Service Definition Thomson Reuters Legal Matter Management service (Serengeti Tracker) is the highest rated legal matter management, e-billing and analytics system designed for inhouse legal departments. It is easy to implement and to use offering inhouse legal departments a clear view of their entire legal landscape, enabling them to identify, assess and even predict problems before they occur. With one integrated and secure Saas system, you can track time and money, projects and productivity, inhouse activity and outside expenditure. Serengeti tracker is used in more than 189 countries and by more than 570 inhouse law departments. INFORMATION ASSURANCE Information security is of paramount importance to Thomson Reuters and we have implemented a global ISO 27001 and 9001 certification programme with BSI, to certify our major data centres and their product delivery systems. Accredited to IL 1/2. BACK-UP RESTORE & DISASTER RECOVERY Thomson Reuters Business Continuity Planning occurs at the site and business unit level. Site level plans exist for Tier 1 sites and are updated annually. Thomson Reuters policy defines the following BCM principles, guidelines and minimum standards for the organization as: BS25999-1:2006 (Code of Practice) BS25999-2:2007 (Specification) The Business Continuity Institute s Good Practice Guidelines (2008). DRII Generally Accepted Practices (2007): The Business Continuity Management Office (BCMO) is a team dedicated to providing governance, counsel and support to all Thomson Reuters sites. Senior leadership, as well as members of the BCMO, are certified through the DRII or other related professional organizations. Critical processes are prioritised by Recovery Time Objective (RTO) and based on the business units Business Impact Analysis (BIA). Local Incident Management Teams use this information to determine recovery priority at the time of an incident. Multiple recovery strategy options addressing work area recovery are available. Global Security along with Facilities lead the emergency response activities. Their procedures prompt initial communications and other site and business unit level recovery activities, including communications. Generally, the Corporate Communications Plan then directs communications activities. Wherever possible, site and business unit level recovery plans have identified alternate leaders. Business Continuity Plans are invoked when an incident disrupts business as usual. The Local Incident Management Team determines if BC Plans should be invoked and communicates this to senior business leadership, who then direct their departments accordingly. Internal communications (employees) are handled via the Incident Management Teams by the assigned Communications person. External Communications are handled by the business to better address the issues for those audiences.
Site plans are tested per the BCMO Standards; frequency is based on tier level. Exercises include scheduled table top walkthroughs and Emergency Notification System tests. BC Plans (business unit level) are tested via scheduled tabletop walkthroughs. Business Units are also encouraged to test their recovery strategy (working from home, transferring work to other location) where appropriate. Per the BCM standard, DR Plans are to be tested on a regular frequency based on criticality. Testing strategies include structured walkthroughs, fail-over (simulated or live) and controlled power down testing. Local Incident Management Team (LIMT): Each site has a Local Incident Management Plan and team and they are brought together in the case of any incident. These plans are documented and tested on a regular basis using a combination of walkthroughs and exercises. Each Business unit has a Business Continuity Management Plan and runs exercises on a regular basis. BCPDR Incident Management: BCPDR Incidents are managed by Global Security who will coordinate resources and notify relevant people using our Emergency Notification System (ENS). We also have an Emergency Information Line (EIL) for providing information to users in the event of an incident. There is a London wide Incident Management Plan for any event that impacts more than one location in London. Recovery Location: We have a 3 rd Party recovery site which can be invoked in the case of a location being unavailable for any reason. This has capacity for 200 users and provides connectivity to the corporate network along with computers and telephony. Application Business Continuity and Disaster Recovery: Each application has an appropriate Disaster Recovery plan, depending on the results of a BIA and Risk Assessment. Corporate systems will have appropriate BCPDR and will be tested as part of Corporate Governance. ON-BOARDING AND OFF BOARDING PROCESSES/SCOPE The service is offered via a secure website with the initial setup and training included in the price. The service is typically offered with a one or two year agreement and can be cancelled thereafter or renewed annually after the initial term. On cancellation all data is returned in accordance with SLAs contained in contract. PRICING Serengeti is priced based on average annual legal spend. Typically we take between 0.5% and 1.5% of your average annual legal spend and charge this as a 12 month subscription payable monthly. As part of the pre-sales process we share the Serengeti calculator with you and provide estimates based on good faith assumptions of your spend. The resource element for Serengeti, which covers consultancy, on-site implementation and training, is optional and the price is negotiated with the client depending on the scope of work.
SERVICE MANAGEMENT DETAILS We continually invest in upgrading our products with the newest and best technologies. Our proven services and project management methodologies are adapted to respond to the changing needs of our customers. We continuously seek our customers' input to innovate business solutions for their fast-changing and complex workplace. SERVICE CONSTRAINTS The price paid includes all support and maintenance upgrades. Serengeti is highly configurable but we do not permit any code changes to the system. SERVICE LEVELS Except for scheduled maintenance periods Serengeti Tracker is available for online processing 24 hours a day 7 days a week. If necessary Serengeti may take Serengeti Tracker offline for scheduled maintenance during following times: Major (Saturday 8am to Sunday 8am Pacific Time) Minor every day from 9pm to 12am (Pacific time). If Serengeti Tracker becomes unavailable and requires unscheduled maintenance, Serengeti shall attempt to post a notice of the unscheduled maintenance on the web pages available to Customer and its law firms. FINANCIAL RECOMPENSE MODEL FOR NOT MEETING SERVICE LEVELS This to be agreed on a customer by customer basis. TRAINING Serengeti will provide reference materials in electronic format at no charge, including Implementation Checklist and Guide, Quick Reference Guides for Users, Company Administrators and Accounting Code Reviewers, Quick Reference Guides for Law Firm lawyers and staff, Law Firm Billing Managers and Law Firm Administrators. Standard implementation or configuration of the system is included as part of the subscription price but is charged as an extra month s fee. Serengeti will provide any further customised material, data entry or conversion services or on-site training on a time and materials basis if requested in writing. Serengeti provides unlimited virtual one-hour training sessions for users and law firm users at specified times each week. The training sessions are open enrollment and subject to availability. ORDERING AND INVOICING PROCESS To order, contact your existing Thomson Reuters Account Manager or Laurent Briant, Head of Central Government (Phone: 020 7393 7842; Mobile: 07717 834 923; laurent.briant@thomsonreuters.com) Invoicing arrangements to be agreed between the parties, as appropriate to requirements and scope. TERMINATION TERMS Termination by either party is by notice in writing; notice period to be agreed between the parties, as appropriate to requirements and scope.
DATA RESTORATION / SERVICE MIGRATION This service to be agreed directly with the client on a case-by-case basis and set out in contract terms dependant on client requirements and Serengeti s resource capability. CONSUMER RESPONSIBILITIES Consumer agrees that only authorised users working on legal matters access the system and that no 3 rd party access is granted for those not working on legal matters. There is no liability on either side for mis-use of system. There is also protection for any disclosed confidential information on either side unless under situations set-out in contract. TECHNICAL REQUIREMENTS Serengeti is accessed by a secure hosted internet site. Client s need access to the internet via common browsers with up-to-date versions. There are no client-side local installations and all data is held in the cloud. DETAILS OF ANY TRIAL SERVICE AVAILABLE There is no ability to trial Serengeti Tracker although we can provide access to a sandbox (cut of live system) to experience usage, functionality and test scenarios. DATA LOCATION We have data centres in multiple locations including, UK and Ireland and we can accommodate consumer requirements for EU hosting. DATA CENTRE TIER Thomson Reuters Data Centres are Tier 3. All our data centres are secure with appropriate access controls in place on a 24/7 basis and our policy is based on the following: 1. Application hardware must be securely isolated in a separate cage, or at a minimum, in a separate locked rack. 2. There must be appropriate devices in place to detect and suppress threats to a building environment. For example, fire detection and suppression devices and water detection devices if needed. 3. Building space must be allocated in such a way as to guarantee component resilience against localised building failure. To be specific, an a side component must reside in a completely different space from a b side component so that a localised failure impacting one side will not impact the other. 4. It is expected that building spaces will be designed with appropriate protection so that a failure in one area of the building cannot spread to another. Examples of possible failure include fire, flood and contamination. 5. It is expected that as further space is allocated to other infrastructures within a data centre there will be appropriate controls in place to ensure there is no threat to the infrastructure already in place. 6. If physical tapes are used for data backup it must be possible to store them on site within a fire proof safe and to forward them to an alternative location. 7. Power and cooling supply services must be provided on a 24/7 basis. 8. There must be appropriate controls in place to guarantee both power and cooling continuity. This should include safeguards to ensure power and cooling demands do not exceed supply, power supply to components available from two independent supplies, uninterruptable power supply, power suppliers from local utilities routed into the building through more than one entry point, sufficient generator capacity to pick up the loading should there be a failure of an external utility, 24/7 monitoring to detect and resolve power and cooling failure, and appropriate power and cooling component resilience.
9. Skilled staff should be available on site to carry out installation and maintenance of physical components as required on a 24/7 basis. This could include for example; servers, network components, data backup and restore capabilities and cabling. 10. There must be clear and simple standards to ensure physical components are implemented without impeding access to other components and that maintenance can be carried out without risk of misidentification or physical error. 11. All physical components must be clearly labelled, there should be no exceptions. 12. If there is a failure on site staff must be able to provide accurate information on the state of a physical component and carry out given instruction. 13. It must be possible at all times to physically repair or replace a failed component within a few hours, preferably less than 4 hours. 14. On site staff must also be provided to carry out regular duties such as floor walks to identify possible failure or changing backup tapes as instructed. 15. It must be possible to carry out the secure destruction of any component hosting secure data. 16. Appropriate records must be kept enabling any component to be located and to keep track of power and cooling requirements. OTHER CLIENT SOFTWARE THAT MAYBE USED WITH THE SERVICE Integrates well with most accounts payable systems and other document management systems can be used in parallel or in conjunction with Serengeti without integration or a direct link. OPEN STANDARDS Open standards such as HTTP, RSS and XML are used by the service. OPEN SOURCE Open Source software is not used in our service. SUPPORT BOUNDARIES AND/OR INTERFACES Support is offered via help facilities on the service/site along with email and helpdesk support based in the UK and USA Monday to Friday. Individual customers are provided account managers who will also take feedback and provide strategic support. PERFORMANCE ATTRIBUTES Serengeti is aligned with industry standards and is highly reliable for daily operations. We work closely with clients to optimise Serengeti s performance via configuration in relation to the client s environment. Serengeti is a hosted and cloud based solution and which we monitor and maintain daily and scheduled maintenance details and SLAs regarding performance/downtime are provided in the contract. SELF SERVICE PROVISIONING/DE-PROVISIONING The service has an administration interface that can allow for additional users to be added or removed from projects as required, including internal staff and external law firms. Serengeti is sold on an unlimited licence basis meaning that any and all users required by the organisation are given access without a change to the subscription price. Subscription price is driven by spend going through the system not users.
PROVISIONING / DE-PROVISIONING THE SERVICE FROM THE POINT OF ORDER We will provide rapid provisioning and de-provisioning of Serengeti. Provisioning on completion of scheduled implementation. De-provisioning based on timely cancellation notice as per agreed contractual terms. Data return is governed by SLAs, also contained in standard contract terms and conditions. THIN CLIENT MODES THAT CAN BE USED WITH THE SERVICE The service is solely accessed using an internet browser. It is a hosted cloud based solution and no code changes are permitted.