Oasis Discovery Private Cloud
Oasis procures, secures and maintains legal technology for eDiscovery document review and investigations. Our unique platform delivers a custom suite of software in a fully-managed private cloud. We provide infrastructure resources, system administration (including troubleshooting and upgrades), technical support, training, sales support (including demos), and certified subject matter experts.
Features
- Data processing and hosting for legal review/investigation
- Document depulication and near duplicate detection
- Automatic detection of personal information (PII) for DSAR
- Relativity, Brainspace, NexLP, Veritone included in suite of technology
- Industry leading Technology Assisted Review to save time and money
- Data visualisation and Artificial Intelligence available across multiple applications
- Multi layered secure remote access for all users
- Client portal for support and 'self service'
- Management of all security updates, patches and virus protection
- SSAE16, ISO 270001, Privacy Shield and GDPR compliant data centres
Benefits
- Oasis makes eDiscovery easy by managing specialist infrastructure and software
- Oasis suite of technology keeps pace with eDiscovery challenges
- Avoid limitations and restrictions of a single eDiscovery application
- Find facts fast using AI powered solutions
- Learn from the best - expert training on all applications
- Collate evidence in single repository for analysis
- Automatic solution scaling - fit for large and small projects
- Empower legal teams to manage the end-to-end eDiscovery process
- Fast client on-boarding with services available in hours
- Pay for what you use, per month, no commitments
Pricing
£5 a gigabyte a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
7 4 8 7 7 6 5 1 8 8 2 3 4 5 5
Contact
Oasis Discovery Partners Ltd
Matt Kingdon
Telephone: +44 7961 978600
Email: mrk@oasisdiscovery.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Prior to agreeing a contract, buyers should contact Oasis to confirm initial solution and scope. Oasis works in partnership with all our clients to make sure the solutions we provide are 'fit for purpose' in order to maximize investment and save time.
- System requirements
- All applications hosted by Oasis in secure private cloud
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Our SLA for responding to customer support request is 4 hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Our support structure is designed to provide a holistic approach whereby customers submit requests to our ticketing systems. Tickets are then reviewed and allocated as appropriate. All customers will be allocated a Technical Account Manager as standard. There is no additional cost associated to support provisioning.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
At Oasis we have a team of industry experts on hand to assist clients in every facet of working with the eDiscovery technology we provide. Whilst the day to day project management and user support is undertaken by our clients, Oasis is there to support those teams in applying the technology in the right way, and to assist in tasks like data processing.
The Oasis Client Experience team are there to assist clients from the start, including:
• Client on-boarding including administrator training on all applications. We provide user documentation, hands on web based training through video conferencing facilities. If required, training can be provide on site.
• Server and system management training
• Application workflows – custom processes to help Oasis clients get the most out of the technologies available to them
• Application consultancy – use the solutions most fit for purpose from client to client, or project to project
• Data processing support – leverage the Oasis team to help when large volumes of data need processing fast and accurately
• Custom development – the Oasis development team can test and assess any custom applications and scripts you wish to bring to your environment - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
There are multiple ways for customers to extract data, whether at contract end or during the course of the engagement (i.e. when projects end). Examples include:
- Native data and associated metadata, images and text via load file in .DAT, .CSV or proprietary format
- Custom application based export including Relativity ARM application from both Relativity Server and Relativity One
Exported data can be provided in a logical download via secure transfer tools or physical download to removable media. In all cases a detailed chain of custody process is adhered to (with reports provided when required) and data is encrypted at every stage. - End-of-contract process
- At the end of the contract access to the Oasis eDiscovery Cloud environment will be terminated. At the client’s instruction Oasis can either delete all client data from the servers, or export the data in the client's chosen format and deliver via secure file transfer or encrypt portable media. Evidence of data export and data destruction are provided to every client at the end of the engagement.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- Description of service interface
-
"Litsy" is a full-featured management application purpose-built for the business of eDiscovery:
Ticketing & Job Queues– Tickets (project instructions) can be customized to reflect the organization’s services.
Communication – Activities in Litsy – including new ticket creation, updates, changes to instructions and questions –are communicated via automatic email updates. Owners can create their own distribution lists at the project level and can even customize the subject line of the emails.
Billing Summaries – Detailed spreadsheets can be created at the Client or Matter level.
Dashboards/Reporting – Dashboards report on your team’s productivity and visualize the work they do. - Accessibility standards
- None or don’t know
- Description of accessibility
-
Service module is access via secure URL and can be customised to each client. Activities that clients can perform include, but are not limited to:
User account creation and management
Database creation and management
Task management and reporting (data processing, publishing and exporting)
User performance management
Billing summary and invoice creation - Accessibility testing
- None known at this time
- API
- Yes
- What users can and can't do using the API
-
Oasis provides clients with a suite of scripts and integrations using the well known Relativity API structure.
In addition to this clients can bring their own scripts and integrations (based on the same Relativity framework) to be implemented on their projects in the Oasis hosted Relativity infrastructure.
When required, Oasis can create custom scripts and integrations for clients, these activities are chargeable and defined in specific SOWs. - API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Working with the Oasis support team clients can customize: the layout and UI experience on a per project basis;create and manage dashboards across projects; provide custom built scripts and integrations that the Oasis technical support teams will evaluate prior to applying to the client environment.
Only client users with appropriate permissions (set at the application level) will be allowed to perform customization functions.
Scaling
- Independence of resources
- Ongoing and proactive system performance analysis. Load balancing technologies ensure consistent distribution of system resources. High demand resources are placed on a dedicated platform to ensure quality of service is met for our shared environment. Services include multi-tenancy and single-tenancy options.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
As standard Oasis provide every client with real time service metrics including:
Monthly Uptime Information to support agreed SLAs
Active and inactive user accounts
Active and inactive data volume being hosted
Data processing volumes
Data processed using analytics technologies
Volume of data across all projects
Reports across all projects for invoice analysis and creation
End user activity including document review activity
Data import and data export processes and volumes
Support ticket volumes, topics and response metrics - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Relativity, Brainspace, NexLP, Ayfie, Matter Analytics, Nuix, Veritone
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
User can export data by submitting an export request to the support team who will execute their request to the required format, including:
- Native data and associated metadata, images and text via load file in .DAT, .CSV or proprietary format
- Custom application based export including Relativity ARM application from both Relativity Server and Relativity One
Exported data can be provided in a logical download via secure transfer tools or physical download to removable media. In all cases a detailed chain of custody process is adhered to (with reports provided when required) and data is encrypted at every stage. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- CSV file with associated native content, images and text
- DAT file with associated native content, images and text
- Relativity ARM exports for both Relativity Server and Relativity One
- Custom application export formats for eDiscovery technologies
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- All raw data can be processed/imported in native format
- Data can be imported via .DAT or .CSV file
- Relativity ARM formats from BOTH Relativity Server and Relativity One
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Customer networks have no connectivity to the Oasis network. Customer data is transferred to Oasis via encrypted connectivity or encrypted media drives being delivered to a secure data centre location. Upon receipt of data, all customer interaction with data is via secure remote desktop gateway.
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Oasis understands that its customers depend on the IT systems provided, maintained and supported by Oasis, and that these items are of critical importance to a business.
Relativity and Virtual Server Availability is measured continuously, but for the purposes of this SLA will be measured in units of minutes during the applicable month for which the Service Credits will apply. The following table summarizes the Service Credits due for failing to meet the Availability target:
Service Availability 99.9% Potential service credit 5%
Service Availability 99.8% Potential service credit 10%
Service Availability 99.7% Potential service credit 15%
A Virtual Server will be deemed “available” if the virtualization hardware and hypervisor layers delivering the clients virtualized servers are available and responding to Oasis’ monitoring tools. Or if any server downtime doesn’t impact any necessary functionality within the Client’s network.
If availability for any service drops below the relevant threshold in any given month, the customer will be eligible to receive a service credit. A service credit is a reduction of fees payable by the customer in the month following a service delivery report showing a failure to meet the SLA and/or a refund. - Approach to resilience
- Full redundancy built around telecommunications, power, network interfaces and server hardware including storage with dual controllers. Further information is available upon request.
- Outage reporting
- Customer communications are managed by our dedicated client support teams. Communications include email, telephone or customer preferred methods.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Strict role based access provisioning issued using least privilege allocation. All management interface and support channels require MFA for every login attempt. All administrators have separate accounts for privileged and non privileged activities, all activity is logged and reviewed periodically.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Centre for Assessment
- ISO/IEC 27001 accreditation date
- 31st October 2017
- What the ISO/IEC 27001 doesn’t cover
- The scope of our certification excludes the control objectives for software development activities. Oasis Discovery Partners Ltd do not complete software development. Oasis staff are 100% remote workers, therefore our scope excludes the physical security controls, these controls are provided and assigned to our supplier management through contract provisioning (which are in scope and audited as such).
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Our data centres hold PCI, ISO27001, 9001, 20001 and ISAE3402
- Cyber Essentials
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- ISO27017
- Information security policies and processes
- Our Information Security Management System (ISMS) is certified to ISO27001 and ISO27017, it is managed by our Security Steering Committee, members of this committee include the Chief Executive Officer, Chief Operating Officer, Director of Information Technology, Director of Information Security and our Vice President of Technology. Our ISMS includes all required policies and procedures to meet the requirements of our security standards and certifications. Our ISMS requires all staff to read and agree to specific Information Security practices. Internal and External audits are completed annually (at minimum) and include review and audit of user compliance. Our ongoing training, awareness and education ensures all staff are aware of ongoing best practice for information security, our internal standards, applicable regulatory, statutory and contractual obligations.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Every change to an Information Resource (e.g. operating system, computing hardware, networks, applications, data centers) that supports the Oasis Discovery business is subject to our Change Management Policy and must adhere to our internal change management procedures. Subject to the level of change (standard, normal or emergency), our internal CAB completes a required risk assessment, including review of potential security impact.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), monthly maintenance programs (including full patch management), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioral patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Appropriate contact in place with special interest groups providing specialist security updates on an ongoing basis.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Weekly vulnerability scanning, annual (at minimum) penetration testing (internal and external), third party security operations centre monitoring all network and endpoint traffic and process activity (including unusual behavioral patterns, block first ask questions later approach). Environment wide anti-virus on all servers and endpoints. Alerts are received (email, telephone, application) for all potential compromises and sent to our Security Steering Committee and IT dept, upon evaluation for severity and level of risk, appropriate actions and ownership are assigned via our incident management procedures.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our ISMS Steering Committee manage our information security incident management program. Incidents are reported via email, telephone, ticket creation or direct 1-2-1 communication. We have pre-defined procedures to follow, including: Collection of information, verification of incident, severity and scope assessment, risk assessment, design required action plan and assign owners, review of completed actions, secondary risk assessment, trend analysis and lessons learnt activities.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £5 a gigabyte a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Processing and hosting of data up to 10GB and hosted for 1 month can be made available for a service trial.
Data being used for the trial should be treated as 'test' data and not part of an active/live matter