ClauseMatch Collaboration Platform

ClauseMatch is an award-winning collaboration platform containing in its core a detailed documentation workflow, where comments, approvals and changes are tracked in real-time and form part of a full audit trail. That brings complete control of content, streamlines complex workflows and provides a better management insight with groundbreaking reporting capabilities.


  • Real-time collaboration on documents
  • Complete document lifecycle workflow, including approvals in a single system
  • Complete audit trail of document changes, approvals, comments and workflow
  • Full management reporting capabilities on the documentation workflow
  • Full-text search through document content across all documents
  • Management of documentation metadata and reports based on it
  • Email notifications of workflow events and reminders of dates
  • Granular permissions management on documents and paragraphs
  • Identification and ability to re-use similar content across all documents
  • Dashboard to track all the activity and tasks


  • Reduce costs as all communications are done on the platform
  • Ability to find any content quickly
  • Centralised way to manage content in real-time
  • Gain true version control of content at paragraph level
  • Ability to see reports and identify bottlenecks in the process
  • Create data in a structured form to apply machine learning
  • Ability to re-use content to standardise documentation across the organisation
  • Automate documentation processes and workflows


£2500 per user per year

Service documents


G-Cloud 11

Service ID

4 3 0 4 6 8 8 6 9 3 4 5 3 5 1



Evgeny Likhoded


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
The only constraint that the service may have is the use of older browsers which are not supported (for example, Internet Explorer 10 and below is not supported)
System requirements
  • Internet Explorer v. 11+ or Google Chrome v. 50+
  • Amazon AWS or Microsoft Azure Hosting as agreed deployment environment

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Support hours are 9:00am - 5:00pm on during weekdays only. Our response time is within 1 hour of reporting by email.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Type 1 (Blocker) - Email response within 1 hour of reporting and 4-hourly email updates.
Type 2 (Critical) - Email response within 1 hour of reporting and 8-hourly email updates.
Type 3 (Major) - Email response within 1 hour of reporting and 24-hourly email updates.
Type 4 (Minor) - Email response within 1 hour of reporting and 48-hourly updates until resolution.
Type 5 (Trivial) - Email response within 1 hour of reporting and regular updates until resolution.

Support operates 9am-5pm UK time on working days in the UK.

Minimum standard support cost is 20% of subscription value.

We provide account manager, technical support manager and cloud engineering support is available when required.
Support available to third parties

Onboarding and offboarding

Getting started
We provide built-in onboarding visual guides for new functionality, remote online training, documented user guides and guidance videos.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Documents and the full audit trail on documents can be exported as PDF or Word documents and a full database dump is also provided. If required, assistance can be provided to convert existing data into a format of the new vendor (at cost).
End-of-contract process
Export of data and audit trail into PDF or Word documents and full database dump are included in the price of the contract.

Specific conversion of existing data into a new format or database can be provided at cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
Our REST API is available for integration with other services in order to create, change or access data on the platform. Every action that can be done through the interface on the platform is available via the API.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Limited customisation is available. The following features can be customised:
- documentation metadata
- user roles
- user groups
- categorisation of documents
- templates of documents
- reports (customised by our team on request)


Independence of resources
We use dedicated servers for each enterprise client and we constantly monitor performance and usage of the service to ensure that the dedicated hardware continues to be at the appropriate level. In the event of increased demand, the hardware can be scaled up without interruption.


Service usage metrics
Metrics types
We provide the following metrics:
- reports based on documentation metadata
- usage statistics
- user interaction on the platform
- security and authentication logs and statistics
- platform performance statistics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Either export documents to PDF and Word, or structured data can be exported via API or full database dump.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Word
  • XML
  • JSON
  • SQL
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
We use IP whitelisting to limit exposure of the service only to the organisation's IP addresses.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
We use IP whitelisting to limit access to data only to certain internal IP addresses used by the application and database servers.

Availability and resilience

Guaranteed availability
We provide 99.5% availability, which is assured through contractual commitment and regular reporting on the uptime of the service.
Approach to resilience
The resilience of the service and datacentre documentation is available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
SAML-based Single Sign-On
Access restrictions in management interfaces and support channels
Access to ClauseMatch platform is restricted through SSL and whitelisting of client IP addresses to limit exposure of the service only to approved IPs. Users authenticate through SAML Single Sign-On or username and password with 2FA available. Roles and permissions can be defined within the application by admin users and more granular permissions can be managed individually in relation to documents and content.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
DAS Certification
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ClauseMatch operates an Information Security Management System (ISMS) in accordance with ISO27001 standard, which is independently audited and certified by an accredited certification body. The ISMS system includes clearly defined policies, controls and a clear reporting structure with the full division of responsibilities. Compliance with policies and operational processes are audited on quarterly basis internally and every 12 months by independent auditors providing the ISO27001 certification.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Every single change to the platform is tracked and documented from ideation to development, testing (automated and manual) for defects and security, code review, user acceptance testing and production. ClauseMatch operates a Secure Development and Change Management Policy in accordance with the ISO27001 standard, which is independently audited. There is a clear division of responsibilities ensuring that the code developed cannot be deployed into production without following the approval process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
ClauseMatch employs automated vulnerability scanning tools, extensive logging, real-time alerting of potential security incidents and regular auditing of logs. Information about potential threats is gathered from OWASP Top 10 and reputable industry resources on security. Patches can either be deployed through bi-weekly release cycle or sooner through hotfixes depending on the criticality of the vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
ClauseMatch employs automated scanning tools, extensive logging of potential security incidents and real-time alerting. Logs are reviewed regularly and incidents are reported to clients within 1 hour.
Incident management type
Supplier-defined controls
Incident management approach
ClauseMatch uses incident management software to define SLAs, provide clients with the ability to submit support and incident tickets and track incidents from reporting to resolution. Reports are gathered and generated through the incident management system automatically. ClauseMatch is ISO9001 certified, the quality standard, which showcases our commitment to continued quality and improvement of our service.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£2500 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑