Skip to main content

Help us improve the Digital Marketplace - send your feedback

Thomson Reuters

HighQ DocAuto, powered by Contract Express

Given the number of legal documents your in-house team produces and handles every day, it’s critical to have a legal document management system that can introduce consistency and reduce manual work. HighQ can optimise team productivity and streamline legal services by automating the creation of your legal documentation.

Features

  • Securely store documents and easily find what you need.
  • Collaborate on documents and coauthor contracts seamlessly.
  • Create secure workspace to collaborate with all stakeholders.
  • Manage content in wikis, post updates in the blog.
  • Manage group tasks, share group calendars.
  • Create custom workflows and automate documents.
  • Modular for structured data sharing.
  • Access your legal documents from anywhere, anytime.
  • MS Office, Office 365, Outlook and G-Suite integration.
  • Made for Mobile and Desktop - Browser or App Based.

Benefits

  • Gain complete visibility and control over your documents.
  • Keep documents in sync across your department and team.
  • Introduce consistency and control to your legal documents.
  • Increase productivity by automating creation of legal documentation.
  • Private Cloud - Host your data in the UK.
  • Overcome mailbox sizes - Send a link to a download.
  • Security - Ensure control over information.
  • Audit trail - What's been sent, when and by who.

Pricing

£199.00 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 5 2 2 2 8 7 0 1 5 2 5 9 1 8

Contact

Thomson Reuters Joanne Fowler
Telephone: 07990563250
Email: joanne.fowler@thomsonreuters.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
None.
System requirements
  • Modern Web Browser
  • Windows
  • MAC OSX
  • MAC IOS
  • Android

User support

Email or online ticketing support
Email or online ticketing
Support response times
30 minutes Monday to Friday, 8am to 6pm.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
8am - 6pm Service desk on business days with 24/7 Emergency support.
Support available to third parties
No

Onboarding and offboarding

Getting started
Training can be delivered remotely or onsite. There is a comprehensive online knowledge base.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
All data can be extracted by users with the appropriate permission via the user interface.
End-of-contract process
All client data is deleted as part of the contract. HighQ will decommission the instance in full as part of the base contract. It is the client's responsibility to extract any data they wish to keep prior to the decommissioning process. Secure overwrite is available for an additional charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All features are available on mobile using a responsive design Files can be accessed via the HighQ Drive app for mobile on iOS and Android.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
HighQ includes access via browsers using secure HTTPS via desktop or mobile device, IOS and Android apps, REST API calls or HighQ Appliance that simplifies some of the more common API calls (e.g. SQL and AD synchronisation).
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our customers are at the heart of everything we do, and we understand that our products, and many of our interactions with our customers take place online. To make those experiences work for everyone we endeavor to create, procure, and design products, services, and websites with accessibility in mind. To facilitate this work, we have a dedicated team of accessibility specialists who consult on and test our products. This team is available to assist with questions related to the accessibility of Thomson Reuters products.
API
Yes
What users can and can't do using the API
All the main features are accessible via the API, including the addition and update of users. This is supported with a vibrant developer community to share and learn.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Custom branding can be applied at system and site level including the URL, visual appearance of the whole user interface and system generated emails.

Scaling

Independence of resources
HighQ provide single tenancy solutions deployed in HighQ's private cloud. The high-performance network architecture is built to be resilient and scalable. Bandwidth is provided across multiple diverse links, which do not depend on any single backbone, ensuring that there is full network connectivity redundancy, even in the event of one of the providers failing.

Analytics

Service usage metrics
Yes
Metrics types
All logins, configuration changes and content accessed is audited by user, data, and IP address.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All files can be exported via the main user interface, and all other content can be exported to Excel and/or PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML feed
  • Excel
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Automated schedule SQL connection via HighQ Appliance
  • API
  • ZIP file (for files)
  • Drag and drop from OSX/ Windows
  • HighQ AI Hub

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% Uptime which would be remunerated via service credits. https://highq.com/gb/terms-and-conditions/service-levels-and-it-security-controls-policy/
Approach to resilience
Each client is hosted on two geographically separate datacentres within the same legal jurisdiction. All UK hosting centres are ISO 22301, and ISO 27031 compliant.
Outage reporting
Email alerts are sent to client organisations upon detecting an outage. Any maintenance works are undertaken during pre-agreed maintenance windows and upgrades take place on a date/time pre-agreed with the client.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Access can also be given via SSO from inside the clients network, using the SAML 2.0 protocol.
Access restrictions in management interfaces and support channels
Application access management is controlled by the client who can grant or revoke administrative privileges within the application to or from users in line with their own organisational policies and procedures. Infrastructure management is performed via secure management servers which are accessible only by VPN using two-factor authentication. Administrators cannot view client data where it is encrypted at rest.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DAS
ISO/IEC 27001 accreditation date
02/11/2018
What the ISO/IEC 27001 doesn’t cover
Outsourced development. Protection of test data. Technical review of applications after operating platform changes.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
19/02/2020
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus aligned. CSA STAR - level 1.
Information security policies and processes
Complete ISMS present which is built from ISO 27001 controls. Higher management involved in the process and sign off on policies/procedures. All employees undergo CRB/DBS and qualification checks as part of the recruitment process and sign an Information Security agreement and Acceptable Use Policy along with their employment contract before commencing their responsibilities at HighQ. In the event of a violation, disciplinary action may be taken.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All configuration management and change management is performed using the Agile methodology. Changes are developed and a product iteration is released. Each release is subject to penetration testing.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We regularly perform penetration testing, undertake monthly vulnerability scans, and daily change scans. Patches are normally deployed within 2 weeks, and we receive threat intelligence from third party security vendors, e.g. CiSP, Mitre, and other publicly available sources. We also employ a source code vulnerability tracking system and use automated security assessment tools.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
HighQ employ enterprise logging and SIEM for all systems and perform regular checks upon those logs and events. Incidents are reviewed and classified in terms of impact and criticality. There is a defined security incident management practice (NIST 800-61r2). Depending upon the nature of the incident, the issue is either remediated immediately or mitigations designed into the next release.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Security Incident Management Procedures are built from NIST 800-61r2.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

In 2020, Thomson Reuters joined the Science Based Targets initiative, committing to reduce Scope 1 & 2 greenhouse gas (GHG) emissions by 50% by 2030 from 2018 baseline levels, as well
as reducing absolute Scope 3 GHG emissions from fuel and energy-related activities, business travel, and employee commuting by 25% by 2025 from 2019 baseline levels. Additionally, Thomson
Reuters aims to require 65% of suppliers by spend to have Science Based Targets by 2025. Since 2021, we have sourced renewable energy for 100% of our operations. We have achieved this largely through the purchase of renewable power by matching our electricity usage with renewable energy credits acquired around the world.
Largely through investment in renewable power for our facilities, we’ve been able to drive more than a 93% reduction in Scope 1 &2 GHG emissions from our 2018 baseline. To date, business travel
emissions are 66% lower than our 2019 baseline and we have made progress on our engagement target with our supply chain, with 32.5% of suppliers by spend committed to Science Based
Targets. In addition to the switch to renewable energy, Thomson Reuters remains carbon neutral through offsetting the remaining portion of its GHG footprint through carbon offsets. We spent
an average of 8% of our total US-based spend with diverse suppliers and our commitment is to maintain this for 2023 despite macroeconomic pressures and inflation impact. We continue to
refine our procurement process to incentivise working with suppliers who share our commitment to sustainability.

Covid-19 recovery

In 2020, the global COVID-19 pandemic created unprecedented health risks to our employees, customers and suppliers, and containment measures intended to mitigate the impact of the pandemic resulted in global economic crisis and uncertainty. In response to the pandemic, we immediately transitioned most of our staff to a virtual work environment. At the same time, we worked with
our approximately 500,000 customers to ensure continued access to our products and services. Thomson Reuters developed a Small Business COVID-19 Resource Center to support our legal, tax, compliance, and government professionals as they navigated this difficult period. We still continue to provide this support and we provide authoritative guidance on everything from best practices on proper treatment of stimulus payments in tax filings to important legal resources, the Resource Center was and continues to be a critical information hub for those who need it most.

Tackling economic inequality

In support of diverse and minority-owned small businesses, Thomson Reuters partners with CVM, a supplier.io company, which has a proprietary database of nearly 1 million diverse and small businesses. CVM’s database is used by many Fortune 500 companies when they are looking for qualified diverse and small suppliers to consider for purchasing opportunities.
Together with the launch of our Supplier Diversity & Sustainability Program, we have equipped our team of Sourcing Managers and Buyers with the necessary tools for them to incorporate Diverse Suppliers into most of our competitive bid processes (RFI/RFP/RFQs) so that we greatly increase their opportunities to win our business.
We have also changed our tendering process to ensure that suppliers which comply with specific sustainability and diversity measures will have additional weight in our evaluation methodology, increasing their likelihood of being successful in the tender.
Thomson Reuters is committed to providing opportunities for diverse and sustainable businesses to prosper, by actively engaging suppliers that help us address the diverse needs of the global marketplace, and by promoting financial inclusion practices for the benefit of minority groups.
We expect companies seeking to do business with Thomson Reuters to demonstrate that the goods and services they provide to us come from sources that share and are committed to our values, such that their business practices are consistent with the needs and expectations of our customers, investors, and the global community we serve.

Equal opportunity

In 2022/23, we continued to increase the representation of racially/ethnically diverse talent in senior leadership. Racially/ethnically diverse representation in senior leadership increased by 2% year-over-year and the number of Black employees in senior leadership increased by one year-over year. We have successfully increased Black senior executive hiring as a result of focused efforts to establish relationships with senior Black talent and achieving diverse candidate slates for executive recruitment. we continue to focused actions to support growth and improve retention include highlighting Black high potential talent in CEO talent reviews, stay interviews, career coaching and opportunity matching, and mentorship by executive team members. Recruiting diverse talent, of course, is just part of the equation. We also need to make sure we’re doing everything we can to accelerate the
careers of people from diverse backgrounds once they’re here, by exposing them to differentiated development opportunities and sponsorship.
This year, we did that by expanding our Diverse Talent Academy program, in partnership with McKinsey, to equip our future leaders
with the skills, peer networks, and sponsorship to achieve their aspirations and grow within Thomson Reuters.
With specific Academies focused on Hispanic/Latino, Black, and Asian talent, the program reached over 200 racial and ethnically diverse colleagues across the company, more than doubling its reach and impact from the previous year.

Wellbeing

At Thomson Reuters, the impact of the pandemic has motivated us to expand our efforts in employee wellbeing. Since 2022 we have rolled out new initiatives and commitments. On May 2 and October 25, we’re encouraging all our employees to take a break These mental health days are now a permanent feature of our commitment to supporting employee wellbeing. Technology is helping us deliver mental health supports and we’re investing in the tools our people need to assess their mental health and to support their team members, and families. We have launched new psychological and resilience self-assessment tools to help employees identify their strengths and risks and develop individualised strategies. Using the Headspace app, we introduced a 14-day mindfulness challenge which can include activities ranging from mini meditation in the morning to breathing exercises before bed.
When dealing with mental health and wellbeing at work, it’s critical to create safe spaces for important conversations, learning and sharing without judgement. To support our people leaders in creating safe spaces to talk about mental health, we have launched a mental health playbook – a resource guide for addressing mental health concerns with their colleagues. Other tools we’ve introduced include an extensive series of live and on-demand webinars for people managers and employees on topics such as on meditation, suicide prevention, change and anxiety and resilience.
While a company can create programs and provide tools for their employees, modelling behaviour is essential. We encourage all our executives and people leaders to speak out on issues of mental health and wellbeing to help break the stigma. It’s important as leaders that we let our people know that it’s okay to say you’re not okay.
We’re on a journey to being a global leader in wellbeing, and our work has only just begun.

Pricing

Price
£199.00 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Access to a Proof of Concept (POC) environment is available for limited time, in order to prove the solution works and is fit for purpose.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joanne.fowler@thomsonreuters.com. Tell them what format you need. It will help if you say what assistive technology you use.