Contract Express generates standard legal documents from automated templates- reducing or eliminating the delays, costs, bottlenecks and risks that are inherent with manual drafting.
- Document assembly is advanced mail-merge with fields and optional clauses
- Custom templates created in Microsoft Word using intuitive mark-up language
- Template authoring tool automatically creates questionnaire forms and decision trees
- Preview mode shows the document being assembled in real-time
- Multiple output formats including docx and pdf
- Supports suites of documents created from a single questionnaire form
- Create libraries of paragraphs to be used across multiple templates
- Cloud-based: no hardware required; minimal IT resource demands
- Runs on secure Microsoft Cloud data centres in Europe
- Mobile first design: Responsive design for tablet or smartphone
- Users save around 80% of the time spent drafting documents
- Users can self-serve anytime, anywhere on a range of devices
- Staff can work faster and with fewer errors
- Expert staff can automate templates with minimal training
- Non-expert colleagues can generate orders based on those templates
- Dynamic coding ensures only relevant questions are asked
- Low configuration burden: simple system for creating templates
- Local experts manage automation: no need for large technical team
£1200 per user per year
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Planned maintenance is performed outside of business hours and service subscribers are provided with advanced notice.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||0800 - 18:00 Monday to Friday Priority 1 - 4 hours from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system. Priority 2 - 8 service hours from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agree ticketing system. Priority 3 - 2 business days from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system. Priority 4 - 5 business days from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system.|
|User can manage status and priority of support tickets||No|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Application and Infrastructure support between 0900 - 18:00 weekdays only. Support related to the availability of the service and responding to application bugs is included in the service subscription.
Additional support or training related to template creation or workflow configuration of the application is available at an additional cost.
A dedicated technical account manager is not included as part of the subscription.
|Support available to third parties||No|
Onboarding and offboarding
Training packages are available that are performed on-line via web conference or on-site.
User documentation is available to download from the service.
|End-of-contract data extraction||
Users can download their templates, documents and data from the service prior to the expiration of their contract.
These downloads are in standard formats such as .docx and .csv.
These can be downloaded from the user interface or via the API.
There is no single click bulk download of all templates, documents and data. They must be performed individually.
There are no data extraction services included in the the contract to assist customers in the automatic extraction of data at the end of the contract.
Assistance on data extraction is an additional cost.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Application has a responsive web design which makes it possible to complete standard tasks such as creating documents. More complex administrative tasks are designed to be used by a larger browser on a desktop.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Users can resize text without assistive technologies.
All Q&A forms can be completed with a keyboard and avoid keyboard trap.
All Q&A forms have a meaningful focus order and focus is visible
|What users can and can't do using the API||
There is an API for the service that the service also utilises.
This enables an external application or service to programatically create documents, retrieve documents and data and initiate workflows and approvals.
Users can create and maintain their own API keys from within the administrator features of the application.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
Users can create custom templates for their own documents. These custom templates have their own custom questionnaire forms.
Users can create custom approval processes and workflows such as DocuSign e-signature
Users can customise the colours of the interface through Themes.
Users can customise application behaviours through Profiles.
Users with the role Administrator can access these customisations.
|Independence of resources||Service resources have elasticity and are designed to scale as demand is increased.|
|Service usage metrics||Yes|
Total documents created by user
Total documents created by template
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Database encryption|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
There are three classes of data: templates, documents and document data.
Templates can be exported as Microsoft Word .docx documents from the user interface or API
Documents can be exported as Microsoft Word .docx documents from the user interface or API
Document data can be exported by creating a Datasheet of all data in the user interface and selecting the export option that downloads as a CSV file.
|Data export formats||
|Other data export formats||Docx|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||No guaranteed availability and no refund mechanism.|
|Approach to resilience||Available on request|
|Outage reporting||Emails to named administrators from the service team.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Restricted to named users|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Identity federation with existing provider (for example Google Apps)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||
Our third party hosting provider on which the service runs is accredited to several standards.
Our internal security governance for this service is aligned with ISO 27001 but not accredited
|Information security policies and processes||We are committed to our information security Risk Management Program and our charter is approved by the Executive Committee. We have an extended team of certified security and privacy subject matter experts located globally and dedicated to the security of our products and services. Our information security policies and standards are aligned to an international standard to provide assurance globally of practices that ensure confidentiality, integrity and availability of our products and services. We demonstrate our commitment to a secure operating environment by our ongoing certification program focused on our strategic data centres using the ISO 207001 standard. At a high level the following teams report into the Chief Information Security Officer (CISO): Strategy & Governance, Security Operations Centre, Business Continuity & Compliance, Enterprise Security Services, Architecture & Engineering. The CISO reports into Chief Technology Officer who in turn reports directly to the Chief Executive.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All components are tracked in our integrated asset management and change management systems.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Thomson Reuters internal information security team follows the company's polices and standards to asses potential threats.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Available on request|
|Incident management type||Supplier-defined controls|
|Incident management approach||Our incident management process is designed to ensure incidents are dealt with consistently and to restore normal service operation as quickly as possible, minimise any adverse impact on business operations, to ensure that the levels of service quality and availability are maintained. We provide appropriate and timely information to customers during high impact incidents. Incident management provides input to the problem management process after normal service has been restored, to facilitate effective problem and error control and reduce the number of related future Incidents. Information is recorded and Daily Service Reviews are conducted to review the status of managed incidents.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£1200 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|