Oyster Information Management Solutions Limited

Intapp Documents - Email and Matter Lifecycle Management

Intapp Documents is a Microsoft 365-based document, email and matter lifecycle management solution. Its collaboration and document management capabilities, optimized for legal users, harness the familiar interface of Outlook and Microsoft applications including SharePoint and Teams reflecting the way people instinctively communicate and share content with clients and colleagues.

Features

• Intake, triage & allocation
• Outlook User Experience
• Secure document and email management
• Document automation and workflow
• Internal & external collaboration
• Microsoft Teams integration
• Offline and mobile working
• Matter analytics
• This service was formerly known as Repstor Custodian

Benefits

• Quickly deploy matter management solutions without need for custom development
• Improved user engagement
• Seamlessly integrates with Microsoft Teams, Windows Explorer and Outlook
• Cost effective – harnesses existing Microsoft 365 & SharePoint investment
• Matters can be created through Intapp Documents using SharePoint
• Provision matter workspace structures, metadata, permissions and precedent documents automatically
• Users can work on matters directly from Outlook increasing productivity
• Maintains compliance and security

£17 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josef.elliott@oyster-ims.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

989278201172936

Contact

Josef Elliott
0207 199 0620
josef.elliott@oyster-ims.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Intapp Documents is an extension service for SharePoint On-line services that delivered as a provider hosted app (in Azure), or as a dedicated cloud service where a specific cloud service is preferred.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Microsoft 365 Online or SharePoint 2019 on-premise

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 5 days per week, 8 hours per day phone coverage (9am - 5pm GMT/BST, Monday through Friday, Intapp local time. In support of services outlined in our Support and Maintenance Agreement, Intapp will endeavour to respond to service related incidents and/or requests submitted by the customer within the following time frames:; Within 1 working day for issues classified as Severity 1.; Within 2 working days for issues classified as Severity 2.; Within 5 working days for issues classified as Severity 3.; Within 10 working days for issues classified as Severity 4.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard:; 3rd Line; Advanced trouble-shooting and diagnostics. Reproduction of issue in support environment. Suggest resolution or workaround for known or new issues. Escalation to 4th line as appropriate.; ; 4th Line; Product development or software maintenance team, development of fixes where necessary.; ; This service is included in the software subscription; ; Enhanced support:; Enhanced support provides assistance (incident based) to help customers triage issues related to the use of the software in the broader environment (e.g. how it interacts with SharePoint configuration that is unique to the customer). Incidents can be called off, and if an incident is caused by a non-conformance in the Intapp software it is not counted towards incidents used. Enhanced support incidents are purchased separately and can be called off during the term of the software subscription.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Intapp provide tailored training and comprehensive user and administration documentation for each software offering. The Intapp service is highly configurable, and we offer services to assist organisations to configure the systems to meet the specific requirements of an organisation. Quick reference guides (QRGs) on Intapp Documents are also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Intapp Documents does not store any data, all data including configuration is stored in the SharePoint systems that are being utilised, therefore there is no data to be extracted from the Intapp Documents service.
• End-of-contract process: At the end of the contract the Intapp service will be disabled, however since no content is stored, users do not lose access to their content which is stored in the SharePoint systems/services to which Intapp is connected. Users can continue to access their matter content via standard SharePoint UI.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service is via browser only which provides access to the matter workspaces via a web interface, windows components for accessing the service are not available on mobile.; Email filing can be carried out on mobile devices using the native Outlook application.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Our service is integrated seamlessly into SharePoint's service interface.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Microsoft has completed extensive testing against EN 301 549 9.
• API: Yes
• What users can and can't do using the API: Intapp provides a Rest API which is published via Swagger; This is a Rest API, and a test facility is provided in the administration UI.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The administration UI provides for extensive configuration and customisation. This includes customisation and configuration for hierarchy of case activity types, naming conventions, templates, metadata, provisioning, security, Statuses and more, Customisation and configuration is available to authorised users using the administrative interface. This can also include JSON for customised provisioning. Authorised users can also customise/configure the SharePoint structures and templates.

Scaling

• Independence of resources: The service can be either a multi-tenanted or a dedicated service. The multi-tenanted service is deployed on Azure and the service is highly scalable and can also be replicated (we can control which service instance any particular customer attaches to at any time). We monitor the service on a continuous basis and can switch customers to an alternative service instance is there is a likelihood of a specific instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Intapp provide (on request) a list of users that activate the software, activation occurs monthly where an activated type license is utilised.; ; Note that the majority of activity is on the SharePoint systems and it is likely that metrics are available from the supplier hosting those systems.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Intapp

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: This is not applicable as the service does not store any data (all data is stored on SharePoint and subject to the connected SharePoint system's protection. Typically the SharePoint system will be in Microsoft's Office365 of another GCloud supplier's data centre environment.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The Intapp Documents service does not host any data (all data including configuration data is held on the SharePoint system(s) being utilised by the customer. These systems will have their own Data export approach which can be utilised. All configuration is held in standard SharePoint structures (sites/lists/similar) which can be exported using standard tooling. Intapp does provide an export tool that exports the configuration which can then be re-imported to another system.
• Data export formats: Other
• Other data export formats:
  • This is not applicable (all data held in SharePoint)
  • Intapp configuration is exported as a JSON schema
• Data import formats: Other
• Other data import formats:
  • Data imports: N/A - all imports are to SharePoint
  • Intapp configuration, imported from a JSON schema
  • Existing matters from another system: Excel / CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Where the multi tenant service is utilised on Azure this reflects the Azure availability levels. There are service credits available should the service fail to meet monthly uptime metrics 99.5 (10%) or 98.5% (25%), see the service T's and C's.
• Approach to resilience: The service is deployed either on Microsoft Azure or on a platform of the customer's choice. The resilience will depend on the specific service utilised. For Azure we deploy to multiple instances which have specific resilience measures associated with the deployment and which can fail over in the event that a particular instance is unavailable.
• Outage reporting: The service is continuously automatically monitored, and if requested we can provide automated service outage notification by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: This service is a client service that utilises the authentication used by the cloud services to which it connects. Access to the service is controlled by the environment in which it is deployed and this can include the above authentication mechanisms.
• Access restrictions in management interfaces and support channels: This is not applicable as this is a client deployed service which connects to cloud services that are subject to their own access restrictions.
• Access restriction testing frequency: Never
• Management access authentication: Other
• Description of management access authentication: This is not applicable as we use the underlying authentication of the host SharePoint system

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: July 2021
• What the ISO/IEC 27001 doesn’t cover: Everything is covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CyberSecurity+ Working towards ISO27001
• Information security policies and processes: The Intapp Documents service does not hold customer data and does not provide any access to customer data negating any specific requirement to deal with information security around customer data. Our internal processes mean that any data that is provided by customers is securely stored in our Microsoft 365 systems, and security around our operational systems (e.g. our source code, support and other systems) are managed under regimes developed over time by our experienced development team.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Azure service is a cloud service that is managed by Intapp with updates regularly applied. They operate multiple environments to allow early adopters access early in the lifecycle. Only when a version has been operational without issue on the early adopter service is it made available on the broader service. Customers can access release documentation prior to the service being updated. The service is in the vast majority of cases 100% backwards compatible. A full history of changes is tracked in our in house development systems and a full release notes history available to customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This is not applicable as this is a client deployed service which connects to cloud services that are subject to their own Vulnerability management approaches. The client software utilises standard mechanisms for accessing connected cloud services (API's) which are subject to the vulnerability management approach of the connected cloud services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is not applicable as this is a client deployed service which connects to cloud services that are subject to their own protective monitoring approaches.
• Incident management type: Supplier-defined controls
• Incident management approach: This is not applicable as this is a client deployed service which connects to cloud services that are subject to their own Incident management approaches.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Oyster IMS is committed to support action to prevent climate change. Our Carbon Reduction Plan forms part of Oyster IMS’ actions towards Net Zero emissions, overseen by our Environmental, Social and Governance (ESG) Group. This Carbon Reduction Plan has been completed in accordance with PPN 06/21 and associated guidance and reporting standards for Carbon Reduction Plans.

  Covid-19 recovery

  Oyster IMS continued to service customers throughout the Covid-19 pandemic and has ensured that all activity has tried to have a positive effect on helping our customers recover as well. We have continued to provide 100% of our services on a hybrid basis but are increasingly moving back to more face-to-face meetings as and when this suits our clients.

  Tackling economic inequality

  To tackle inequality in employment, skills and pay at Oyster IMS we train our managers and all other employees about our equal opportunities policy to all employees that encourages equality, diversity, and inclusion. We carry out annual equal pay reviews with an aim to have a clear pay structure and ensure all employees are aware what they need to do if they want to take on higher-paid roles.

  Equal opportunity

  Oyster IMS is committed to encouraging equality, diversity, and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of our society, and for each employee to feel respected and able to give their best. We monitor the make-up of our workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability as well as aiming to be an equal opportunities employer that reflects the expertise and diversity of our local community and ensure we source and attract a diverse pool of candidates.

  Wellbeing

  At Oyster IMS, we promote and develop work-life balance practices to ensure we maximise employment opportunities for all and continue to offer flexible working hours, home working opportunities, part-time opportunities to improve the range of opportunities we offer. We actively create a working environment free from bullying, harassment, victimisation, and unlawful discrimination, promoting dignity and respect for all and where individual differences and contributions of all employees are recognised and valued.

Pricing

• Price: £17 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trials are available from the website, up to 5 users for a period of 30 days is standard with additional options in specific circumstances. This includes all options and modules. If the customer requires trial set up assistance, then professional services costs may be incurred.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josef.elliott@oyster-ims.com. Tell them what format you need. It will help if you say what assistive technology you use.