Thomson Reuters

Thomson Reuters Contract Express

Contract Express generates standard legal documents from automated templates- reducing or eliminating the delays, costs, bottlenecks and risks that are inherent with manual drafting.


  • Document assembly is advanced mail-merge with fields and optional clauses
  • Custom templates created in Microsoft Word using intuitive mark-up language
  • Template authoring tool automatically creates questionnaire forms and decision trees
  • Preview mode shows the document being assembled in real-time
  • Multiple output formats including docx and pdf
  • Supports suites of documents created from a single questionnaire form
  • Create libraries of paragraphs to be used across multiple templates
  • Cloud-based: no hardware required; minimal IT resource demands
  • Runs on secure Microsoft Cloud data centres in Europe
  • Mobile first design: Responsive design for tablet or smartphone


  • Users save around 80% of the time spent drafting documents
  • Users can self-serve anytime, anywhere on a range of devices
  • Staff can work faster and with fewer errors
  • Expert staff can automate templates with minimal training
  • Non-expert colleagues can generate orders based on those templates
  • Dynamic coding ensures only relevant questions are asked
  • Low configuration burden: simple system for creating templates
  • Local experts manage automation: no need for large technical team


£1200 per user per year

Service documents

G-Cloud 9


Thomson Reuters

Joanne Fowler


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned maintenance is performed outside of business hours and service subscribers are provided with advanced notice.
System requirements
  • Microsoft Word 2010+
  • Compatible Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 0800 - 18:00 Monday to Friday Priority 1 - 4 hours from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system. Priority 2 - 8 service hours from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agree ticketing system. Priority 3 - 2 business days from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system. Priority 4 - 5 business days from Supplier’s receipt of trouble ticket from Customer’s second line support provider using agreed ticketing system.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Application and Infrastructure support between 0900 - 18:00 weekdays only. Support related to the availability of the service and responding to application bugs is included in the service subscription.
Additional support or training related to template creation or workflow configuration of the application is available at an additional cost.
A dedicated technical account manager is not included as part of the subscription.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training packages are available that are performed on-line via web conference or on-site.
User documentation is available to download from the service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can download their templates, documents and data from the service prior to the expiration of their contract.
These downloads are in standard formats such as .docx and .csv.
These can be downloaded from the user interface or via the API.
There is no single click bulk download of all templates, documents and data. They must be performed individually.
End-of-contract process There are no data extraction services included in the the contract to assist customers in the automatic extraction of data at the end of the contract.
Assistance on data extraction is an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Application has a responsive web design which makes it possible to complete standard tasks such as creating documents. More complex administrative tasks are designed to be used by a larger browser on a desktop.
Accessibility standards None or don’t know
Description of accessibility Users can resize text without assistive technologies.
All Q&A forms can be completed with a keyboard and avoid keyboard trap.
All Q&A forms have a meaningful focus order and focus is visible
Accessibility testing None
What users can and can't do using the API There is an API for the service that the service also utilises.
This enables an external application or service to programatically create documents, retrieve documents and data and initiate workflows and approvals.
Users can create and maintain their own API keys from within the administrator features of the application.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Users can create custom templates for their own documents. These custom templates have their own custom questionnaire forms.
Users can create custom approval processes and workflows such as DocuSign e-signature
Users can customise the colours of the interface through Themes.
Users can customise application behaviours through Profiles.
Users with the role Administrator can access these customisations.


Independence of resources Service resources have elasticity and are designed to scale as demand is increased.


Service usage metrics Yes
Metrics types Total documents created by user
Total documents created by template
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Database encryption
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are three classes of data: templates, documents and document data.
Templates can be exported as Microsoft Word .docx documents from the user interface or API
Documents can be exported as Microsoft Word .docx documents from the user interface or API
Document data can be exported by creating a Datasheet of all data in the user interface and selecting the export option that downloads as a CSV file.
Data export formats
  • CSV
  • Other
Other data export formats Docx
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability No guaranteed availability and no refund mechanism.
Approach to resilience Available on request
Outage reporting Emails to named administrators from the service team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Restricted to named users
Access restriction testing frequency At least once a year
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Our third party hosting provider on which the service runs is accredited to several standards.
Our internal security governance for this service is aligned with ISO 27001 but not accredited
Information security policies and processes We are committed to our information security Risk Management Program and our charter is approved by the Executive Committee. We have an extended team of certified security and privacy subject matter experts located globally and dedicated to the security of our products and services. Our information security policies and standards are aligned to an international standard to provide assurance globally of practices that ensure confidentiality, integrity and availability of our products and services. We demonstrate our commitment to a secure operating environment by our ongoing certification program focused on our strategic data centres using the ISO 207001 standard. At a high level the following teams report into the Chief Information Security Officer (CISO): Strategy & Governance, Security Operations Centre, Business Continuity & Compliance, Enterprise Security Services, Architecture & Engineering. The CISO reports into Chief Technology Officer who in turn reports directly to the Chief Executive.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components are tracked in our integrated asset management and change management systems.
Vulnerability management type Undisclosed
Vulnerability management approach Thomson Reuters internal information security team follows the company's polices and standards to asses potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Available on request
Incident management type Supplier-defined controls
Incident management approach Our incident management process is designed to ensure incidents are dealt with consistently and to restore normal service operation as quickly as possible, minimise any adverse impact on business operations, to ensure that the levels of service quality and availability are maintained. We provide appropriate and timely information to customers during high impact incidents. Incident management provides input to the problem management process after normal service has been restored, to facilitate effective problem and error control and reduce the number of related future Incidents. Information is recorded and Daily Service Reviews are conducted to review the status of managed incidents.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1200 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑