs and provide tools for their employees, modelling behaviour is essential. We encourage all our executives and people leaders to speak out on issues of mental health and wellbeing to help break the stigma. It’s important as leaders that we let our people know that it’s okay to say you’re not okay.
We’re on a journey to being a global leader in wellbeing, and our work has only just begun.
Pricing
- Price
- £199.00 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Access to a Proof of Concept (POC) environment is available for limited time, in order to prove the solution works and is fit for purpose.