Informa Disclosures UK&IRE

Informa Disclosures and eDiscovery

Informa provide SaaS Solutions in the areas of Public Disclosures, Freedom of Information (FOI) requests, eDiscoveries, Subject Access Requests (SAR), Environment Information Regulations, Early Case Assessment and Investigations. Our platforms identify, collect, process, deduplicate, and filter in advance of review and redaction management. We support investigations with hardcopy digitising/capture.

Features

• Text Redaction- Automatically redact sensitive information
• Technology Assisted Review- Find relevant documents more easily using AI
• Collect documents directly from Office 365, Google Workspace and Sharepoint
• Intuitive document review interface loaded with features and functionality
• Productions reporting- automatically creates an index of produced documents
• Consistent sequences of evidence with bates numbers and audit trails.
• Highest level of security standards
• Safely collaborate with third parties, by controlling their document access
• Identify relevant personal data instantly
• Document Deduplication- reduce effort required to review all documents

Benefits

• Realtime In-place file indexing, establish scope of disclosure or discovery.
• Direct Data Collection from MS365, GSuite and Hundreds of Apps
• Data Processing to include file Deduplication.
• OCR Processing on Image based documents, enhance searching and filtering
• Email thread identification, conversation, and family level management
• Insights and Entity Extraction for automatic Personal Identifiable Information
• Legal Review Platform for collaborative review management
• Redaction Management Automatic and Manual for anonymisation
• Exemption handling and listing or scheduling of documents
• Detailed Realtime Audit Reporting on all actions by all users

£495 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tgilsenan@informadisclosures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

994959786129286

Contact

Tom Gilsenan
0203 368 8250
tgilsenan@informadisclosures.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Internet Access
  • Modern browser (Chrome, Edge Chromium or Firefox Internet Browser recommended)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 working hours response time during business hours, 9-5.30, Mon-Fri
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Phone and remote technical support during business hours. Project Management support hours included in packages (hours vary between packages, see rates). Technical account manager will be assigned. Additional project management support is available at £100 per hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and documentation will be provided. Informa will provide one to one training and advice to suit the customer's requirements. A custom manual will be provided and access to an online training course will be available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online Zylab certification course with tutorial videos
• End-of-contract data extraction: Documents can be produced natively or as images by the user. Data can be produced from the system in multiple formats that will make them compatible with other systems:; - CSV.; - Summation.; - Concordance/Opticon.; - EDRM XML 1.2.; - IPro.
• End-of-contract process: Data can be purged or produced as per customer requirements. If there are customisations or requirements outside a standard production there may be additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service is accessible via web browser. After logging in, the Review interface allows users to search, view, tag and redact documents. Advanced searching functionality is aided with GUI query builder. Users can access configuration settings if permissions are granted. Data can be produced according to requirements. When viewing a documents various panes display information such as email chain, document properties, redaction information, tagging, etc
• Accessibility standards: None or don’t know
• Description of accessibility: System meets the standards of WCAG 2.0 AA. Plan to test and conform with WCAG 2.1 AA
• Accessibility testing: Testing report from Zylab available
• API: Yes
• What users can and can't do using the API: All functionality is available via API. Any projects requiring API usage will require engaging with Informa as the API is not fully documented and some customisations are required. ; Some examples of API usage:; - Create matter.; - Search documents.; - Redact documents.; - Upload documents.; - Check review status.; - Download Productions.; - View uploads and status.; - Document source identification.; - Deduplication reporting.; - Audit Log information.; - Data Retention processes- automate deletion of data as required.; - Reporting on redactions and exemption codes.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Workflow and tagging can be customised. Permissions fully customisable. Customisations will be performed by administrators and client driven.

Scaling

• Independence of resources: Cloud servers will scale resources to meet demand. Dedicated servers are also available.

Analytics

• Service usage metrics: Yes
• Metrics types: Users, throughput per user, Processing statistics, production reporting, failed actions, Deduplication reporting, Insights/analytics reporting, Entity management reporting.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Zylab

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Production module allows many custom methods of exporting. Features include native documents, convert to PDF images, PDF options, burn-in field data, redaction appearance, load files in various formats. The data that the user specifies is downloaded in a zip file via the browser.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Summation
  • Concordance
  • EDRM Xml 1.2
  • IPRO
  • Documents can be converted to PDF
  • Native Documents
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • All well known document types are supported
  • Archives, eg: 7z, RAR, GZip, Tar, zip
  • Databases, eg: DBase, Access, Works DB, R:Base, Framework DB
  • Email, eg: .eml, .msg, .ost, .pst, .NSF, .MHT, .EMLX
  • Multimedia, eg: avi, mp3, mpg, asf, wma, Flash
  • Spreadsheet, eg: Excel various formats, Enable, Framework SS, IBM Lotus
  • Presentations, eg: IBM Lotus, Apple iWork, LibreOffice, Lotus Freelance, Powerpoint
  • Raster, eg various versions of: Photoshop, BMP, JPG, PNG, TIFF,
  • Text Processors, eg: MSWord Lotus WordPro, LibreOffice, OfficeWriter
  • Forensic, eg: EWF-E01, 001, L01, EX01, LX01, AFF, AD1

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Access to the server can be restricted to specified IP addresses (depending on shared or dedicated environment)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Informa/Reveal-Zylab aim to achieve minimum 99.5% service availability. The service is available 24 hours a day, 7 days a week, except for: (a) planned downtime (of which Informa shall use commercially reasonable efforts to give at least 8 hours’ notice and which Informa shall schedule to the extent reasonably practicable during the weekend hours from 12:01 A.M. Saturday to 11:59 P.M. Sunday CET); or (b) any unavailability caused by circumstances beyond Informa/ZyLAB's reasonable control. There is no recompense available in the event of not meeting expected service availability.
• Approach to resilience: Reveal-ZyLAB’s SQL servers run in High Availability mode to allow redundancy. In the event of a disaster, a customer's environment can be restored to a previous state in time. Customer data is backed-up daily. ZyLAB keeps daily backups for 8 days and weekly backups for 5 weeks. This scheme enables restoration of the latest healthy state. ZyLAB is utilizing Azure and AWS Backup & Restore services with local redundancy. Backup and restore are tested periodically. All backups are stored in encrypted format.
• Outage reporting: Email Alerts- Reveal-Zylab report any scheduled maintenance in advance or outages as soon as they become apparent. The Cloud Operations department monitors the availability of Reveal-ZyLAB systems, meaning the uptime, of our infrastructure in general and client environments specifically on a day-to-day basis. Special dashboard have been implemented to monitor the uptime of customer applications and triggers have been implemented to alert on important issues.; Cloud Operations has also implemented thresholds on the processing capacity of Azure adn AWS services. If the threshold is exceeded, Cloud Operations reviews the alert and, if necessary, adds new services to ensure uptime and performance of the platform.; These details will be sent by email to all customers immediately.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: The user authenticates via AWS or Azure Active Directory, supplying username and password. 2-Factor authentication is required, the user selects if they want to receive SMS with one-time use code, or to receive a phone call.
• Access restrictions in management interfaces and support channels: There is an extensive list of permissions within the system that allow restrictions to be applied. Standard roles are available and customisable. Restrictions can be applied to functionality and subsets of documents.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Description of management access authentication: Management users authenticate via AWS or Azure Active Directory, supplying username and password. 2-Factor authentication is required, the user selects if they want to receive SMS with one-time use code, or to receive a phone call.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 20/10/2020
• What the ISO/IEC 27001 doesn’t cover: Outsourcing of software development is not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/3/22
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Some sections not applicable/in scope during assessment. Full findings available for download here: https://content-production.star.watch/zylab/documents/2021-07-19_CAIQ_v3.1_Final_-_ZyLAB_2021_NycVHG7-_added_20210719-13-1eoibea.zip?1626718530&_ga=2.206877200.2072173828.1652269430-1641632576.1652269430
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Type II, Cloud Security Alliance (CSA) STAR 1
• Information security policies and processes: We have a suite of policies in place formed around our ISO 27001 certification. We carry out regular internal audits to ensure the policies are being followed and we have a 3rd party external audit every 6 months.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are recorded via a Request For Change (RFC) in change management system Zendesk. Documentation of changes and logs from changes are recorded in the RFC. ; ; A standard change is low impact and pre-authorized by the organization. The initiator can record and implement the change following the documented procedure or work instruction.; All non standard changes require approval by the CTO before implementation in production.; For each change the risk to the business service should be assessed.; ; Change approval is required for non-standard changes submitted.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are managed according to our ISO policies. We maintain a Risk register and manage risks on an ongoing basis through our system. Patches are tested and deployed as soon as available. Updated information on regular threats is attained from interaction with security forums and other online platforms.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The cloud platform used for SaaS is monitored by Microsoft’s security advisor. This way the; configuration of the cloud environment is assessed against best practices. Findings are reviewed by CloudOps.; Operational procedures are defined with continuous monitoring in mind.; All ICT components are protected against malicious software (Virus, malware, etc.) which is centrally managed; and controlled. Malware prevention software is configured to clean malicious software. If cleaning isn’t possible; the content is stored in quarantine. Restoring infected files is disabled for regular users. ; Malware prevention software is configured to update on a regular basis with a maximum timeframe of daily.
• Incident management type: Supplier-defined controls
• Incident management approach: As part of our ISO 27001 system we have a documented Information Security Incident Management plan, including steps on detection, reporting internally, mitigation, reporting to data owners and authorities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  We offer 100% Staff the Cycle to Work scheme; Over 50% of our Waste is Recycled; We installed LED bulbs throughout our Warehouse and will replace with LED as others go.; We support working from home and host online group meetings daily instead of in main office. ; We have replaced client site visits with on-line meetings saving 2-3 visits per client. ; ; We deliver sustainability training programmes to ensure staff are well informed and understand the scope of sustainability and how activities can help us towards our net zero target; ; Informa are presently working to adopt an environmental management system to ISO14001 standard to provide the framework for monitoring, measuring and reporting across all environmental areas including emissions. ISO14064 will be used as the tool for verifying emission data to ensure robustness and assurance when publicly reporting progress towards net zero.

  Tackling economic inequality

  We pay the Living Wage or above to all your staff (100%); We contribute up to 10% of our net profits towards local sports clubs, charities and community events in dissadvantaged areas.; 80% of our staff are from dissadvantaged areas.; We use local businesses and SMEs whenever we can; We provide ongoing access for transition year students, offering work experience and training.

  Wellbeing

  Our staff volunteer between 150 and 200 days per annum ; We promote and support staff flexible hours when taking a educational course and provide on-going training and upskilling internally.; We organise talks for mental health and addiction awareness for younger generations.

Pricing

• Price: £495 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month, data processing and review. Limited data volumes for processing and limited users
• Link to free trial: Available on Request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tgilsenan@informadisclosures.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.