Lexis Diligence - Enhanced Due Diligence solution
Lexis Diligence brings into one, simple online tool the intelligence to conduct global enhanced due diligence and comply with legislation for anti-money laundering (AML), anti-bribery & corruption (ABC). The solution enables checks on individual or company backgrounds (KYC), negative news, sanctions and politically exposed persons (PEPs) and company litigation history.
- Access 23,000+ Newspapers, magazines, trade journals and web sources
- Company reports from 150+ company databases
- Information covering political and high net-worth individuals
- WorldCompliance & Info4C Global PEP databases with 1.5M+ entries
- Legal cases from selected countries and international regions
- Negative news search either pre-configured or customised in-house
- Ability to run searches on company, person or country
- Manage search results via separate tabs for quick review process
- Report builder to quickly save results with annotation/audit trail
- Admin preferences to pre-configure search screens and settings
- Access via web browser with no plug-ins or downloads
- Comprehensive global content for searching smaller high-risk companies
- Run quick checks on individuals or companies against PEPs/Watchlists
- Easy access to pre-built company reports
- Safeguard against reputational and regulatory risk within a single tool
- Quickly search global lists of terrorists, criminals and sanctioned entities
- All searches time and date stamped, providing an audit trail
- Reduce bribery, fraud, AML, corruption or terrorism risks
- Our solution brings together all the risk intelligence you need
- Simple to use, reducing your investment in training & IT
£20.00 to £45.00 per unit
- Free trial available
8 3 2 7 1 1 1 2 0 1 3 7 3 2 9
+44 (0)207 400 4608
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||There are no service constraints with support for all hardware and software configurations provided. All services available online via Web based platform.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Customer support is provided same day during normal business hours Mon-Fri.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
LexisNexis is committed to providing the highest possible level of support to all of our customers. Standard support (password reset, new user ID etc) is same business day. The support team and account manager will work closely with the contracting authority to ensure the level of support is both appropriate and agreed by way of a service level agreement.
The service level agreement will be consistent with the number of users accessing the service and will cover (but is not limited to):
Customer Service: All queries to be responded to promptly.
Training: All training delivered to be of a high standard.
General: The contracting authority should be satisfied with general support levels and services.
All of the training and support will be agreed in advance and provided without additional charge to the contracting authority.
Access to LexisNexis services do not require a technical account manager or cloud support engineer. Should interface customisation be a requirement this will involve a development team who will seek to fully understand the contracting authorities requirements.
|Support available to third parties||Yes|
Onboarding and offboarding
The account manager and client services team will provide complete set up and access with any agreed customisation of the platform. Working closely with the contracting authority users will be identified and assisted with searches. Typically the on-boarding process can be facilitated quickly and promptly (within 2-5 working days) without unnecessary delay.
Training is part of the on-boarding process and includes:
- Face to face training sessions on-site as required
- Online via Screen sharing
- Via tutorials, online guides and FAQ’s
LexisNexis shall provide an implementation plan setting out activities to be completed in order to provide the service, together with the anticipated service commencement date.
|End-of-contract data extraction||
Prior to the expiration of the service the account manager will work with the contracting authority to ensure all users have retained any searches and/or content that may be required.
No additional data will be retained or accessible by LexisNexis.
All user ID's and passwords will be deleted on the end date of the call off agreement.
The contract call off agreement will list the monthly charges applicable based on the permitted user banding.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Independence of resources||The services offered are provided by the LexisNexis Rosetta platform which currently supports some 4.3 million subscribers from more than 100 countries operating 24 hours a day 365 days a year. The impact of UK based searches simultaneously upon our service would not present even a minor spike in overall usage, nor have any effect on performance of the service to users.|
|Service usage metrics||Yes|
Usage statistics and service metrics include as standard (but are not limited to):
Usage by title, source, Individual user activity, Number of searches performed,
and user alerts/newsletters.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Following the operation of a search, users are taken to the results page where options are presented to enable users:
Print and print preview,
Email as a link back to the original document and
save to local drive in the following formats:
Microsoft Word (.doc),
Generic .RTF and
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||HTTPS is enabled by default but can be overridden by the customer. Our servers will default to the strongest encryption protocol common to the browser and the server, which will be TLS 1.2.|
|Data protection within supplier network||
|Other protection within supplier network||TLS v 1.2 for internal connections via the web interface. Secure transport protocols for internal non-web based access to back end for administration.|
Availability and resilience
Users of LexisNexis services span multiple servers and operating systems. The Rosetta online services platform, which includes the Nexis® solution, averages 99.8% for availability and reliability.
The services shall be deemed available when authorised users are able to access and utilise all the functions of the online news information service. The service shall be accessible on a 24 x 7 x 365 basis (excluding scheduled maintenance periods).
Availability shall be measured as a percentage of the total time in a calendar month. Where availability falls below the agreed service level (to be defined within the call off order) service credit points may apply. These points will be applied as credits to the subsequent months invoice from when the service level was not met.
|Approach to resilience||Further information on service resilience is available on request. This may be subject to mutual NDA dependent on the level of information required.|
Although extremely rare, should an unplanned outage of our services occur all authorised users who are affected will be notified by email. This alert will advise of the issue, pending resolution and regular status update alerts will follow.
In the unlikely event that the primary data centre becomes inoperable, a business continuity plan is in place to ensure that the online services remain available to users. During any recovery process, we will work directly with users to ensure information needs are met in a timely manner.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Registered users may access LexisNexis services directly via secure URL (https) with username and password. Alternatively users may be authenticated via registered IP.|
|Access restrictions in management interfaces and support channels||
In order to maintain a secure service, users of LexisNexis services are authenticated before being allowed to perform management activities, report faults or request changes to the service. Support channels (such as telephone or email) verify user account details prior to provisioning new service elements, managing user accounts and managing consumer data.
Lists of authorised permitted users are managed by the subscriber and any special instructions on permitted user rights are determined from the outset of the service.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We are not ISO/IEC27001 accredited/certified, however our information security program and policies are aligned with the ISO/IEC27001 standards.|
|Information security policies and processes||
All LexisNexis Information security policies are created and approved by our Information Security Council (ISC). This is made up of the CISOs from across the RELX Group. Each CISO is responsible for enforcing those policies across their particular part of the business.
Managers are responsible for informing employees, contractors and vendors about information security policies within their functional areas and departments.
An IT security incident management process is in place and the reporting structure includes (but is not limited to) executive management, HR and Legal.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Our change management process covers all changes made to configurations items. For changes that impact stakeholders or other systems approvals are needed before any changes can be made. These are overseen by our CCB. As appropriate security impact assessments are completed prior to change approval.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Monthly scans are performed and tracked through mitigation. We additionally harden our systems in accordance with the CIS benchmarks. Patches are regularly deployed upon release and in accordance with the criticality and potential system impacts.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||IDS/IPS and firewall as well as host based logs are sent both to an MSSP as well as an internal SEIM. Incident response plans exist and are followed in response to any suspected indicator of compromise. Response is immediate in order to determine validity of the indicator and impacted systems; the speed of the response is situation specific.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Users report incident through different systems based on the incident time. For example, users can submit suspicious email through an add-in within their outlook client. Our helpdesk as well as security reporting emails may be used. We have playbooks for common events. And reporting is dependent on the audience.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£20.00 to £45.00 per unit|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Trial access is provided after an initial discussion to assess the requirements. Trial access will provide access as per the brief and will include full functionality of the Lexis Diligence platform.
Alerts and user preferences will expire at the end of the trial period of up to 14 days.