Legastat Ltd

eDisclosure and eDiscovery Cloud Software

Legastat is a leading provider of Cloud-based eDisclosure software and services to the Public Sector. As a UK alliance partner of OpenText (Recommind), we offer the class-leading Axcelerate software that provides an end-to-end eDisclosure platform with built-in proprietary advanced analytics, and the industry’s best predictive coding and AI engine.


  • Electronically Stored Information (ESI) Processing
  • Email threading
  • Document deduplication and near duplication
  • Intelligent document search and analysis including concept clustering
  • Built in Technology Assisted Review (TAR)
  • Data Visualisation to map ESI communications and material
  • User driven work flows and batching of documents
  • Business Inteligence module to track and audit use Case Management
  • Intelligent document redaction capability
  • Hosted on our highly secure private cloud infrastucture


  • Forensically and defensibly extract metadata and cull data efficiently
  • View, tag and annotate documents for legal review or investigation
  • Documents are automatically clustered by subject and sentiment
  • Advanced Technology Assisted Review (TAR) to find similar relevant material
  • User defined batching of documents by relevance,date and custodian
  • Add additional data with no impact on existing work product
  • Minimised training requirements combined with formal accreditation if required
  • Improve efficiency and accuracy of document review whilst reducing cost
  • Monitor the progress of entire review via built-in BI dashboard
  • Hugely scalable for large complex data volumes via elastic infrastructure


£8 to £50 per gigabyte per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 7 8 0 3 0 1 9 5 9 6 3 9 7 9


Legastat Ltd

Paul Fox

0207 492 6510


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Due to variations in the needs of specific projects, Authorities should contact Legastat prior to placing orders to discuss the specific scope and requirements of their project, the most appropriate solution and any related terms that may apply.
System requirements
  • Windows or Mac Operating Systems
  • Up-to-date version of common browsers (Chrome, Firefox, Internet Explorer/Edge, Safari)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Legastat aims to respond to all requests within 30 minutes and support requests are then prioritised depending on the nature or complexity of the user's request. Out of hours (evenings and weekends) support is available on request or on a project by project basis as required.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Technical Support of the software is included as part of any project costs and not charged separately. Requests for technical project assistance may incur additional professional services charges to complete.
All projects are allocated a Technical Project Manager and an Account Manager to oversee both the technical aspects of the project, liaise directly with the client team and act as the primary point of contact for day to day queries. The Account Manager will manage the commercial relationship with the client and deal with any variations in terms of specification or changes to costs which occur as a result. The Account Manager will also act as the first line of contact should a request require further quotes or escalation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Legastat has a dedicated process for onboarding new clients and starting new projects. Full user documentation is available and training provided which is tailored to the specific needs of the client. There is also a full suite of online learning resources available and formal accreditation. Training can be conducted onsite, offsite or online via WebEx.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Legastat will discuss on an individual basis with clients how they would like their data to be extracted at the end of a project. Options include deletion, full sanitisation in accordance with HMG standards, export and archive to encrypted media in various formats and/or combinations of the above.
End-of-contract process When a project ends, user access would be withdrawn upon instruction from the client and the data extraction and archive process implemented as described above.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Every eDisclosure project is different and as such, Axcelerate allows for significant customisation of the user environment to accommodate the project requirements and specification. Elements of the software that can be altered and customised include the user interface, user profiles, user workflows, tagging panels for document tagging and many other aspects of the user experience can be tailored either by project or user type. Depending on the nature of the changes these can be made either by the Legastat admin or user admin if sufficient privileges are allocated.


Independence of resources Legastat's Axcelerate software is hosted on a single tenant environment meaning each client will have their own dedicated Axcelerate Cloud instance in AWS with dedicated resources to ensure optimum operation of the platform with built-in elastic scaling mechanisms to cope with increased workloads. Resources are not shared with other Legastat client Axcelerate Cloud instances.


Service usage metrics Yes
Metrics types All aspects of software usage are both audited and reportable. This includes user access, document access and changes, time spent on a particular document, statistics such as documents reviewed per hour. All metrics are available via customisable reports viewed through the dashboard and management information module.
There is also a full back -end reporting structure that enables Legatstat to monitor specfic event logs, and other metrics such as storage reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Axcelerate from OpenText (Recommind)

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Aside from our approach to data extraction at the end of the project as described above, data would be exported for the purpose of the disclosure. The exact format and nature of the data to be exported would be agreed and an integral part of the project as this is often one of the specific goals towards which the user is working. Once the specific protocol for the disclosured data and format is agreed, either the client or Legastat (depending on the user's capability) would run the export process and provide the data to the client for disclosure.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The standard Service Level Agreement for Legastat's Axcelerate Cloud uptime is 99.5%.
Approach to resilience Legastat hosts our Axcelerate servers in the UK. Furthermore OpenText has other AWS locations worldwide. For the purposes of the services available on the Digital Marketplace only the UK servers are utilised. These locations are composed of regions and Availability Zones (AZ). Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones which provides OpenText the ability to place resources, such as instances, and data in multiple locations. In this instance data will be hosted in the UK Availability Zone only. All client data is replicated to multiple storage sites within the UK that are redundant; snapshots can be restored to any available Availability Zone (AZ) where clients have full system and server redundancy as well. All major system components of the data centres are backed up with redundant equipment and automatic fail over procedures. All critical online data is replicated real time to storage devices at the backup data centre to ensure a zero to minimal level of data loss if a catastrophic event occurred at the primary data centre.
Outage reporting Via email alerts as soon as we are aware of any outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Legastat's User Access Management policy restricts access permissions based on the principles of least privilege. Legastat personnel are allocated only the minimum permissions necessary to fulfill the job functions associated with their role. Validation is enforced through a full life cycle for identity access management process and a quarterly validation of all appropriate personnel with access privileges.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SNR Certification UK Ltd
ISO/IEC 27001 accreditation date 30/10/2018
What the ISO/IEC 27001 doesn’t cover The scope of our ISO27001:2013 accreditation covers all aspects of the services offered via the Digital Marketplace
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Sysnet Global Solutions
PCI DSS accreditation date 02/04/2019
What the PCI DSS doesn’t cover Anything outside of the requirements of the PCI DSS Certification.
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes All Legastat's information security policies and procedures are covered under our ISMS (Information Security Management System) of which there are 34 in total and available upon request subject to NDA. The ISMS forms the basis of Legastat's ISO27001:2013 accreditation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Legastat's configuration and change management processes are incorporated into our Project Management strategy which is based on a combination of the structure of a Prince 2 methodology and still allows the flexibility and pragmatic responsiveness that eDisclosure projects often require. The change management process is based upon the principles of ITIL, ensures that our ISMS is followed at all times whilst incorporating the principles of an ISAE 3402/3000 approach. All of this is to ensure that any changes to the project do not compromise the security of any project.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All aspects relating to the vulnerability management of our services are comprehensively addressed within Legastat's ISMS and ISO27001:2013 accreditation. Furthermore, OpenText Vulnerability management program conforms to the ISO 27001:2013 framework and corresponding control objectives. An annual vulnerability test is conducted as needed, but no less than annually, to test key administrative, physical and technical controls to validate if the objectives of the Information Security Program are being met. The vulnerability test includes security policy compliance; social engineering; external penetration testing; server vulnerability scans and physical security reviews.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All Legastat's protective monitoring processes are incorporated into our ISMS and ISO27001:2013 accreditation. Furthermore, all OpenText's systems and networks are protected by a multi-layered / segmented architecture, which incorporates various granular controls including but not limited to ICSA certified firewalls, HIDS, NIPS, etc.
Incident management type Supplier-defined controls
Incident management approach Legastat's incident management processes are covered within our ISMS that forms the basis for our ISO27001:2013 accreditation. The ISMS includes a fully-documented sub-process for the Incident Management process which provides the necessary guidance for uniform response to properly alert, triage, and escalate events.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8 to £50 per gigabyte per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Legastat will provide access to the Axcelerate software on a trial basis to a standardised dataset, offer training and provide guidance on any specific matter. The objective of this would be to determine if Axcelerate was the correct platform for the Authorities requirements with both parties agreeing to measurable objectives.

Service documents

Return to top ↑