LexisNexis

Lexis Diligence - Enhanced Due Diligence solution

Lexis Diligence brings into one, simple online tool the intelligence to conduct global enhanced due diligence and comply with legislation for anti-money laundering (AML), anti-bribery & corruption (ABC). The solution enables checks on individual or company backgrounds (KYC), negative news, sanctions and politically exposed persons (PEPs) and company litigation history.

Features

  • Access 23,000+ Newspapers, magazines, trade journals and web sources
  • Company reports from 150+ company databases
  • Information covering political and high net-worth individuals
  • WorldCompliance & Info4C Global PEP databases with 1.5M+ entries
  • Legal cases from selected countries and international regions
  • Negative news search either pre-configured or customised in-house
  • Ability to run searches on company, person or country
  • Manage search results via separate tabs for quick review process
  • Report builder to quickly save results with annotation/audit trail
  • Admin preferences to pre-configure search screens and settings

Benefits

  • Access via web browser with no plug-ins or downloads
  • Comprehensive global content for searching smaller high-risk companies
  • Run quick checks on individuals or companies against PEPs/Watchlists
  • Easy access to pre-built company reports
  • Safeguard against reputational and regulatory risk within a single tool
  • Quickly search global lists of terrorists, criminals and sanctioned entities
  • All searches time and date stamped, providing an audit trail
  • Reduce bribery, fraud, AML, corruption or terrorism risks
  • Our solution brings together all the risk intelligence you need
  • Simple to use, reducing your investment in training & IT

Pricing

£20.00 to £45.00 per unit

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

8 3 2 7 1 1 1 2 0 1 3 7 3 2 9

Contact

LexisNexis

Bobby Chadha

+44 (0)207 400 4608

Bobby.Chadha@lexisnexis.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
There are no service constraints with support for all hardware and software configurations provided. All services available online via Web based platform.
System requirements
  • For optimal viewing a screen resolution 1024 by 768 pixels.
  • A TCP/IP connection of suitable speed with Internet access
  • PC: Pentium/233Mhz (or above) Mac: Power PC G3 (or above)
  • Microsoft® Windows® 8.1 running Internet Explorer® 11.0
  • Microsoft® Windows® 7 running Internet Explorer® 11.0 Firefox® Google Chrome™
  • Mac OS® 10.x running Safari™

User support

Email or online ticketing support
Email or online ticketing
Support response times
Customer support is provided same day during normal business hours Mon-Fri.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
LexisNexis is committed to providing the highest possible level of support to all of our customers. Standard support (password reset, new user ID etc) is same business day. The support team and account manager will work closely with the contracting authority to ensure the level of support is both appropriate and agreed by way of a service level agreement.

The service level agreement will be consistent with the number of users accessing the service and will cover (but is not limited to):

Customer Service: All queries to be responded to promptly.

Training: All training delivered to be of a high standard.

General: The contracting authority should be satisfied with general support levels and services.

All of the training and support will be agreed in advance and provided without additional charge to the contracting authority.

Access to LexisNexis services do not require a technical account manager or cloud support engineer. Should interface customisation be a requirement this will involve a development team who will seek to fully understand the contracting authorities requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The account manager and client services team will provide complete set up and access with any agreed customisation of the platform. Working closely with the contracting authority users will be identified and assisted with searches. Typically the on-boarding process can be facilitated quickly and promptly (within 2-5 working days) without unnecessary delay.

Training is part of the on-boarding process and includes:

- Face to face training sessions on-site as required
- Online via Screen sharing
- Via tutorials, online guides and FAQ’s

LexisNexis shall provide an implementation plan setting out activities to be completed in order to provide the service, together with the anticipated service commencement date.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Prior to the expiration of the service the account manager will work with the contracting authority to ensure all users have retained any searches and/or content that may be required.

No additional data will be retained or accessible by LexisNexis.
End-of-contract process
All user ID's and passwords will be deleted on the end date of the call off agreement.

The contract call off agreement will list the monthly charges applicable based on the permitted user banding.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
The services offered are provided by the LexisNexis Rosetta platform which currently supports some 4.3 million subscribers from more than 100 countries operating 24 hours a day 365 days a year. The impact of UK based searches simultaneously upon our service would not present even a minor spike in overall usage, nor have any effect on performance of the service to users.

Analytics

Service usage metrics
Yes
Metrics types
Usage statistics and service metrics include as standard (but are not limited to):

Usage by title, source, Individual user activity, Number of searches performed,
and user alerts/newsletters.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Following the operation of a search, users are taken to the results page where options are presented to enable users:

Print and print preview,
Email as a link back to the original document and
save to local drive in the following formats:
Microsoft Word (.doc),
HTML ,
Generic .RTF and
PDF
Data export formats
Other
Other data export formats
  • HTML
  • Word (.doc)
  • PDF
  • Rich Text Format (.rtf)
Data import formats
Other
Other data import formats
  • Excel (.xls)
  • HTML
  • Word (.doc)
  • Rich Text Format (.rtf)

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
HTTPS is enabled by default but can be overridden by the customer. Our servers will default to the strongest encryption protocol common to the browser and the server, which will be TLS 1.2.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
TLS v 1.2 for internal connections via the web interface. Secure transport protocols for internal non-web based access to back end for administration.

Availability and resilience

Guaranteed availability
Users of LexisNexis services span multiple servers and operating systems. The Rosetta online services platform, which includes the Nexis® solution, averages 99.8% for availability and reliability.

The services shall be deemed available when authorised users are able to access and utilise all the functions of the online news information service. The service shall be accessible on a 24 x 7 x 365 basis (excluding scheduled maintenance periods).

Availability shall be measured as a percentage of the total time in a calendar month. Where availability falls below the agreed service level (to be defined within the call off order) service credit points may apply. These points will be applied as credits to the subsequent months invoice from when the service level was not met.
Approach to resilience
Further information on service resilience is available on request. This may be subject to mutual NDA dependent on the level of information required.
Outage reporting
Although extremely rare, should an unplanned outage of our services occur all authorised users who are affected will be notified by email. This alert will advise of the issue, pending resolution and regular status update alerts will follow.

In the unlikely event that the primary data centre becomes inoperable, a business continuity plan is in place to ensure that the online services remain available to users. During any recovery process, we will work directly with users to ensure information needs are met in a timely manner.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Registered users may access LexisNexis services directly via secure URL (https) with username and password. Alternatively users may be authenticated via registered IP.
Access restrictions in management interfaces and support channels
In order to maintain a secure service, users of LexisNexis services are authenticated before being allowed to perform management activities, report faults or request changes to the service. Support channels (such as telephone or email) verify user account details prior to provisioning new service elements, managing user accounts and managing consumer data.

Lists of authorised permitted users are managed by the subscriber and any special instructions on permitted user rights are determined from the outset of the service.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • SSAE-16
  • SOC1
  • SOC3

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We are not ISO/IEC27001 accredited/certified, however our information security program and policies are aligned with the ISO/IEC27001 standards.
Information security policies and processes
All LexisNexis Information security policies are created and approved by our Information Security Council (ISC). This is made up of the CISOs from across the RELX Group. Each CISO is responsible for enforcing those policies across their particular part of the business.

Managers are responsible for informing employees, contractors and vendors about information security policies within their functional areas and departments.

An IT security incident management process is in place and the reporting structure includes (but is not limited to) executive management, HR and Legal.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our change management process covers all changes made to configurations items. For changes that impact stakeholders or other systems approvals are needed before any changes can be made. These are overseen by our CCB. As appropriate security impact assessments are completed prior to change approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Monthly scans are performed and tracked through mitigation. We additionally harden our systems in accordance with the CIS benchmarks. Patches are regularly deployed upon release and in accordance with the criticality and potential system impacts.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
IDS/IPS and firewall as well as host based logs are sent both to an MSSP as well as an internal SEIM. Incident response plans exist and are followed in response to any suspected indicator of compromise. Response is immediate in order to determine validity of the indicator and impacted systems; the speed of the response is situation specific.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Users report incident through different systems based on the incident time. For example, users can submit suspicious email through an add-in within their outlook client. Our helpdesk as well as security reporting emails may be used. We have playbooks for common events. And reporting is dependent on the audience.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20.00 to £45.00 per unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Trial access is provided after an initial discussion to assess the requirements. Trial access will provide access as per the brief and will include full functionality of the Lexis Diligence platform.

Alerts and user preferences will expire at the end of the trial period of up to 14 days.

Service documents

Return to top ↑