LexisNexis

Lexis Diligence - Enhanced Due Diligence solution

Lexis Diligence brings into one, simple online tool the intelligence to conduct global enhanced due diligence and comply with legislation for anti-money laundering (AML), anti-bribery & corruption (ABC). The solution enables checks on individual or company backgrounds (KYC), negative news, sanctions and politically exposed persons (PEPs) and company litigation history.

Features

  • Access 23,000+ Newspapers, magazines, trade journals and web sources
  • Company reports from 150+ company databases
  • Information covering political and high net-worth individuals
  • WorldCompliance & Info4C Global PEP databases with 1.5M+ entries
  • Legal cases from selected countries and international regions
  • Negative news search either pre-configured or customised in-house
  • Ability to run searches on company, person or country
  • Manage search results via separate tabs for quick review process
  • Report builder to quickly save results with annotation/audit trail
  • Admin preferences to pre-configure search screens and settings

Benefits

  • Access via web browser with no plug-ins or downloads
  • Comprehensive global content for searching smaller high-risk companies
  • Run quick checks on individuals or companies against PEPs/Watchlists
  • Easy access to pre-built company reports
  • Safeguard against reputational and regulatory risk within a single tool
  • Quickly search global lists of terrorists, criminals and sanctioned entities
  • All searches time and date stamped, providing an audit trail
  • Reduce bribery, fraud, AML, corruption or terrorism risks
  • Our solution brings together all the risk intelligence you need
  • Simple to use, reducing your investment in training & IT

Pricing

£20.00 to £45.00 per unit

  • Free trial available

Service documents

G-Cloud 10

350653001044480

LexisNexis

Bobby Chadha

+44 (0)207 400 4608

Bobby.Chadha@lexisnexis.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There are no service constraints with support for all hardware and software configurations provided. All services available online via Web based platform.
System requirements
  • For optimal viewing a screen resolution 1024 by 768 pixels.
  • A TCP/IP connection of suitable speed with Internet access
  • PC: Pentium/233Mhz (or above) Mac: Power PC G3 (or above)
  • Microsoft® Windows® 8.1 running Internet Explorer® 11.0
  • Microsoft® Windows® 7 running Internet Explorer® 11.0 Firefox® Google Chrome™
  • Mac OS® 10.x running Safari™

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Client technical support is provided during normal business hours; 08:00 to 18:00 Monday to Friday.

Both technical and content related queries will be responded to the same working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels LexisNexis is committed to providing the highest possible level of support to all of our customers. Standard support (password reset, new user ID etc) is same business day. The support team and account manager will work closely with the contracting authority to ensure the level of support is both appropriate and agreed by way of a service level agreement.

The service level agreement will be consistent with the number of users accessing the service and will cover (but is not limited to):

Customer Service: All queries to be responded to promptly.

Training: All training delivered to be of a high standard.

General: The contracting authority should be satisfied with general support levels and services.

All of the training and support will be agreed in advance and provided without additional charge to the contracting authority.

Access to LexisNexis services do not require a technical account manager or cloud support engineer. Should interface customisation be a requirement this will involve a development team who will seek to fully understand the contracting authorities requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The account manager and client services team will provide complete set up and access with any agreed customisation of the platform. Working closely with the contracting authority users will be identified and assisted with searches. Typically the on-boarding process can be facilitated quickly and promptly (within 2-5 working days) without unnecessary delay.

Training is part of the on-boarding process and includes:

- Face to face training sessions on-site as required
- Online via Screen sharing
- Via tutorials, online guides and FAQ’s

LexisNexis shall provide an implementation plan setting out activities to be completed in order to provide the service, together with the anticipated service commencement date.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Prior to the expiration of the service the account manager will work with the contracting authority to ensure all users have retained any searches and/or content that may be required.

No additional data will be retained or accessible by LexisNexis.
End-of-contract process All user ID's and passwords will be deleted on the end date of the call off agreement.

The contract call off agreement will list the monthly charges applicable based on the permitted user banding.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing LexisNexis accessibility test team uses JAWS and Keyboard for testing.
API No
Customisation available No

Scaling

Scaling
Independence of resources The services offered are provided by the LexisNexis Rosetta platform which currently supports some 4.3 million subscribers from more than 100 countries operating 24 hours a day 365 days a year. The impact of UK based searches simultaneously upon our service would not present even a minor spike in overall usage, nor have any effect on performance of the service to users.

Analytics

Analytics
Service usage metrics Yes
Metrics types Usage statistics and service metrics include as standard (but are not limited to):

Usage by title, source, Individual user activity, Number of searches performed,
and user alerts/newsletters.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Following the operation of a search, users are taken to the results page where options are presented to enable users:

Print and print preview,
Email as a link back to the original document and
save to local drive in the following formats:
Microsoft Word (.doc),
HTML ,
Generic .RTF and
PDF
Data export formats Other
Other data export formats
  • HTML
  • Word (.doc)
  • PDF
  • Rich Text Format (.rtf)
Data import formats Other
Other data import formats
  • Excel (.xls)
  • HTML
  • Word (.doc)
  • Rich Text Format (.rtf)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks HTTPS is enabled by default but can be overridden by the customer. Our servers will default to the strongest encryption protocol common to the browser and the server, which will be TLS 1.2.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network TLS v 1.2 for internal connections via the web interface. Secure transport protocols for internal non-web based access to back end for administration.

Availability and resilience

Availability and resilience
Guaranteed availability Users of LexisNexis services span multiple servers and operating systems. The Rosetta online services platform, which includes the Nexis® solution, averages 99.8% for availability and reliability.

The services shall be deemed available when authorised users are able to access and utilise all the functions of the online news information service. The service shall be accessible on a 24 x 7 x 365 basis (excluding scheduled maintenance periods).

Availability shall be measured as a percentage of the total time in a calendar month. Where availability falls below the agreed service level (to be defined within the call off order) service credit points may apply. These points will be applied as credits to the subsequent months invoice from when the service level was not met.
Approach to resilience Further information on service resilience is available on request. This may be subject to mutual NDA dependent on the level of information required.
Outage reporting Although extremely rare, should an unplanned outage of our services occur all authorised users who are affected will be notified by email. This alert will advise of the issue, pending resolution and regular status update alerts will follow.

In the unlikely event that the primary data centre becomes inoperable, a business continuity plan is in place to ensure that the online services remain available to users. During any recovery process, we will work directly with users to ensure information needs are met in a timely manner.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Registered users may access LexisNexis services directly via secure URL (https) with username and password. Alternatively users may be authenticated via registered IP.
Access restrictions in management interfaces and support channels In order to maintain a secure service, users of LexisNexis services are authenticated before being allowed to perform management activities, report faults or request changes to the service. Support channels (such as telephone or email) verify user account details prior to provisioning new service elements, managing user accounts and managing consumer data.

Lists of authorised permitted users are managed by the subscriber and any special instructions on permitted user rights are determined from the outset of the service.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SSAE-16
  • SOC1
  • SOC3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are not ISO/IEC27001 accredited/certified, however our information security program and policies are aligned with the ISO/IEC27001 standards.
Information security policies and processes All LexisNexis Information security policies are created and approved by our Information Security Council (ISC). This is made up of the CISOs from across the RELX Group. Each CISO is responsible for enforcing those policies across their particular part of the business.

Managers are responsible for informing employees, contractors and vendors about information security policies within their functional areas and departments.

An IT security incident management process is in place and the reporting structure includes (but is not limited to) executive management, HR and Legal.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Our change management process covers all changes made to configurations items. For changes that impact stakeholders or other systems approvals are needed before any changes can be made. These are overseen by our CCB. As appropriate security impact assessments are completed prior to change approval.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Monthly scans are performed and tracked through mitigation. We additionally harden our systems in accordance with the CIS benchmarks. Patches are regularly deployed upon release and in accordance with the criticality and potential system impacts.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach IDS/IPS and firewall as well as host based logs are sent both to an MSSP as well as an internal SEIM. Incident response plans exist and are followed in response to any suspected indicator of compromise. Response is immediate in order to determine validity of the indicator and impacted systems; the speed of the response is situation specific.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Users report incident through different systems based on the incident time. For example, users can submit suspicious email through an add-in within their outlook client. Our helpdesk as well as security reporting emails may be used. We have playbooks for common events. And reporting is dependent on the audience.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £20.00 to £45.00 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Trial access is provided after an initial discussion to assess the requirements. Trial access will provide access as per the brief and will include full functionality of the Lexis Diligence platform.

Alerts and user preferences will expire at the end of the trial period of up to 14 days.

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑