Anexsys Ltd

eDiscovery / eDisclosure Cloud Software - Relativity

Take control of your eDiscovery/eDisclosure platform with our fully customisable hosting of the industry-leading platform, Relativity. Empower your teams with customised workspaces, features and bespoke, proprietary add-ons. Maintain complete control of sensitive data through our managed hosting solutions.

Features

• Intuitive document review interface
• Flexible hosting options to meet your unique needs
• Supports advanced analytics and traditional data reduction techniques
• Automatic redactions provided via Anexsys’ application, Mask-it
• Secure electronic bundle builds via Anexsys’ application, Exhibit
• Complete control of where your data is stored and processed
• Flexible and customisable workflows and integrations to support review needs
• Productions and disclosures adapted to your needs and practice directions
• Full EDRM project management delivered by a certified Relativity partner
• Multiple languages supported at processing and review stages

Benefits

• Access to digital forensic experts (data collection to witness reporting)
• Easy digitisation of documents using in-house printing and scanning teams
• Expert advice on document processing and data reduction techniques
• Analytics features provided at no extra cost to optimise reviews
• Review efficiency savings of 20% from our proprietary platform enhancements
• Access to bespoke solutions from our UK in-house software team
• Customer self-sufficiency achieved through Anexsys training plans
• No charge for sub-15-minute tasks, typically saving 15% fees
• Highest degree of customisation and greatest control of data locations.
• Service underpinned by 100% UK-based security-cleared consultants and developers

£10 a gigabyte a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@anexsys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

812979124183758

Contact

Rob Crowley
020 3217 0300
tenders@anexsys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Min. 4 cores and 8GB of RAM for optimum performance
  • Any currently supported Windows OS running Edge v79+ (Chromium-based)
  • Any currently supported Windows OS running Google Chrome
  • Any currently supported Windows OS running Firefox
  • Any currently supported Mac OS X supporting Safari
  • Any currently supported Mac OS X supporting Chrome
  • Any currently supported Mac OS X supporting Firefox

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Support/office hours - Monday - Friday - 08:30 to 18:30.; Ticketing facility to log support requests - Available 24/7. Outside office hours we will provide an initial response to support requests within three hours. Enhanced support hours - weekend, bank holidays - by prior arrangement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our team will support your project from the first stages of scoping and data collection, continuing through the processing, review and the production stages. Our full onboarding process ensures we understand your review needs from the outset. You will have direct access to our security-cleared technical project managers, who all have extensive experience and are supported by a large technical team. Our support team can assist with more complex tasks such as creating layouts, search term reports, applying analytics functionality, and creating productions. With more complex work, your approval is sought for any additional costs associated with those tasks.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our onboarding process starts with a kick-off meeting where we agree the ordering/engagement process, key contacts, timelines, design templates and workflows, define security arrangements and agree milestones. We also analyse existing skills within your team and determine what levels of training will be required. Online or face to face training is then arranged accordingly using dummy data. All training is supported by user guide documentation. ; Each case will also have its own engagement process. With any new case, a scoping call will be required to determine data sources, sizes, whereabouts, and requirements specific to the case, such as de-duplication and search criteria. Previously agreed bespoke templates will be used to set up the new workspace, applying case-specific adjustments as required. Further training on the specific workspace is also given at this stage so reviewers are introduced to their case-specific data and workflows.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We offer various closure options. We can export the entire database including all the files. This export is provided on an encrypted hard drive and data can be restored in the future if required. We can export the documents with agreed metadata. With this option, a single export is provided on an encrypted hard drive. Finally, we can delete all data. We also have options for the source data that was originally supplied to us for processing. This source data can be stored for an agreed period, copied and returned, or deleted from our systems. We will only delete the data from our servers once you have confirmed you can access your archive. We use forensically sound deletion processes, so rendering data irretrievable.
• End-of-contract process: Deleting data is carried out free of charge. We do not charge for returning physical evidence within the UK. Our case closure letter outlines upfront the associated costs for each option and options are priced on a sliding scale, depending on case size. Once archive instructions have been actioned, project data is deleted from our systems and a certificate of destruction is issued.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Relativity is a fully cloud-hosted platform, supporting document reviews around the world, from large inquiries and complex legal cases to smaller document reviews such as Data Subject Access Requests (DSAR) and Freedom of Information Act Requests (FOIA). Your workspaces and workflows can be customised to suit the needs of each review and full reviewer training is provided from basic to super-user levels. The interface is intuitive and designed with the needs of non-technical operators in mind, with easy-to-use document viewing and coding panels, together with batching functionality that presents prioritised queues of documents to the reviewing team.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: All browser-level accessibility features are supported within Relativity. In addition, Relativity use a Web Content Accessibility Guidelines (WCAG) Checklist to test accessibility standards following any development activity. All our proprietary features are fully integrated within the Relativity interface and so as accessible as the core Relativity product.
• API: Yes
• What users can and can't do using the API: Relativity is the only review platform that has open and extensible API. API-access is supported through our in-house software development team. We create custom solutions that integrate into the Relativity platform. We are the only UK owned eDisclosure service provider with a dedicated software development team, and we are a Relativity development partner, meaning that we are uniquely positioned to take advantage of the extensibility features of the Relativity platform. We have developed several integrations with Relativity that form part of our standard Relativity offering. These include:; ; Mask-it - Mask-It allows users to easily redact native versions of various document types within Relativity including Excel, Email, Word, PDF and many more. Mask-It saves time and cost when performing redactions by enabling users to automatically apply redactions made to one document to all its duplicates. It can also generate redaction schedules.; ; RTK message - RTK message is used to import data from social media sites such as Facebook to Relativity and review them in a user-friendly manner. Our UK based SC-cleared software development team frequently works with Government and private sector clients providing solutions to very individual requirements.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Relativity platform provides flexibility to enhance and customise the application. Beyond core Relativity, we can provide a range of proprietary enhancements to the platform.; This capability, from building unique workflows to supporting structured and unstructured datasets, and embedding of other technology platforms, ensures that the platform can continue to meet ever more complex use cases. ; During the onboarding process, we work with you to determine what "standard" workspace layouts and workflows should look like, what tagging and coding options are required. Our experts will be on hand to adjust workspaces to adapt as the case progresses. Levels of security are a huge feature of the platform, and these can be customised to user, folder and even document level.

Scaling

• Independence of resources: Our service gives you complete control over the physical locations where data is held, the customisations that are in use and the security restrictions that are applied. We can provide fully managed hosting solutions within our servers or provide management services for Relativity instances that are hosted within your infrastructure. Our hosting solutions are backed by our parent company, Consilio, to provide scalable, robust solutions that can seamlessly respond to the largest of demands. Consilio have the largest instances of Relativity in the world and maintain considerable contingent capacity at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: We can create customised reports to meet all requirements. This includes broad project statistics such as the volumes of data processed/hosted and the number of documents in review, down to granular metrics such as the average number of pages reviewed per reviewer per hour, or the percentage of review decisions overturned per reviewer. This can then be presented both graphically and numerically through dashboards. Our experts can also write bespoke scripts to gather information and present it in a user-friendly fashion via alerts and dashboards.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Relativity

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Downloading and printing of documents and case reports is tightly controlled by user permissions, and explicit permission by case managers is sought before enabling this functionality. Standard large data exports are completed by our team in accordance with your individual case requirements. We can then make use of our Secure FTP service or we can supply data on physical media for you to collect or have couriered to your physical site.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Concordance DAT file (standard legal export)
  • Natives
  • Text files
  • Images
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF files
  • Standard files typically found on a computer (eg. Word, Excel)
  • Concordance DAT file (Native, text and metadata files)
  • Raw unstructured data (e.g. PST files, AD1 images, ZIP files)
  • OPT file (Images)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As we have control over hosting, we can offer a range of uptime SLAs to meet your needs. These start at 99.5% of the total number of minutes in each calendar month outside of planned maintenance windows and increase to meet the most demanding of requirements. Or we can allow you to take complete control by managing a platform that is hosted within your own infrastructure. Support hours (Mon-Fri) 08:30am-18:30pm following initial acknowledgment you can expect a full response to queries within the following timescales: Low urgency – 4 business hours, Medium / routine urgency – 2 business hours, High urgency – 1 hour (24/7, not limited to business hours).
• Approach to resilience: Anexsys is an ISO 27001, ISO 9001 and Cyber Essentials Plus accredited organisation. Our datacentres are ISO27001 and SOC 2 compliant. Processes and security arrangements that are in place, protecting both physical and digital assets are regularly audited for compliance, internally and externally. We have documented disaster recovery and business continuity procedures, available to view on request.; Relativity is built on Microsoft Azure for the most comprehensive compliance coverage. Relativity's security team conduct proactive threat intelligence, hunting, and investigations and commit to constant security innovations and updates, so you always benefit from the most secure version. ; We provide a completely bespoke approach to resilience, defining the hosting environment and backup regime to meet your unique needs.
• Outage reporting: The platform is actively monitored and in the event of an outage or significant downtime, this will alert our in-house infrastructure team and project managers will in turn issue email alerts to you. Email alerts will contain detailed information regarding our plans to address the issue(s), the root cause and expected length of the outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: User access is configured to match the job roles of employees and clients. Permissions are highly granular and flexible. Permissions can control which databases and data can be accessed, which functions of the application can be used, and access to the administrator interface. An increased level access is required for the import and configuration of data into the platform as well as administrative tasks.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 4th May 2022
• What the ISO/IEC 27001 doesn’t cover: All of our services are covered by our accreditation
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • HIPAA
  • FedRAMP
  • SSAE-16 SOC 1 and SOC 2
  • ISO 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Complying with ISO standards ensures that we are committed to meeting your needs together with protecting our information and your data. This is a mechanism for us to show that we are continually improving and learning by completing regular internal and external audits of our quality and information security management systems.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to operational software, system upgrades, application module upgrades, vendor-supplied software, product enhancements and patches are controlled through our change management procedure detailed in our Information Security Management System. Any changes are requested through a ticketing system with full details and risk assessment for approval. The approval of a member of our management team is required if there is a possible alteration to any security controls, a financial cost or where a third-party approval is required. Once approved the infrastructure team follows a specific implementation procedure which includes planning, testing, taking backups and version control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The management of our technical vulnerabilities is documented in our ISO27001 Information Security Management System documentation. In summary, measures include, maintaining an inventory of assets, ensuring a patching regime is adhered to for all devices and a monthly vulnerability scan by a third party. We also restrict the installation of software on all company devices, and audit devices regularly. OS patches are applied monthly. Application patches are applied as soon as reasonably possible after they are released by the platform vendor.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The configuration and cloud-based infrastructure of our platform allows for controlled, audited and monitored access. We have a 24/7 InfoSec team that monitor all our systems. All processes are monitored and restarted automatically, with all storage being highly available and appropriate distributed consensus is applied to minimise data loss. Only highly available load balancers are accessible from the internet with specific access controls limiting traffic into the private networks where all activity occurs. All monitoring and support processes are documented in our ISO 27001 Information Security Management System.
• Incident management type: Supplier-defined controls
• Incident management approach: In the event of a verified information security incident, we will inform you at the earliest possible opportunity. From that point on, all communication will be handled by the Incident Manager. We will provide a substantive update (e.g., nature of the incident and affected data) within 24 hours and updates every 24 hours thereafter until the incident is resolved.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We operate as a highly distributed company, with many employees working remotely. This minimises our need for physical office space and the requirement for our employees to commute, minimising our corporate energy footprint. We incorporate environmental sustainability practices into our operations where feasible through e.g., leasing office space in Energy Star labelled and/or LEED certified properties and using Energy Star equipment where practicable. ; We encourage employees to adhere to energy saving practices including turning lights off in unused spaces, turning computers off and printers to idle when not in use, providing recycle bins in common areas/break rooms, using energy efficient light bulbs and installing window shades to reduce heat. As part of our commitment to minimising the environmental impacts of our business, we recently formed an Employee Affinity Group focused on Sustainability. Members of this group will work to identify and roll out sustainable business practices, promote sustainability and engage with local communities to help support sustainable practices.; We are also partnering with “Greener Litigation”, an initiative to reduce the environmental impact of dispute resolution, and we are promoting its Greener Litigation Pledge with our clients. This commits clients to take active steps to minimise the environmental impact of their practices and to reduce emissions in line with the objective of restricting global warming to 1.5°C through four actions defined within the pledge.
• Covid-19 recovery:

  Covid-19 recovery

  We recognise the need to support our local communities in their Covid-19 recovery. We plan to retain our more flexible, remote delivery model for staff, including outsourced review, rather than return to a centralised, office-based approach. Through Covid-19, we have recognised that we are able to maintain service, quality and security, whilst delivering in a manner that is adaptable to the needs of working families, the less able and others who find it difficult to attend city-centre office locations full-time. This provides greater opportunities to a wider range of community members, including those who, through no fault of their own, can struggle to find suitable skilled employment. ; We are also committed to investing financial resources, offering staff time (including mentoring via the Social Mobility Foundation) and making charitable donations. Our staff committee agree on the charities we support annually and examples of our charitable work in 2022 includes participation in The London Legal Walk (which provides life-changing legal advice to those in need) and the Royal Parks Half Marathon (raising money for over 1,000 UK charities including the Royal Parks, British Heart Foundation, Cancer Research UK, GOSH, Mind, and Tommy's) and charitable donations to AgeUK, Mind and Homeless.org (selected due to their focus on community support and recovery from Covid-19). ; We have teamed with several schools and sixth form organisations to provide work experience placements and career talks, and offer three work experience placements every school year. ; We have also signed the Save the Children pledge calling on governments around the world to fully fund a global vaccine programme. This will allow countries with more vaccines than they need to share their surplus provision with other countries to ensure global vaccine supply meets demand.
• Tackling economic inequality:

  Tackling economic inequality

  All vacancies are publicly advertised using a wide range of fora and we use double blind shortlisting to prevent unconscious bias. Our offices are wheelchair accessible and all requests for reasonable adjustments are accepted. Our platforms have accessibility features including high contrast displays, large fonts, and screen readers and Braille display compatibility. We provide free training on eDisclosure via the Social Mobility Foundation, which we developed specifically to support the disadvantaged into skilled employment. We retain contact with course participants, providing advice and mentorship as they move towards their career goals. ; We use consultants EmployAbility to improve inclusivity and have created training to improve understanding of disability in the workplace. We are an Armed Forces Covenant signatory. We encourage applications from ex-law enforcement and veterans (via the Career Transition Partnership and Forces Families Jobs Forum). We have adopted the Halo Code to ensure that our policies do not unintentionally prevent diversity and have signed BITC’s Race at Work charter. We also work with Aspiring Solicitors (part of the Diversity Access Scheme) to help diverse candidates secure training contracts with UK law firms. We work with Amber, a charity for young homeless and long-term unemployed people, supporting them by providing counselling sessions, fundraising for bed space and providing IT basics training sessions. We also help DABD support NEETs in London achieve employment and social mobility by helping them with their events.
• Equal opportunity:

  Equal opportunity

  Our Client Advisory Board (CAB) includes representatives from 13 corporate and law firm customers who are part of their organisations’ leadership teams and actively involved in D&I work. The CAB provides guidance, with all parties sharing ideas and advice for improvement. In 2021 we launched a programme to provide clients with diversity metrics for the teams assigned to their matters. ; Our group has had a Diversity & Inclusion (D&I) programme since 2018. We are a group signatory of the CEO Action for Diversity & Inclusion, the largest CEO-driven business pledge to advance these values within the workplace. We report and analyse the demographic metrics of our workforce annually. In 2020, our group launched a series of campaigns to encourage more employees to voluntarily self-identify their diverse characteristics, including race/ethnicity, gender, veteran status, age and disability status. The objective of those efforts was to gather more complete data on Priority Groups to improve our ability to analyse and set goals. Now that we have obtained more complete data, we are able to develop benchmarks for our recruiting, hiring, promoting and overall workforce composition. To foster our culture of inclusion and provide support to a diverse workforce, we have established several different employee affinity groups. We support dozens of VCSE organisations whose missions are to promote diversity, equality, and inclusion, as well as those that provide resources for underserved members of our communities. This support includes both financial contributions and the donation of time and talent by our employees. We also promote D&I in our professional communities through marketing campaigns and social media. One example is delivering lunches to the healthcare professionals who support our communities. This year, our group has supported LawWorks UK, London Legal Support Trust and AgeUK to name a few.
• Wellbeing:

  Wellbeing

  Our Health & Wellness Affinity Group’s mission is to help our staff grow a strong foundation of health & wellness through best practices, provide appealing integrative programmes and direct the investment of business resources in ways that promote healthy, sustainable working practices. Examples of initiatives include virtual 5k events, meditation, our Employee Assistance Programme, on-demand wellness classes (provided by Wellbeats) and free, independent financial advice on tax, budgeting and pensions. ; We have introduced a series of webinars on stress management, which are designed to give our staff tools to support them in everyday life and achieve a better work-life balance. In addition, we also have monthly training sessions on business and wellbeing subjects, such as Health & Safety when working from home, Equality & Diversity and LGBTQ+ awareness. Staff are encouraged to attend the monthly session with their peers, to stimulate participation. ; Our staff are also automatically enrolled to our healthcare provider Medicash, which offers many health related benefits. Medicash also provides a 24/7 support hotline allowing our employees to have unlimited access to information, advice and emotional support throughout the year.

Pricing

• Price: £10 a gigabyte a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@anexsys.com. Tell them what format you need. It will help if you say what assistive technology you use.