iManage EMEA Limited

iManage Work Product Management Cloud

iManage is the industry’s leading work product management application, empowering professionals to create, manage, collaborate on, govern and secure, all work product from anywhere on any device in a single user experience, turning lost time into productive time.

Features

  • Document Management
  • Email Management
  • Content Organisation
  • Personalised Search using machine learning and data analytics
  • Protection of content in iManage and non-iManage repositories
  • Sharing and Collaboration
  • Smart Worklists
  • Detect sophisticated threats from internal or external actors
  • Smart Timeline
  • Manage and control all records from a single policy

Benefits

  • Suggested email filing keeps you ahead of inbox overload
  • Document timelines, dashboards and analytics
  • Searching across all work product is automatically tuned to you
  • Secure mobile access
  • Seamless integration with the applications you’re already using
  • User designed workflows, navigation and contextual help
  • Organisation policies govern audited document access and sharing
  • Implement need-to-know security enforcement at scale
  • Share securely with internal and external collaborators
  • Reduce the risk of data breaches

Pricing

£60.80 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

733303005923082

iManage EMEA Limited

Clint Crosier

(312) 967-6230

legal@imanage.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints Nothing material, other than the supported platforms set forth herein.
System requirements
  • IManage Work Desktop for Windows
  • IManage Work Desktop for Mac
  • IManage Work Mobility for iOS
  • IManage Work Mobility for BlackBerry Dynamics
  • Web Browsers and Mobile Operating Systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday - Friday:
Priority 1 Errors: 1 Business Hour
Priority 2 Errors: 4 Business Hours
Priority 3 Errors: 6 Business Hours
Priority 4 Errors: 1 Business Day

Cloud Customers have access to support assistance 24 hours per day, Monday - Sunday, 365 days per year, for Priority 1 Errors.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible A customer representative may use the iManage support website to submit a case. A password and ID will be provided to customer representatives.
Web chat accessibility testing N/A
Onsite support No
Support levels Support assistance is available during Business Hours for Cloud Customers. Response Time Objectives for calls submitted outside the coverage window will apply to the next Business Day. In addition, Cloud Customers have access to support assistance 24 hours per day, Monday through Sunday, 365 days per year, for Priority 1 Errors.

We provide a cloud support manager for all customers and a technical account manager may be added for an additional fee.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started IManage provides a cloud onboarding welcome package. As part of the package, the iManage cloud onboarding team provides assistance with the following: (i) implementation stages and checkpoints, (ii) data migration, (iii) go-live preparation, (iv) post go-live responsibilities and (v) iManage cloud support assistance.

iManage also has iManage cloud training and certification that it makes available to its cloud customers.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction IManage provides no less than 90 days for cloud customers to download their data. iManage can also provide the customer with a number of options for the actual extraction of the data.
End-of-contract process IManage makes the data available for no less than 90 days after contract termination / expiration. If a cloud customer needs additional assistance, such assistance will be provided by iManage professional services, for an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service N/A - browser-based
Accessibility standards None or don’t know
Description of accessibility IManage Work can be accessed using a web browser on any desktop, using mobile phones and tablets, and using the Work panel in Microsoft Outlook with the iManage Work Desktop for Windows desktop application. iManage Work also provides an embedded experience through iManage Work Desktop for Windows with Microsoft Office and Adobe application integrations.
Accessibility testing N/A
API Yes
What users can and can't do using the API The iManage Work REST APIs enable users to perform operations such as viewing documents, browsing workspaces, and searching for documents on the iManage Work server through the HTTP protocol.

Several operations that are performed through the iManage Desktop client applications can be performed and/or automated using iManage Work REST APIs.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisation is available through the use of our APIs. The extent of the customisations available are set forth in the API documentation. Additionally, further customisation may be available from iManage or a certified partner of iManage.

Scaling

Scaling
Independence of resources The iManage cloud is capable of petabyte scale, including automatic scaling and self-healing, with multiple, redundant, synchronised data centers. Additionally, we offer multi-tenant architecture with logical and physical data isolation.

Analytics

Analytics
Service usage metrics Yes
Metrics types IManage provides a SLA for the availability of the cloud service. iManage also provides reporting on user counts / storage levels (upon request).
Reporting types
  • API access
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach We use encrypted SAN storage.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach IManage provides no less than 90 days for cloud customers to download their data. iManage can also provide the customer with a number of options for the actual extraction of the data. Currently, there are approximately 40 products available to assist with import/export.
Data export formats
  • CSV
  • Other
Other data export formats In the format in which it's stored in the service
Data import formats
  • CSV
  • Other
Other data import formats Any electronic file type as defined by customer

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%

Service Credits are provided pursuant to the following table (percentages are based on the monthly fee or 1/12th of the annual fee):
Less than 99.9% but not less than 99.0% - 10%
Less than 99.0% but not less than 98.0% - 25%
Less than 98.0% but not less than 95.0% - 50%
Less than 95.0% - 100%
Approach to resilience Available upon request.
Outage reporting There is a notification page on the iManage support website. This page can be subscribed to by users so that they receive an email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels IManage enforces an access control policy based on least privileges principles.

iManage maintains an authorisation management system.
All iManage Personnel accessing systems containing Customer Data have a separate, unique username.
iManage restricts access to Customer Data solely to iManage Personnel who have a need to access the Customer Data or as otherwise required by applicable Law.

iManage uses industry standard practices to identify and authenticate all iManage Personnel who attempt to access iManage network or information systems.
Where authentication credentials of iManage Personnel are based on passwords, iManage requires that such passwords meet minimum requirements for length and complexity.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Schellman & Company, LLC
ISO/IEC 27001 accreditation date 28 March 2018
What the ISO/IEC 27001 doesn’t cover IManage general administration (i.e., non-cloud)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 27017
  • ISO 27018
  • ISO 22301
  • SOC 2 Type 2 (All Trust Principles)
  • SOC 2+
  • SOC 3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IManage maintains a written information security management program designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. The ISMS may be updated from time to time based on changes in applicable legal and regulatory requirements, best practices and industry standards related to privacy and data security.

iManage uses commercially reasonable and appropriate methods and safeguards to protect the confidentiality, availability and integrity of Customer Data. iManage adheres, and at all times will adhere, to information security practices at least as protective of Customer Data as identified in ISO 27001 and ISO 27017 (or substantially equivalent or replacement standards) or other generally accepted authoritative standards (e.g., SSAE 16, SOC2).

iManage maintains written policies and procedures that address the roles and responsibilities of iManage Personnel, including both technical and non-technical personnel, who have access to Customer Data in connection with providing the Cloud Services. All iManage Personnel with access to Customer Data receive annual training on the ISMS. iManage ensures that access rights are revoked for all iManage Personnel immediately upon the termination of their employment, contractual or other relationships with iManage.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have a cloud-gating process to ensure availability, confidentiality and security of changes we make to the service.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach IManage uses reasonable efforts to ensure that the Cloud Services operating systems and applications that are associated with Customer Data are patched and otherwise secured to mitigate the likelihood and impact of security vulnerabilities in accordance with iManage’s patch management processes and within a reasonable time after iManage has actual or constructive knowledge of any critical or high-risk security vulnerabilities. iManage conducts vulnerability testing on a monthly basis. We get our information from contracted third parties and public resources.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We have a SIEM tool that helps us monitor for security events. We also have an escalation process to respond to such events, wherein response time is dependent on severity of the event.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a customer support team that accepts reports on incidents. We also have an operations monitoring team that checks for anomalies. If there is a confirmed incident, the operations team manages it to closure. Customers are informed if necessary by the support portal.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £60.80 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access can be given a site for an agreed period, in order to prototype the solution as part of the sales cycle once the requirements have been identified

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑