Epiq Systems Ltd

Legal Document Hosting

We provide document processing and hosting services for clients faced with challenges relating to the review of documents and data in the context of investigations and dispute resolution. Our services prepare documents for online review and provide support and advice on best use of the platform.


  • Document processing
  • Document deduplication
  • Application of search terms and filtering criteria
  • Online document hosting
  • Advanced searching and analysis
  • Document coding and categorisation
  • Email threading, near duplicate analysis and data visualisation
  • Technology Assisted Review
  • Redaction
  • Document production


  • Track documents and metadata in forensically sound manner
  • Prepare documents for review by legal teams
  • Collate evidence in single repository for analysis
  • Fast access to relevant information within large data sets
  • Advanced analysis to assist with grouping of documents
  • Protect confidential, personal and privileged information
  • Disclose documents to meet legal obligations


£60 per licence per month

Service documents

G-Cloud 9


Epiq Systems Ltd

Victoria Baker

020 7421 4051


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Service is deployed via the internet and is compatible with Google
Chrome, Firefox and Internet Explorer browsers, as well as Apple
devices running Safari. Service cannot be accessed via mobile or
tablet devices running Android.
System requirements Licenced per user per month

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 30 minutes during standard business hours. Weekends within 3 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Each client is supported by an account manager, as well as a project team who act as a first point of contact. The project support team will engage technical support and other resources as required, as they are best placed to analyse issues raised by clients, as well as having a capability to troubleshoot and resolve many day-to-day issues. The project support team is also assisted by a technical support desk, who are able to address general functionality questions.
Technical support is included within the application licensing and is not separately charged. If on-site attendance is required professional services and travel costs may be charged.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Initial client engagement is focused on a kick off meeting, which
may take place in person or on a conference call/web
presentation. This will define the scope of services to be provided,
key client deadlines, data sources to be processed and loaded to
the online review platform and information that will assist our
project management team to design the database to the specific
requirements of the matter. The initial meeting is followed up with
a training session, usually delivered online, where a small set of
data is loaded to the online review tool and key stakeholders are
introduced to the functionality of the database, as well as the
specific configuration that has been deployed for the team. After
taking feedback from the key stakeholders, any further changes
that need to be made are implemented by the project
management team and training provided to the full user
community, either online or in person. Our training programmes
are also supported by user guides available in PDF format and
other online resources.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be provided in a variety of formats in accordance with customer requests.
The most common data formats are documents in their native
format together with an industry standard load file, which enables the
documents and data to be loaded into Relativity or any equivalent
software in the event that any further analysis of the documents is
required. If documents contain redactions, then both a redacted
version of the document in image format and a clean copy can be
provided. When documents are intended for archive and no
further active use is anticipated, then a PDF delivery for all
documents is often requested. We have experience of working
with national archives and can provide deliveries to their
specification. Documents and data are delivered on hardware
encrypted USB media. Whilst clients can be enabled to download
documents and data via the browser interface, it is usually more
cost effective to have our system administrators run this
End-of-contract process Invoicing is monthly with core services in the contract including:
Document processing
Document hosting
User access fees
Project Management Support
Data Export
Consultancy and Advice
Fees are based on a per GB model for data processing and hosting services and billable hours for project management and consultancy and are invoiced monthly based on actual use.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Placeholder
Accessibility testing Placeholder
Customisation available No


Independence of resources The configuration of the Relativity architecture and system is based on recommendations made by kCura, who licence the application. Installations are based on tiers which are set to support defined volumes of documents and data a maximum recommended number of simultaneous users. Currently we are configured as a tier 2 environment which is designed to support up to 250 simultaneous users without degradation of performance. Our systems are monitored for performance and stability and our infrastructure can be upgraded to accommodate larger user communities if required.


Service usage metrics Yes
Metrics types Volumes of data received and processed
Volumes of data hosted
Active users
Breakdowns of data hosted by custodian, data, file type and other criteria as requested by clients
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Relativity online document review system, licensed from kCura

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Relativity can be configured to enable users to download both documents and data, subject to user profiles and permissions. For large data sets or formal productions to other parties it is recommended that a Wordwave system administrator manage this process as end users attempting to extract large volumes of data is likely to result in slow performance and most end users are unfamiliar with the formal requirements for presenting documents during disclosure.
Data export formats
  • CSV
  • Other
Other data export formats HTML
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Relativity uptime between hours of 06:00 to 00:00 Monday to Sunday including excluding Bank Holidays.
If uptime falls below 98% availability during the time period above clients would be entitled to 5% of their monthly invoices related to data hosting charges and user access fees.
Approach to resilience The physical protection of all data centres encompasses multiple layers including 24x7 onsite staff, strict personnel access controls utilising badge and/or biometric access and mantraps, and 24x7x365 video surveillance both inside and outside the facility.
Hardware, servers, and network devices are maintained on raised flooring and are secured in locked cabinets. Visitors must be escorted at all times, sign in, and be assigned an electronic photo ID badge that does not grant access to any raised floor areas.
Further information is available on request
Outage reporting Email alerts which are sent directly to the IT support team who will then investigate and report back to clients confirming the start and end times for any outage, our analysis of the cause of the outage and how the issue was resolved. Reports will also include recommendations for any future changes or upgrades if these are required.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Access to documents and data within the Relativity system is based on a tiered hierarchy configured to match the specific roles and responsibilities of team members. Security groups manage both the documents and data which users can access as well as functions they are able to perform within the system. Administration and audit history features are deployed via specific tabs and commands which are only visible to users authorised to access these features.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 11/01/2016
What the ISO/IEC 27001 doesn’t cover Services outside our core services which are defined as customer information assets accessed via our London offices covering Legal Services and Court Reporting. A statement of applicability can be provided on request.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations CyberEssentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Information security is managed through a dedicated information security team who are responsible for designing and updating polices relating to user access, physical controls, network storage, appropriate use of systems and compliance with existing legislation. Policies are reviewed and updated and mandatory training on security issues is provided to all employees when they join the company and at least annually during their tenure. Our data centre and operations centre have been accredited to IS27001 standard and as part of this certification we are regularly interviewed and audited by an external accreditor, a process that evaluates our policies and practices to identify and resolve potential vulnerabilities.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration of the Relativity software is based on recommendations made by kCura which are reviewed by our IT and information security teams. License management of any third party products relating to the service (such as Microsoft SQL) is managed by our IT team who monitor, renew and update any such applications as needed. Upgrades to the Relativity application are planned with the aim of always providing an environment within a single point release of the current version. kCura supply upgrade documentation which is reviewed by our IT and information security teams prior to planning any upgrade work.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Maintaining the security of our systems and services involves work from both our Information Security team and kCura, the licensors of Relativity, as well as external penetration testing by third parties. Any threats identified are analysed to confirm if the solution requires a code update in the core application or relates to services under our control. The threat is assessed on a High, Medium and Low basis and a path for resolution agreed that is appropriate to the level of the threat. Patches are typically applied every 1 - 2 months, with the option to change this if necessary.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our data and system use are monitored through intrusion detection mechanisms in line with our IT security policies. These send alerts to the IT team for investigation in the event that unauthorised attempts to access the system are identified. In addition to threats identified in this way from external sources, all user activity within the Relativity application is audited and logged, and a full history maintained. Incidents are escalated in line with our incident reporting policy, which determines further internal action to be taken and reporting processes for clients.
Incident management type Supplier-defined controls
Incident management approach We maintain and update an Incident Response Plan which set out our approach to reporting and responding to security incidents. Employees report incidents to the response team using a standard format document and the team is responsible for investigating the reported activity in a timely, cost effective manner and reporting findings to management and any appropriate external authorities as necessary. Our incident response team subscribes to various industry alert services to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • Scottish Wide Area Network (SWAN)


Price £60 per licence per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑