Legastat Ltd

eDisclosure and eDiscovery Cloud Software

Legastat is a leading provider of Cloud-based eDisclosure software and services to the Public Sector. As a UK alliance partner of OpenText (Recommind), we offer the class-leading Axcelerate software that provides an end-to-end eDisclosure platform with built-in proprietary advanced analytics, and the industry’s best predictive coding and AI engine.

Features

  • Electronically Stored Information (ESI) Processing
  • Email threading
  • Document deduplication and near duplication
  • Intelligent document search and analysis including concept clustering
  • Built in Technology Assisted Review (TAR)
  • Data Visualisation to map ESI communications and material
  • User driven work flows and batching of documents
  • Business Inteligence module to track and audit use Case Management
  • Intelligent document redaction capability
  • Hosted on our highly secure private cloud infrastucture

Benefits

  • Forensically and defensibly extract metadata and cull data efficiently
  • View, tag and annotate documents for legal review or investigation
  • Documents are automatically clustered by subject and sentiment
  • Advanced Technology Assisted Review (TAR) to find similar relevant material
  • User defined batching of documents by relevance,date and custodian
  • Add additional data with no impact on existing work product
  • Minimised training requirements combined with formal accreditation if required
  • Improve efficiency and accuracy of document review whilst reducing cost
  • Monitor the progress of entire review via built-in BI dashboard
  • Hugely scalable for large complex data volumes via elastic infrastructure

Pricing

£8 to £50 per gigabyte per month

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 7 8 0 3 0 1 9 5 9 6 3 9 7 9

Contact

Legastat Ltd

Paul Fox

0207 492 6510

paul.fox@legastat.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Due to variations in the needs of specific projects, Authorities should contact Legastat prior to placing orders to discuss the specific scope and requirements of their project, the most appropriate solution and any related terms that may apply.
System requirements
  • Windows or Mac Operating Systems
  • Up-to-date version of common browsers (Chrome, Firefox, Internet Explorer/Edge, Safari)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Legastat aims to respond to all requests within 30 minutes and support requests are then prioritised depending on the nature or complexity of the user's request. Out of hours (evenings and weekends) support is available on request or on a project by project basis as required.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Technical Support of the software is included as part of any project costs and not charged separately. Requests for technical project assistance may incur additional professional services charges to complete.
All projects are allocated a Technical Project Manager and an Account Manager to oversee both the technical aspects of the project, liaise directly with the client team and act as the primary point of contact for day to day queries. The Account Manager will manage the commercial relationship with the client and deal with any variations in terms of specification or changes to costs which occur as a result. The Account Manager will also act as the first line of contact should a request require further quotes or escalation.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Legastat has a dedicated process for onboarding new clients and starting new projects. Full user documentation is available and training provided which is tailored to the specific needs of the client. There is also a full suite of online learning resources available and formal accreditation. Training can be conducted onsite, offsite or online via WebEx.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Legastat will discuss on an individual basis with clients how they would like their data to be extracted at the end of a project. Options include deletion, full sanitisation in accordance with HMG standards, export and archive to encrypted media in various formats and/or combinations of the above.
End-of-contract process
When a project ends, user access would be withdrawn upon instruction from the client and the data extraction and archive process implemented as described above.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Every eDisclosure project is different and as such, Axcelerate allows for significant customisation of the user environment to accommodate the project requirements and specification. Elements of the software that can be altered and customised include the user interface, user profiles, user workflows, tagging panels for document tagging and many other aspects of the user experience can be tailored either by project or user type. Depending on the nature of the changes these can be made either by the Legastat admin or user admin if sufficient privileges are allocated.

Scaling

Independence of resources
Legastat's Axcelerate software is hosted on a single tenant environment meaning each client will have their own dedicated Axcelerate Cloud instance in AWS with dedicated resources to ensure optimum operation of the platform with built-in elastic scaling mechanisms to cope with increased workloads. Resources are not shared with other Legastat client Axcelerate Cloud instances.

Analytics

Service usage metrics
Yes
Metrics types
All aspects of software usage are both audited and reportable. This includes user access, document access and changes, time spent on a particular document, statistics such as documents reviewed per hour. All metrics are available via customisable reports viewed through the dashboard and management information module.
There is also a full back -end reporting structure that enables Legatstat to monitor specfic event logs, and other metrics such as storage reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Axcelerate from OpenText (Recommind)

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Aside from our approach to data extraction at the end of the project as described above, data would be exported for the purpose of the disclosure. The exact format and nature of the data to be exported would be agreed and an integral part of the project as this is often one of the specific goals towards which the user is working. Once the specific protocol for the disclosured data and format is agreed, either the client or Legastat (depending on the user's capability) would run the export process and provide the data to the client for disclosure.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The standard Service Level Agreement for Legastat's Axcelerate Cloud uptime is 99.5%.
Approach to resilience
Legastat hosts our Axcelerate servers in the UK. Furthermore OpenText has other AWS locations worldwide. For the purposes of the services available on the Digital Marketplace only the UK servers are utilised. These locations are composed of regions and Availability Zones (AZ). Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones which provides OpenText the ability to place resources, such as instances, and data in multiple locations. In this instance data will be hosted in the UK Availability Zone only. All client data is replicated to multiple storage sites within the UK that are redundant; snapshots can be restored to any available Availability Zone (AZ) where clients have full system and server redundancy as well. All major system components of the data centres are backed up with redundant equipment and automatic fail over procedures. All critical online data is replicated real time to storage devices at the backup data centre to ensure a zero to minimal level of data loss if a catastrophic event occurred at the primary data centre.
Outage reporting
Via email alerts as soon as we are aware of any outage.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Legastat's User Access Management policy restricts access permissions based on the principles of least privilege. Legastat personnel are allocated only the minimum permissions necessary to fulfill the job functions associated with their role. Validation is enforced through a full life cycle for identity access management process and a quarterly validation of all appropriate personnel with access privileges.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SNR Certification UK Ltd
ISO/IEC 27001 accreditation date
30/10/2018
What the ISO/IEC 27001 doesn’t cover
The scope of our ISO27001:2013 accreditation covers all aspects of the services offered via the Digital Marketplace
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Sysnet Global Solutions
PCI DSS accreditation date
02/04/2019
What the PCI DSS doesn’t cover
Anything outside of the requirements of the PCI DSS Certification.
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
All Legastat's information security policies and procedures are covered under our ISMS (Information Security Management System) of which there are 34 in total and available upon request subject to NDA. The ISMS forms the basis of Legastat's ISO27001:2013 accreditation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Legastat's configuration and change management processes are incorporated into our Project Management strategy which is based on a combination of the structure of a Prince 2 methodology and still allows the flexibility and pragmatic responsiveness that eDisclosure projects often require. The change management process is based upon the principles of ITIL, ensures that our ISMS is followed at all times whilst incorporating the principles of an ISAE 3402/3000 approach. All of this is to ensure that any changes to the project do not compromise the security of any project.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All aspects relating to the vulnerability management of our services are comprehensively addressed within Legastat's ISMS and ISO27001:2013 accreditation. Furthermore, OpenText Vulnerability management program conforms to the ISO 27001:2013 framework and corresponding control objectives. An annual vulnerability test is conducted as needed, but no less than annually, to test key administrative, physical and technical controls to validate if the objectives of the Information Security Program are being met. The vulnerability test includes security policy compliance; social engineering; external penetration testing; server vulnerability scans and physical security reviews.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All Legastat's protective monitoring processes are incorporated into our ISMS and ISO27001:2013 accreditation. Furthermore, all OpenText's systems and networks are protected by a multi-layered / segmented architecture, which incorporates various granular controls including but not limited to ICSA certified firewalls, HIDS, NIPS, etc.
Incident management type
Supplier-defined controls
Incident management approach
Legastat's incident management processes are covered within our ISMS that forms the basis for our ISO27001:2013 accreditation. The ISMS includes a fully-documented sub-process for the Incident Management process which provides the necessary guidance for uniform response to properly alert, triage, and escalate events.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8 to £50 per gigabyte per month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Legastat will provide access to the Axcelerate software on a trial basis to a standardised dataset, offer training and provide guidance on any specific matter. The objective of this would be to determine if Axcelerate was the correct platform for the Authorities requirements with both parties agreeing to measurable objectives.

Service documents

Return to top ↑