Deloitte LLP

RegExplorer

Deloitte's RegExplorer supports organisations in:
- Automating burdensome tasks like reading, searching, and collating disparate information on regulation;
- Simplifying the process for individuals to analyse and identify specific, duplicative, or linked rules and regulations;
- Enabling non-coding experts to make connections/conduct research to streamline the regulatory framework/complex rules

Features

• Natural Language Processing [NLP]
• Artificial intelligence [AI]
• Machine Learning [ML]
• Real-time analysis and dashboarding
• Analysis of unstructured data (text)
• Search, analyse, compare and review regulations / rules across geographies
• Cluster and connection analysis of rules and regulations
• Textual relationship searching not just key-word list matching
• Data ingestion and storage capability in multi-tenant web application
• Analyse deltas in regulation (i.e. what has changed)

Benefits

• Quickly automate burdensome tasks to upkeep / improve regulations
• Simplify analysis and identification of duplicative/linked rules and regulations
• Enable non-experts in code to make connections and conduct research
• Quickly ingest and analyse huge amounts of unstructured data
• Compare rules and regulations across legislation areas, departments and geographies
• Enable opportunities for burden reduction and streamlining
• De-duplication and removal of conflicting regulations / rules
• Cost reduction for the regulatory / rules regime being analysed
• Creates time for staff to complete higher-value analysis activity
• Can be customised to meet specific search and analysis requirements

£8,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

881104630361731

Contact

Donna Farrell
0207 303 0913
publicsectorbidteam@deloitte.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The service is limited by the data sets available. However the service has the capability to ingest any public data that is available for commercial use and is royalty free.
• System requirements: Designed for Chrome or Firefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tailored to client’s requirements. Response times at weekends may differ.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support available in various levels. Service and prices will be determined as part of the overall engagement, as they are bespoke for each client.; ; Subscription users will have a separate support level decided as part of the subscription package.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The engagement team will organise workshops with the client team to outline the requirements and scope for RegExplorer, how the project will be run, and what users can expect from the service once it is completed. If clients need their people trained in the software that is an available option, and will be priced separately. Deloitte can arrange for our own subject matter experts to facilitate training, either on-site or off-site. User documentation will be supplied.; Subscription only clients will not receive the same level of support.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: We have an online training program
• End-of-contract data extraction: The web application contains ONLY public data therefore the data remains in the application beyond the contract end date. ; ; For managed analytics where the client provides non-public data, all data is owned by the client, and all outputs are data required by the client in the course of their programme execution. Our dashboards can be installed in client architecture, or on a private cloud, and the data is extracted in accordance with client data handling policies/regulations, and kept only by them. The content of the client’s log files can be provided in various formats (eg. CSV)
• End-of-contract process: For the web application with client licenses, the license will expire the access to the application will cease. ; For web application with managed service, the service relationship will cease but client will retain any reports that have been produced during the contract period.; For customised managed analytics we will discuss with customers any off-boarding, service migration or scope of exit requirements and reach agreement on the most suitable approach prior to an order being placed. The requirements should be documented in the Order Form by the customer, and Deloitte will include details in the Order Form as agreed between Deloitte and the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Tablets only. No difference in service
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The RegExplorer application itself cannot be customised but product based service customisations are available. We offer product based managed analytics to support client data and analysis request beyond whats available in the application.

Scaling

• Independence of resources: RegExplorer leverages AWS cloud infrastructure

Analytics

• Service usage metrics: Yes
• Metrics types: We use the Adobe Analytics suite for user analytics
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: All data at rest is encrypted and password protected.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The web application allows user to export data via CSV or PDF
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats:
  • Direct uploading to the web application is not available
  • Uploading needs to be performed by Deloitte.

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: NA
• Data protection within supplier network: Other
• Other protection within supplier network: All data within the RegExplorer web application is publicly sourced data. However, RegExplorer still undergoes cyber security reviews & penetration testing for every release and is is SOC2 compliant.; ; All data is encrypted at rest & in-transit, the web application and backend APIs leverage SSL protocol.

Availability and resilience

• Guaranteed availability: 99% availability (production environment) per month, excluding a period of planned maintenance.; 99% availability (test and dev environments), excluding a period of planned maintenance.
• Approach to resilience: No single points of failure within the data centre (details available on request).
• Outage reporting: Outages are extremely rare and are reported manually

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Either via Single Sign On or MFA
• Access restrictions in management interfaces and support channels: We restrict access in line with the requirements of handling personal data, agreed with the client's security and data protection officers. Details available on request.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: All user access to RegExplorer is at the same level since all data is public. No role-based users currently exist for licensed users.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC2 compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: All security governance is compliant with Deloitte Global Technology Services and Certified to Sell standards. ; SOC2 (type II) Compliance.
• Information security policies and processes: We have access management, data protection, disaster recovery, network, vulnerability, and monitoring policies and standards that are adhered to and audited on a regular basis to confirm compliance. Access rights are reviewed on a monthly basis, revocation is completed within 24 hrs of ticket opening.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our organization has two separate ‘policies & standards’ for both configuration & change management. Configurations processes revolve around testing & the ability to roll-back configuration changes. Change Management standards focus on proper checkpoints, sign-offs, and documentation.; Our change management & configuration policies focus on multiple checkpoints, sign-off by designated leadership, regression testing in lower environments, and the generation of artifacts that can be used to roll-back any changes as needed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our Vulnerability Management Policies and Standards focus on a regular assessment of our network, data, infrastructure, and procedures to understand the level of risk our solution is exposed to as well as how best to mitigate that risk.; Penetration Testing, Static & Dynamic scans, as well as open-source scans are conducted against the solution codebase for every release. All new data goes through a legal review of the ability for us to use it within the tool. Operating Systems & software on all infrastructure is regularly updated for patches.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Multiple monitoring activities are performed: Network Performance Monitoring, Application Performance Monitoring, Web Performance Monitoring, External Web Availability, Internal/External Status Page, Real time review: IDS/anti-virus, Weekly review: Patch (GFI) log monitoring, Quarterly Review: Firewall / Firewall logging, Daily Review: Security event log monitoring.Logs are protected from unauthorised manipulation and deletion. ; Additional controls established include collection and centralisation to provide a system of record for logging events. The centralised system serves as the system of record and leverages a flexible authentication and authorisation scheme for viewing various data sets. Logs are archived and backed up linked to retention polices/contractual and regulatory obligations.
• Incident management type: Supplier-defined controls
• Incident management approach: 3 level incident classification framework: ; L1: One instance of potentially unfriendly activity (for example, finger, unauthorised telnet, unexpected performance peak, etc.); L2: One instance of a clear attempt to obtain unauthorised information or access (for example, attempted download of secure Password files, attempt to access restricted areas, etc.) or a second Level 1 attack.; L3: Serious attempt or actual breach of security (for example, multi-pronged attack, denial of service attempt, etc.) or a second Level 2 attack.; Any Level 1 type Incident occurring against systems components or originating from unauthorised internal systems must be classified as a Level 2 Incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Deloitte is committed to delivering effective stewardship of the natural environment both with our clients and within communities. We do this through our methodologies, how we run projects, how we work in partnership with our Social Value Delivery Partners and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the Social Value Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of commitments.; We have infrastructure in place to deliver against this theme. Our Social Value Team manages our ecosystem of Social Value Delivery Partners, and shapes our commitments for delivering additional environmental benefits and influencing environmental improvement and protection. This is done in collaboration with our WorldClimate team, Responsible Business team and Net Zero Transformation, Strategy and Innovation Team.; Our WorldClimate strategy focuses on four objectives where we can make the biggest impact: achieving Net Zero by 2030: Operating Green; empowering individuals through education and sustainability challenges/tools; and engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.; Our engagement teams can undertake volunteering activities with our climate related Social Value Delivery Partners as social value commitments, contributing to habitat creation and increasing biodiversity (e.g. WWT, WDC). We also have partnerships where we can co-design commitments around green skills, green jobs and carbon literacy.

  Covid-19 recovery

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Tackling economic inequality

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Equal opportunity

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Wellbeing

  Wellbeing Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with the wellbeing theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/ communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to an engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated Social Value Team provides the bidding and governance infrastructure to support engagement teams. The team manages our ecosystem of Social Value Delivery Partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes of improving the health and wellbeing within the contract workforce and community cohesion are met. ; We have an extensive programme of wellbeing initiatives, tools and events to support our contract workforce. Our Future of Wellbeing team also specialises in wellbeing impact measurement, strategy, and culture, and can work with clients on improving these areas in their organisation. Their methodology is informed by best practice from around the world (e.g. CIPD, COMB-model of behaviour change, World Happiness Report, BSI ISO 45003, Thriving at work standards Stevenson/Farmer, City Mental Health Alliance).

Pricing

• Price: £8,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Deloitte will provide demonstrations of the application customised to the client

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.