Oasis Discovery Partners Ltd

Oasis Discovery Private Cloud

Oasis procures, secures and maintains legal technology for eDiscovery document review and investigations. Our unique platform delivers a custom suite of software in a fully-managed private cloud. We provide infrastructure resources, system administration (including troubleshooting and upgrades), technical support, training, sales support (including demos), and certified subject matter experts.

Features

  • Data processing and hosting for legal review/investigation
  • Document depulication and near duplicate detection
  • Automatic detection of personal information (PII) for DSAR
  • Relativity, Brainspace, NexLP, Veritone included in suite of technology
  • Industry leading Technology Assisted Review to save time and money
  • Data visualisation and Artificial Intelligence available across multiple applications
  • Multi layered secure remote access for all users
  • Client portal for support and 'self service'
  • Management of all security updates, patches and virus protection
  • SSAE16, ISO 270001, Privacy Shield and GDPR compliant data centres

Benefits

  • Oasis makes eDiscovery easy by managing specialist infrastructure and software
  • Oasis suite of technology keeps pace with eDiscovery challenges
  • Avoid limitations and restrictions of a single eDiscovery application
  • Find facts fast using AI powered solutions
  • Learn from the best - expert training on all applications
  • Collate evidence in single repository for analysis
  • Automatic solution scaling - fit for large and small projects
  • Empower legal teams to manage the end-to-end eDiscovery process
  • Fast client on-boarding with services available in hours
  • Pay for what you use, per month, no commitments

Pricing

£5 a gigabyte a month

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

7 4 8 7 7 6 5 1 8 8 2 3 4 5 5

Contact

Oasis Discovery Partners Ltd Matt Kingdon
Telephone: +44 7961 978600
Email: mrk@oasisdiscovery.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Prior to agreeing a contract, buyers should contact Oasis to confirm initial solution and scope. Oasis works in partnership with all our clients to make sure the solutions we provide are 'fit for purpose' in order to maximize investment and save time.
System requirements
All applications hosted by Oasis in secure private cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our SLA for responding to customer support request is 4 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our support structure is designed to provide a holistic approach whereby customers submit requests to our ticketing systems. Tickets are then reviewed and allocated as appropriate. All customers will be allocated a Technical Account Manager as standard. There is no additional cost associated to support provisioning.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
At Oasis we have a team of industry experts on hand to assist clients in every facet of working with the eDiscovery technology we provide. Whilst the day to day project management and user support is undertaken by our clients, Oasis is there to support those teams in applying the technology in the right way, and to assist in tasks like data processing.

The Oasis Client Experience team are there to assist clients from the start, including:

• Client on-boarding including administrator training on all applications. We provide user documentation, hands on web based training through video conferencing facilities. If required, training can be provide on site.
• Server and system management training
• Application workflows – custom processes to help Oasis clients get the most out of the technologies available to them
• Application consultancy – use the solutions most fit for purpose from client to client, or project to project
• Data processing support – leverage the Oasis team to help when large volumes of data need processing fast and accurately
• Custom development – the Oasis development team can test and assess any custom applications and scripts you wish to bring to your environment
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
There are multiple ways for customers to extract data, whether at contract end or during the course of the engagement (i.e. when projects end). Examples include:

- Native data and associated metadata, images and text via load file in .DAT, .CSV or proprietary format
- Custom application based export including Relativity ARM application from both Relativity Server and Relativity One

Exported data can be provided in a logical download via secure transfer tools or physical download to removable media. In all cases a detailed chain of custody process is adhered to (with reports provided when required) and data is encrypted at every stage.
End-of-contract process
At the end of the contract access to the Oasis eDiscovery Cloud environment will be terminated. At the client’s instruction Oasis can either delete all client data from the servers, or export the data in the client's chosen format and deliver via secure file transfer or encrypt portable media. Evidence of data export and data destruction are provided to every client at the end of the engagement.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
"Litsy" is a full-featured management application purpose-built for the business of eDiscovery:

Ticketing & Job Queues– Tickets (project instructions) can be customized to reflect the organization’s services.

Communication – Activities in Litsy – including new ticket creation, updates, changes to instructions and questions –are communicated via automatic email updates. Owners can create their own distribution lists at the project level and can even customize the subject line of the emails.

Billing Summaries – Detailed spreadsheets can be created at the Client or Matter level.

Dashboards/Reporting – Dashboards report on your team’s productivity and visualize the work they do.
Accessibility standards
None or don’t know
Description of accessibility
Service module is access via secure URL and can be customised to each client. Activities that clients can perform include, but are not limited to:

User account creation and management
Database creation and management
Task management and reporting (data processing, publishing and exporting)
User performance management
Billing summary and invoice creation
Accessibility testing
None known at this time
API
Yes
What users can and can't do using the API
Oasis provides clients with a suite of scripts and integrations using the well known Relativity API structure.
In addition to this clients can bring their own scripts and integrations (based on the same Relativity framework) to be implemented on their projects in the Oasis hosted Relativity infrastructure.
When required, Oasis can create custom scripts and integrations for clients, these activities are chargeable and defined in specific SOWs.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Working with the Oasis support team clients can customize: the layout and UI experience on a per project basis;create and manage dashboards across projects; provide custom built scripts and integrations that the Oasis technical support teams will evaluate prior to applying to the client environment.
Only client users with appropriate permissions (set at the application level) will be allowed to perform customization functions.

Scaling

Independence of resources
Ongoing and proactive system performance analysis. Load balancing technologies ensure consistent distribution of system resources. High demand resources are placed on a dedicated platform to ensure quality of service is met for our shared environment. Services include multi-tenancy and single-tenancy options.

Analytics

Service usage metrics
Yes
Metrics types
As standard Oasis provide every client with real time service metrics including:

Monthly Uptime Information to support agreed SLAs
Active and inactive user accounts
Active and inactive data volume being hosted
Data processing volumes
Data processed using analytics technologies
Volume of data across all projects
Reports across all projects for invoice analysis and creation
End user activity including document review activity
Data import and data export processes and volumes
Support ticket volumes, topics and response metrics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Relativity, Brainspace, NexLP, Ayfie, Matter Analytics, Nuix, Veritone

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
User can export data by submitting an export request to the support team who will execute their request to the required format, including:

- Native data and associated metadata, images and text via load file in .DAT, .CSV or proprietary format
- Custom application based export including Relativity ARM application from both Relativity Server and Relativity One

Exported data can be provided in a logical download via secure transfer tools or physical download to removable media. In all cases a detailed chain of custody process is adhered to (with reports provided when required) and data is encrypted at every stage.
Data export formats
  • CSV
  • Other
Other data export formats
  • CSV file with associated native content, images and text
  • DAT file with associated native content, images and text
  • Relativity ARM exports for both Relativity Server and Relativity One
  • Custom application export formats for eDiscovery technologies
Data import formats
  • CSV
  • Other
Other data import formats
  • All raw data can be processed/imported in native format
  • Data can be imported via .DAT or .CSV file
  • Relativity ARM formats from BOTH Relativity Server and Relativity One

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Customer networks have no connectivity to the Oasis network. Customer data is transferred to Oasis via encrypted connectivity or encrypted media drives being delivered to a secure data centre location. Upon receipt of data, all customer interaction with data is via secure remote desktop gateway.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Oasis understands that its customers depend on the IT systems provided, maintained and supported by Oasis, and that these items are of critical importance to a business.

Relativity and Virtual Server Availability is measured continuously, but for the purposes of this SLA will be measured in units of minutes during the applicable month for which the Service Credits will apply. The following table summarizes the Service Credits due for failing to meet the Availability target:

Service Availability 99.9% Potential service credit 5%
Service Availability 99.8% Potential service credit 10%
Service Availability 99.7% Potential service credit 15%

A Virtual Server will be deemed “available” if the virtualization hardware and hypervisor layers delivering the clients virtualized servers are available and responding to Oasis’ monitoring tools. Or if any server downtime doesn’t impact any necessary functionality within the Client’s network.

If availability for any service drops below the relevant threshold in any given month, the customer will be eligible to receive a service credit. A service credit is a reduction of fees payable by the customer in the month following a service delivery report showing a failure to meet the SLA and/or a refund.
Approach to resilience
Full redundancy built around telecommunications, power, network interfaces and server hardware including storage with dual controllers. Further information is available upon request.
Outage reporting
Customer communications are managed by our dedicated client support teams. Communications include email, telephone or customer preferred methods.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Strict role based access provisioning issued using least privilege allocation. All management interface and support channels require MFA for every login attempt. All administrators have separate accounts for privileged and non privileged activities, all activity is logged and reviewed periodically.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Centre for Assessment
ISO/IEC 27001 accreditation date
31st October 2017
What the ISO/IEC 27001 doesn’t cover
The scope of our certification excludes the control objectives for software development activities. Oasis Discovery Partners Ltd do not complete software development. Oasis staff are 100% remote workers, therefore our scope excludes the physical security controls, these controls are provided and assigned to our supplier management through contract provisioning (which are in scope and audited as such).
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Our data centres hold PCI, ISO27001, 9001, 20001 and ISAE3402
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO27017
Information security policies and processes
Our Information Security Management System (ISMS) is certified to ISO27001 and ISO27017, it is managed by our Security Steering Committee, members of this committee include the Chief Executive Officer, Chief Operating Officer, Director of Information Technology, Director of Information Security and our Vice President of Technology. Our ISMS includes all required policies and procedures to meet the requirements of our security standards and certifications. Our ISMS requires all staff to read and agree to specific Information Security practices. Internal and External audits are completed annually (at minimum) and include review and audit of user compliance. Our ongoing training, awareness and education ensures all staff are aware of ongoing best practice for information security, our internal standards, applicable regulatory, statutory and contractual obligations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Every change to an Information Resource (e.g. operating system, computing hardware, networks, applications, data centers) that supports the Oasis Discovery business is subject to our Change Management Policy and must adhere to our internal change management procedures. Subject to the level of change (standard, normal or emergency), our internal CAB completes a required risk assessment, including review of potential security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), monthly maintenance programs (including full patch management), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioral patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Appropriate contact in place with special interest groups providing specialist security updates on an ongoing basis.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioral patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Alerts are received (email, telephone, application) for all potential compromises and sent to our Security Steering Committee and IT dept, upon evaluation for severity and level of risk, appropriate actions and ownership are assigned via our incident management procedures.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our ISMS Steering Committee manage our information security incident management program. Incidents are reported via email, telephone, ticket creation or direct 1-2-1 communication. We have pre-defined procedures to follow, including: Collection of information, verification of incident, severity and scope assessment, risk assessment, design required action plan and assign owners, review of completed actions, secondary risk assessment, trend analysis and lessons learnt activities.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5 a gigabyte a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Processing and hosting of data up to 10GB and hosted for 1 month can be made available for a service trial.
Data being used for the trial should be treated as 'test' data and not part of an active/live matter

Service documents