SirionLabs Pte. Ltd.

Sirion Contract Intelligence

Sirion is an AI native Contract Lifecycle Management platform including contract analytics and extractions. It provides contract authoring, repository obligation and service level performance management and supplier relationship management (SRM). Sirion provides real-time analytics in all aspects of CLM, supplier governance, Order to Cash (O2C) and contract analytics.

Features

• Hierarchical, access controlled, fully searchable contract and non-contract document repository
• Contract analytics, obligation extraction, tracking and reporting
• Extract 100+ metadata fields (supplier name, dates, insurance clauses etc.)
• Extract obligations, deliverables, milestones, policy and regulatory commitments, SLA etc.
• Compute contract risk scores and gain insights into clause deviations
• Alert all stakeholders of potential penalties and losses
• Deduplication and similarity clustering between documents
• Extracted, reviewed governance ready data, to flows into downstream applications
• Multi-line, multi-column, multi-table, multi-language extractions from any document type
• Integration adapters with third-party applications to capture files

Benefits

• Secure, intuitive access to your contracts and related business documents
• Easy to manage and track contract changes and amendments
• Digital, interrogable contracts and intelligent insights via AI
• Enable realtime analytics and transparency
• Save time, lower costs, digitize thousands of contract documents simultaneously
• Out of Box dashboards
• Analytical insights tailored for regulatory compliance, deviation analysis, M&A etc.
• Fully access-controlled, concurrent review and editing

£70 to £95 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.naylor@sirionlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

984413635842220

Contact

James Naylor
+44 7789958320
james.naylor@sirionlabs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None.
• System requirements:
  • Stable internet connection of 10 Mbps
  • Browsers MS Edge, Chrome, Firefox, Safari (current or current-1)
  • 1 Gigabyte RAM

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard response time SLA is as below: SLAs - Severity Level 1 – Initial Response -2 hours Resolution/Workaround - 2 Business Days -Severity Level 2 - Initial Response -1 Business Days Resolution/Workaround - 6 Business Days -Severity Level 3 - Initial Response - 2 Business Days Resolution/Workaround - 10 Business Days -Severity Level 4 - Initial Response -3 Business Days Resolution/Workaround - 25 BusinessDays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Sirion has a traditional cloud application support model based on Incident Severity Levels. Additional details regarding Sirion service level and service level credit methodology can be found in the Sirion G-Cloud 14 Terms and Conditions. Following is a summary. Standard Service Level Definitions Severity Level 1 – An incident that results in the complete loss of access to, or all capability of, the Subscription Services. We will work continuously until a Severity Level 1 Incident is resolved. Severity Level 2 – An incident that disables major fundamental functions from being performed and therefore affects the normal operation of the Subscription Services Severity Level 3 – An Incident that disables non-essential functions but that does not impair the normal operation of the Subscription Services Severity Level 4 – Intermittent or minor Incidents that do not materially affect normal operation of the Subscription Services SLAs - Severity Level 1 – Initial Response -2 hours Resolution/Workaround - 2 Business Days -Severity Level 2 - Initial Response -1 Business Days Resolution/Workaround - 6 Business Days -Severity Level 3 - Initial Response - 2 Business Days Resolution/Workaround - 10 Business Days -Severity Level 4 - Initial Response -3 Business Days Resolution/Workaround - 25 BusinessDays
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Sirion has a well-structured training program to assist client’s professionals to learn about the platform and its functionalities. We use a combination of providing remote class-room training sessions, sharing self-help manuals (online help) and provide helpdesk support to address the training needs of client users and their suppliers. Sirion has a developed a training approach where we take help of actual use cases and reference materials for end user training. ; Some highlights of the training program are:; • Location: Instructor-led training sessions conducted onsite and/or online. ; • Methodologies: Classroom training, online training, offline documentations, online help; • Illustrative training content: We conduct training sessions with the customer teams which is inclusive, but not limited to the following:; o Sirion demonstration and walk through sessions; o Sandbox set-up and training examples; o Sandbox vs Production; o Access control and role based system usage ; o Sirion Approach to Contract Lifecycle Management; o Setup of Contracts and Change requests; o Setup of Deliverables/Obligations; o Approving/Rejecting Deliverables/Obligations; o Performing Workflow Actions; o Configuring Reports and Dashboards; • Self-help manuals - The system has an online self-help manual to help users understand the features and functionalities; • Language: All training sessions are conducted in English.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the contract, all customer data is exported to a secure FTP location and credentials are shared with the customer to download their data from that location.
• End-of-contract process: Upon termination or expiration of the contract, as requested by the customer, SirionLabs will provide assistance reasonably required to effect an orderly transition of the services and customer data to back to the customer. Such assistance is included in the price of the contract and there would be no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The same web version is available on mobile devices as well, accessible through mobile web browsers. Almost all functionality is available on mobile devices except for a few that require larger real estate.; We also offer a mobile application Sirion Mobile Application – available free of charge for all users within the Apple AppStore or Google Play Store.; For AppStore: iPhone - 10 and above; iOS version 13 and above; For Play Store: Device screen size 5 inch and above; Android version 10 and above.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Personalised UI configuration including UI language, movable columns, column choosers, filter choosers allowing users to narrow their search, customisable dashboards, ability to decide which dashboards appear on the home page and save preferred views of tables and reports for future use. Various users within the environment have different needs, therefore SirionOne is flexible and provides role specific user access and customisation of the user experience. Offers customisable workflows with unlimited steps, views, permissions (include customer + 3rd party users), conditional steps as per customer requirements. Customisable graphs and reports, custom reports based on captured data elements, and full text searches.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: SirionOne application works on RESTFUL API. Any activity that is possible on the web application is possible via the APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Sirion is a multi-tenant SAAS platform and can scale up/down for any number of customers, their registered users and any number of sessions/transactions. Sirion is monitored on a real-time basis, if there is additional load/more number of users/ more number of transactions happening at a given time, the system will automatically spin up more servers in order to cater to increased demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Currently, we provide service usage metrics for the time spent by each user in the system for each session and the total time spent.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users have the ability to download their data through the web interface. In addition, SirionLabs also provides weekly data backup for customers to download from a secure FTP location.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • XLSX
  • PDF/A
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • XML
  • JSON
  • CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The standard SLA for Sirion's availability is 99.8% on a monthly basis. Our provision of the Subscription Services is subject to the Service Levels, available at https://www.sirion.ai/legal/service-levels/, as may be updated from time to time.
• Approach to resilience: Sirion is hosted on Amazon Web Services (AWS) and MS Azure, and leverages their infrastructure for resiliency.
• Outage reporting: The users of Sirion are updated with any outages via email alerts. Scheduled downtime i.e. any planned outage that is scheduled, is communicated to clients with not less than 24 hours prior notice via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Sirion’s authentication module authenticates users via a login/password. Sirion can integrate with the customer’s Identity Management system.; Access rights are assigned as follows:; • User Role Groups: Templates contain a predefined set of all operations a user assigned the template may perform. This template can be named and any number of users may be assigned a template. ; • Entity Stakeholders: Each entity type such as supplier, obligations, actions, etc. has a set of stakeholders with assigned permissions. ; • Individual User Access: Each user has a profile and can be assigned custom permissions to perform system operations and access data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group
• ISO/IEC 27001 accreditation date: 2014
• What the ISO/IEC 27001 doesn’t cover: Being a SaaS provider, out of 114 controls, 1 control is not applicable to SirionLabs:; 1.Outsourced Software Development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2 Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Sirion is an ISO 27001: 2022 certified organization. We have implemented a gamut of security controls as per ISO standard. Security processes & controls have been implemented at all layers (application, hosting, network, etc.).; ; On the day of joining, every employee is introduced to Information Security policies through the HR induction program. During the induction period, all employees attend a mandatory Information Security training. Policy refresher trainings are conducted on an annual basis. Further, HR keeps the copy of acknowledgment for records.; ; In case of non-compliance to any of the policies by an employee, there is an action protocol that is initiated. The degree of action is directly related to the level of offence and the employee's record.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Sirion has standard, documented processes covering all components of Configuration and Change Management for bug fixes, feature changes, enhancements etc. The purpose is to ensure that standardised methods and procedures are used for efficient, prompt handling of all changes. Prior to any changes being deployed in production environment, a dedicated team ensures that all mandatory security checks are completed in the pre-production environment. This team performs security assessment and vulnerability and penetration test for all changes going into production. Additionally, Sirion engages an external vendor for VAPT to assess and remediate for potential security vulnerability in the system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: With every release, Sirion goes through security testing prior to deployment on AWS. Sirion undergoes VAPT on its networks and supporting systems annually through an external vendor. The objective of the exercise is to identify unauthorised access by users, with limited or no prior knowledge of Sirion' IT environment, critical internal network equipment, applications and databases and servers from an external network.; • Sirion conducts ongoing security review of its source code prior to any patch release or upgrades.; • For any security observations, emergent patch is released immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Sirion leverages automated tools including AWS monitoring tools to detect unusual or unauthorized activities and conditions at ingress and egress communication points that monitors server and network usage, port scanning activities and application access.; ; Depending on the severity of the incidents, the response and remediation SLAs are defined. ; ; If SirionLabs detects that customer data has become corrupted, lost, breached or significantly degraded in any way for any reason, then the SirionLabs will notify the Buyer immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Sirion has in house 24*7 incident management team which takes care of Incident response.; • Information Security team has established a formal procedure for reporting any suspected events. ; • Users report internal and privacy security incident via secured e-mail or helpline. Customers can report incident on 'support@sirioncloud.com'; • Incident reports are available in the tool and Customer Support team also shares the report with the client on regular basis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our sustainability efforts focus on the conservation of energy and reduction of travel overheads by using teleconferencing wherever possible. We are committed to driving down our energy and carbon impacts, as we believe that climate change is one of the greatest risks to our world. Being a technology company our IT department created a specific power management system that efficiently controls all of their computers.

  Equal opportunity

  We value diversity in our workforce, as well as in our customers, suppliers, and others. We provide equal employment opportunities for all applicants and employees. We do not discriminate on the basis of race, color, religion, sex, national origin, ancestry, age, disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance. We also make reasonable accommodations for disabled employees and applicants, as required by law.

  Wellbeing

  We foster an environment of recognition and inclusivity, provide flexible working hours, and have clear goal setting for our employees. To foster employee well-being we offer our employees: Physical health benefits – life insurance, gym discounts, sick leaves, etc. Mental health benefits – mindfulness meditation, coaching sessions, counseling services etc. Work-life balance benefits – PTO, parental leave schemes, sabbaticals, etc.

Pricing

• Price: £70 to £95 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.naylor@sirionlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.