Ideagen PLC

Ideagen PleaseReview

PleaseReview allows multiple participants to review, co-author and redact the same document at the same time with complete control over the document's content and the process.
PleaseReview's specialist, easy to use review functionality and detailed reporting enable companies to deliver higher quality documents whilst also saving significant time and money.

Features

  • Ability to review/co-author multiple document types simultaneously online or offline
  • Complete process with deadlines, automatic reminders and email notifications
  • Comprehensive reconciliation report/audit trail which records each review process
  • Industrial strength application with proven scaling capabilities
  • Documents can be linked and compared within reviews
  • Provides complete review status information detailing user progress
  • Supports the review of many document formats
  • Full annotation and redaction capabilities for PDF documents
  • Customizable PDF Redaction

Benefits

  • 65% time savings and associated cost savings per review
  • In-document control ensures full confidentiality and efficiency
  • Efficient redaction process
  • Improved quality of documents
  • Audit trail provides full accountability
  • Drastically reduces duplication of effort
  • Standalone solution or comprehensive API integration enable seamless user experience
  • Intuitive interface reduces training requirements

Pricing

£111 per user per year

  • Free trial available

Service documents

G-Cloud 11

298218241193534

Ideagen PLC

Jen Pemberton

01629 699100

jen.pemberton@ideagen.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints A variety of SaaS service levels are offered. For customers using the "Business Cloud" SaaS service (limited to 25 users), updates are pushed at pre-advised times. For other levels environment, maintenance patches and upgrades of the software are scheduled at a convenient time as agreed with the customer.
System requirements
  • Requires Chrome, IE11, Firefox and Safari
  • Offline reviewing capabilities require Microsoft Windows

User support

User support
Email or online ticketing support Email or online ticketing
Support response times https://gael.secure.force.com/Support_SLA
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We have a dedicated Ideagen Support Team that operates a risk-based triage process in order to prioritise all support requests. This is based on the impact to end users and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level. Software issues (e.g. bugs, defects) are reviewed and verified by Ideagen’s Test and QA Teams. Once reviewed, the issue is given a severity which controls the time of a fix. Support is provided as part of annual maintenance cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Ideagen provides a full service including sales demonstrations, free of charge evaluations, installation and configuration services, training and support. Additionally within PleaseReview the help menu provides access to the support site, where you will be able to access a range of support materials, including the user manuals, quick guides, training movies and tutorials.
Service documentation No
End-of-contract data extraction PleaseReview is a transactional document review, co-authoring and redaction solution. Typically, at the end of every review, the review Owner downloads (with all or selected comments and changes) a new version of the document. There is also the option to download the associated reconciliation report (which is an audit trail of all comments and proposed changes during the review) in a variety of formats. Thus data is continually extracted. It is normal practice that reviews (and documents and data associated with said reviews) are automatically deleted after a period of inactivity. This is a configurable setting. However, as a cost option it is possible to provide an read only archive of the reviews (and documents and data associated with said reviews).
End-of-contract process At the end of the contract period clients are advised to complete reviews and download reports and documents. 30 days after the end date all data is automatically deleted and securely destroyed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Yes. Documents can be reviewed, co-authored and redacted across all devices. The review experience is identical, regardless of device. If working offline (requires an installation on and is therefore limited to the Microsoft Windows platform), all proposed changes and comments can be uploaded into PleaseReview once online.
Service interface No
API Yes
What users can and can't do using the API Depending on the service level and cost options, PleaseReview can be used standalone or integrated with a Document Management System using one of the available system connectors. Additionally, it is possible, using our API's for an organisation to connect their own systems to PleaseReview. There are three main points of connection, initiating a review, entering a review and completing the review.

Usually when integrating PleaseReview with another system, this would include the checking out/reserving of documents when initiating the review and the checking in of a new version of the document(s) when the review is complete.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation PleaseReview offers extensive configuration in all but the basic service offerings. There are a number of settings and behaviours in PleaseReview which can be configured. They include the review interface, review permissions and behaviour, user preferences, system administration, email templates and password policies. PleaseReview has a workgroup structure which allows for all of these settings to be configured globally, with the option to allow alternative settings at a workgroup and/or review level.

Scaling

Scaling
Independence of resources Using a virtual scalable infrastructure, we control and monitor resources to ensure that performance is maintained across the system. Note that there are various levels of service offered.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics types At a system level, an administrator has access to a number of reports, including licencing and usage reports.

At a review level, the reconciliation report includes summary information on which participants accessed the review, their status, summary comments and a count of comments made.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Within PleaseReview a review Owner uploads a document for review. During the review process all invited reviewers have the opportunity to comment and propose changes, which can be accepted or closed by the review Owner or any authors in the review. At the end of the review the review Owner can download the document with comments in its original format (Word, Excel and PDF) or for other formats a comprehensive report. Additionally, the review owner can download the reconciliation report in a number of formats, this is an audit trail of all review activity.
Data export formats Other
Other data export formats Full reconciliation report can be downloaded in Word or Excel.
Data import formats Other
Other data import formats
  • Word
  • Excel
  • Powerpoint
  • PDF
  • Text
  • Various image file formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The SLA provides a 99. 7% financially backed uptime guarantee.
Approach to resilience Extensive fault tolerance technologies used, no single point of failure. Detailed information is available on request.
Outage reporting Automated active monitoring system and alerts are in place. If an outage is detected, clients will be informed via email or telephone depending on the severity.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels PleaseReview is a role-based system which restricts or provides action to administrative functions based on a users’s role based within any given workgroup.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 United Registrar of Systems (URS)
ISO/IEC 27001 accreditation date 21/09/2018
What the ISO/IEC 27001 doesn’t cover Our datacentre provider is the UK's most accredited cloud company. Ideagen holds no client data on site.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Several documents within Ideagen’s Management System address Information Security. The Data Protection Policy & Procedure informs employees of the rules and procedures relating to data security compliance and applies to all employees, contractors, vendors, business partners and any other parties who have access to company data. This defines how Ideagen protects the personally identifiable information (“PII”) of third parties and employees that is has access to. The Disaster Recovery Policy and associated plans describe how Ideagen will address any disaster affecting the its offices, personnel and critical company data and details how recovery plans are tested. There are also several other documents which describe the tasks undertaken to ensure the physical and technical protection of Ideagen/ Customer data and infrastructure, as well as ensuring that employees are only granted access to the systems necessary to perform their jobs. We have in place several security-related documents which identify the security practices that Ideagen organisations performing software services, including Ideagen’s customer support and software products provided as a service, follow when performing such services (“services”) under the terms of our MSSA, SLA and the Scope of Work / Order document or another contractual agreement we enter into (collectively the “order”)

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Ideagen’s Change Management procedure ensures that changes are properly assessed to ensure that operational risk is reduced; changes are applied efficiently, accurately and in a timely manner; the risk of data corruption or destruction during any change is controlled and minimised; measures are in place to back-out a change which goes wrong and business disruption is minimised. Changes are tracked on Ideagen’s support ticket system. The Change Owner triages change requests and categorises them as high, medium or low risk. The change is submitted to the Change Manager for approval. Any high-risk change must be authorised by a senior manager.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Ideagen use multiple 3rd party security organisations to perform vulnerability scans and penetration tests. Systems are continuously monitoring the service and will report any emerging threats in real time, 24 hours a day. The CPT service also conducts a daily vulnerability assessment. Where vulnerabilities are identified the service provides a complete fix traceability matrix by mapping test findings to solutions and monitoring fixes to ensure they are delivered correctly.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring approach. Ideagen monitors all of its servers with remote monitoring software and receives rapid notification of its performance and availability.
Incident management type Supplier-defined controls
Incident management approach We have in place a Cyber Security Operations Centre consisting of dedicated team members, responsible for managing, investigating and resolving all areas relating to information security, and report to the Chief Technical Officer. We also have a Cyber Emergency Response Team made up from domain experts across the Ideagen business, the members of the CERT would change dynamically to respond to different incidents. The CERT is responsible for working alongside the SOC, extending the technical triage, investigation, resolution and communications, reporting to the Chief Operating Officer. Ideagen staff are required and encouraged to report identified information security events and weaknesses.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £111 per user per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Evaluation systems are available for up to 30 days.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑