Epiq Europe Ltd

ITOMS - Cloud-based Transcription Management and Delivery

ITOMS (International Transcription Operating Management System) is Epiq’s proprietary cloud-based transcription management tool. ITOMS enables clients to perform and automate many tasks, including: Uploading transcription order details and audio/video files; Scheduling work and organising activities; Monitoring job progress from initial request to completion; Downloading completed transcripts.


  • Upload transcription orders and audio/video files
  • Monitor transcription order progress from initial request to completion
  • Schedule and organise transcription work
  • Remote access
  • Encrypted and secure file transfer system


  • Easily and quickly submit transcription orders and upload audio/video files
  • Easily track progress of transcription orders
  • Securely transfer audio/video files
  • Securely receive completed transcripts


£75 a unit an hour

Service documents


G-Cloud 12

Service ID

7 4 3 2 0 4 1 3 6 7 3 0 3 9 1


Epiq Europe Ltd Sandeep Patel
Telephone: 020 7367 9173
Email: contracts@epiqglobal.com

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Service is deployed via the internet and is compatible with Google Chrome, Firefox and Internet Explorer browsers, as well as Apple devices running Safari. Service cannot be accessed via mobile or tablet devices running Android.
System requirements
Individual account per user with unique user name and password

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to all emails received within standard working hours (9am to 5.30pm, Monday to Friday) within one hour. We provide an emergency email address for queries received outside standard working hours. We aim to respond to these emails within two hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Each client is supported by an account manager and project management team. The project management team will be able to troubleshoot and resolve most day-to-day issues. The project support team is also assisted by a technical support desk, who are able to address more complex functionality questions. If necessary, the project management team and project support team will engage additional technical support to answer client queries. Technical support is included as standard and is not separately charged.
Support available to third parties

Onboarding and offboarding

Getting started
Initial client engagement is focused on a kick off meeting, which may take place in person or by telephone call. This will determine the number of users that may be required to use the system and to discuss the overall functionality of the system. The initial meeting may include a demonstration of the system. We also provide a user guide in PDF format.
Service documentation
Documentation formats
End-of-contract data extraction
The system is set up to automatically retain the data for as long as agreed in the contract and then automatically delete it. Users can extract their data by downloading it from the system to an external source.
End-of-contract process
At the end of the contract, ITOMS access is removed. No additional costs are incurred to the user.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
ITOMS has a simple and uncluttered interface that makes it very intuitive to use without any training required. The main page provides customisable dashboards showing draft orders, submitted orders, orders in progress and completed orders. All job information and reports can be easily accessed from tabs on the main page.
Accessibility standards
None or don’t know
Description of accessibility
We have ensured that our service is accessible by: - using simple colours; - writing in plain English; - using simple sentences and bullet points; - making buttons descriptive; - using good contrasts and a readable font size; - using a combination of colour, shapes and text; - following a linear, logical layout, ensuring that text flows and is visible when text is magnified to 200%. All non-text content that is presented to the user has a text alternative that serves the equivalent purpose.
Accessibility testing
We have not done any interface testing with users of assistive technology.
Customisation available


Independence of resources
Users upload and download their data as and when required, and as a result, demand by numerous users does not affect the service due to a very limited of time spent by the user in the system.


Service usage metrics
Metrics types
Volumes of data received and processed
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is exported by downloading to an external or local drive in the user's network. Reports on volumes of data are also available to download as an Excel file.
Data export formats
Other data export formats
  • Microsoft Word
  • PDF
  • Microsoft Excel
Data import formats
Other data import formats
  • Microsoft Word
  • Microsoft Excel
  • PDF
  • MPEG Audio Layer III (.MP3)
  • PCM Wave (.WAV)
  • Digital Speech Standard (.DSS)
  • Liberty Court Recorder audio (.DCR)
  • FTR Gold audio (.TRM)
  • FTR log file (.FLS)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We train staff to answer phones within three rings, acknowledge emails within one hour and escalate all unusual queries to their manager. We maintain a formal policy for handling queries and all personnel are trained in our escalation process. Specific service level agreements for availability are agreed with clients on a case-by-case basis.
Approach to resilience
The physical protection of all data centres encompasses multiple layers including 24x7 onsite staff, strict personnel access controls utilising badge and/or biometric access and mantraps, and 24x7x365 video surveillance both inside and outside the facility. Hardware, servers, and network devices are maintained on raised flooring and are secured in locked cabinets. Visitors must be escorted at all times, sign in, and be assigned an electronic photo ID badge that does not grant access to any raised floor areas. Further information is available on request.
Outage reporting
Email alerts are sent directly to the IT support team who will then investigate and report back to clients confirming the start and end times for any outage, our analysis of the cause of the outage and how the issue was resolved. Reports will also include recommendations for any future changes or upgrades if these are required.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access to data within the system is based on a tiered hierarchy configured to match the specific roles and responsibilities of team members. Based on information provided by the client, Epiq's IT team will configure user access to data, as well as functions they are able to perform within the system. Administration and audit history features are deployed via specific tabs and commands, which are only visible to users authorised to access these features.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Standards Institute (BSI)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Services outside our core services which are Legal Services and Court Reporting. A statement of applicability can be provided on request.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information security is managed through a dedicated information security team who are responsible for designing and updating polices relating to user access, physical controls, network storage, appropriate use of systems and compliance with existing legislation. Policies are reviewed and updated on a quarterly basis. Mandatory training on security issues is provided to all employees when they join the company and at least annually during their tenure. Our data centre and operations centre have been accredited to ISO 27001 standard and as part of this certification we are regularly interviewed and audited by an external auditor - a process that evaluates our policies and practices to identify and resolve potential vulnerabilities.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The progress of the project will be tracked throughout its life-cycle by the Project Manager utilising the software's tracking functionality. Project Managers and IT staff are vigilant to any changes that may have a potential security impact. All such changes are reported to Epiq’s information security team and investigated. If any incident were to occur, the client would be advised as soon as it was discovered. A full investigation would ensue and a written report would be provided within 24 hours, detailing the incident, the security implications and any counter-measures that have been implemented to avoid a recurrence.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our Information Security Officer and information security management team ensure that we keep up-to-date with security alerts and advice through multiple information sources (newsletters, ISMS networks, clients, etc). If the threat is something that requires immediate attention, it will lead to an immediate change in the configuration of our technology or our operational procedures. Threat intelligence, such as information on viruses or phishing scams, is shared immediately with employees via email alerts. Information on security threats also feeds into updated security training, which is mandatory for all employees.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromises may be identified by staff, clients or other external sources. If a compromise is identified, the client will be advised immediately. A full investigation will ensue and a written report will be provided to the client within 24 hours, detailing the compromise, the security implications and any counter-measures that have been implemented to avoid a recurrence.
Incident management type
Supplier-defined controls
Incident management approach
We maintain an Incident Response Plan, which sets out our approach to reporting and responding to security incidents. Employees report incidents to the information security team using a standard format document and the team is responsible for investigating the reported activity in a timely manner and reporting findings to the client, management and any appropriate external authorities as necessary. Incident reports are usually provided by secure email. Our information security team subscribes to various industry alert services to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£75 a unit an hour
Discount for educational organisations
Free trial available

Service documents