Service Definition
Thomson Reuters Federated Search (Solcara) is designed to enable easy integration and searching across internal systems and online services. It can be
used to integrate the searching of multiple online databases and services. The online resources which can be searched include legal services such as
Westlaw, Lawtel, Lexis Library, Practical Law Company (PLC), BAILII, Legislation.gov, News, Social Media, Blogs and many other services.
It has been successfully deployed in leading UK and Irish law firms and Local and Central Government legal teams where it is referred to as “Solcara Legal
Search” or “Solcara Know How”. In these environments it supports lawyers with a single search across all essential internal and external online legal
information services. In addition to the core search service an additional alerting module can be deployed. This enables users or administrators to save and
schedule searches. When searches are then rerun automatically users will receive alerts on new results found.
INFORMATION ASSURANCE
Information security is of paramount importance to Thomson Reuters and we have implemented a global ISO 27001 and 9001 certification programme with
BSI, to certify our major data centres and their product delivery systems. Accredited to IL 1/2.
BACK-UP RESTORE & DISASTER RECOVERY
Corporate systems will have appropriate BCPDR and will be tested as part of Corporate Governance.
Thomson Reuters Business Continuity Planning occurs at the site and business unit level. Site level plans exist for Tier 1 sites and are updated annually.
Thomson Reuters policy defines the following BCM principles, guidelines and minimum standards for the organization as:



BS25999-1:2006 (Code of Practice)
BS25999-2:2007 (Specification)
The Business Continuity Institute’s Good Practice Guidelines (2008).
DRII Generally Accepted Practices (2007): The Business Continuity Management Office (BCMO) is a team dedicated to providing governance, counsel and
support to all Thomson Reuters sites. Senior leadership, as well as members of the BCMO, are certified through the DRII or other related professional
organisations. Critical processes are prioritised by Recovery Time Objective (RTO) and based on the business units’ Business Impact Analysis (BIA). Local
Incident Management Teams use this information to determine recovery priority at the time of an incident. Multiple recovery strategy options addressing
work area recovery are available. Global Security along with Facilities lead the emergency response activities. Their procedures prompt initial
communications and other site and business unit level recovery activities, including communications. Generally, the Corporate Communications Plan then
directs communications activities. Wherever possible, site and business unit level recovery plans have identified alternate leaders.
Business Continuity Plans are invoked when an incident disrupts business as usual. The Local Incident Management Team determines if BC Plans should be
invoked and communicates this to senior business leadership, who then direct their departments accordingly. Internal communications (employees) are
handled via the Incident Management Teams by the assigned Communications person. External Communications are handled by the business to better
address the issues for those audiences.
Site plans are tested per the BCMO Standards; frequency is based on tier level. Exercises include scheduled table top walkthroughs and Emergency
Notification System tests. BC Plans (business unit level) are tested via scheduled tabletop walkthroughs. Business Units are also encouraged to test their
recovery strategy (working from home, transferring work to other location) where appropriate. Per the BCM standard, DR Plans are to be tested on a
regular frequency based on criticality. Testing strategies include structured walkthroughs, fail-over (simulated or live) and controlled power down testing.
Local Incident Management Team (LIMT): Each site has a Local Incident Management Plan and team and they are brought together in the case of any
incident. These plans are documented and tested on a regular basis using a combination of walkthroughs and exercises.
Each Business unit has a Business Continuity Management Plan and runs exercises on a regular basis.
BCPDR Incident Management: BCPDR Incidents are managed by Global Security who will coordinate resources and notify relevant people using our
Emergency Notification System (ENS). We also have an Emergency Information Line (EIL) for providing information to users in the event of an incident.
There is a London wide Incident Management Plan for any event that impacts more than one location in London.
Recovery Location: We have a 3rd Party recovery site which can be invoked in the case of a location being unavailable for any reason. This has capacity for
200 users and provides connectivity to the corporate network along with computers and telephony.
Application Business Continuity and Disaster Recovery: Each application has an appropriate Disaster Recovery plan, depending on the results of a BIA and
Risk Assessment.
ON-BOARDING AND OFF BOARDING PROCESSES/SCOPE
The service is offered via a secure website with the initial setup and training included in the price.
The service is typically offered with an initial three year agreement and can be cancelled thereafter or renewed annually after the initial term.
PRICING
Pricing is not based on consumption units but number of users. An entry level price is £6,750 per annum for up to 10 users with a £65 charge per user
beyond this. Discounts are offered for large numbers of users with the price per user dropping as the number of users increases. Prices are subject to
annual reviews in December of each year.
SERVICE MANAGEMENT DETAILS
We continually invest in upgrading our products with the newest and best technologies. Our proven services and project management methodologies are
adapted to respond to the changing needs of our customers. We continuously seek our customers' input to innovate business solutions for their fastchanging and complex workplace.
SERVICE CONSTRAINTS
The service is designed to be available 24hrs a day with minimal downtime for system maintenance or upgrades. Search responses should be as quick as
those from the online services integrated, with results from the fastest resources displaying as soon as they are returned.
SERVICE LEVELS
Support Hours: Business hours are Monday to Friday (excluding UK Public Holidays) between the hours of 09:00 and 17:30 UK Time, during which time staff
are available to respond to requests by email or telephone.
Severity Definitions: as a guide our response times are:
Severity Codes
1
2
3
4
Description
A live production system is down
Suspected high impact condition associated with the application
Intermittent or low impact condition
Question concerning the application or its usage
Target Response Times
2 working hrs
4 working hrs
Within 3 working days
Within 5 working days
FINANCIAL RECOMPENSE MODEL FOR NOT MEETING SERVICE LEVELS
To be agreed on a customer by customer basis.
TRAINING
The service is offered via a secure website with the initial setup and training included in the price. Additional training can be provided on request through
consultancy services delivered face to face or via webex (or similar). Data and user migration services can also be offered through additional consultancy
services.
ORDERING AND INVOICING PROCESS
To order, contact your existing Thomson Reuters Account Manager or Laurent Briant, Head of Central Government (Phone: 020 7393 7842; Mobile: 07717
834 923; laurent.briant@thomsonreuters.com)
Invoicing arrangements to be agreed between the parties, as appropriate to requirements and scope.
TERMINATION TERMS
The service is typically offered with an initial three year agreement and can be cancelled thereafter or renewed annually after the initial term. No specific
termination charges if terminated at the end of the licence period.
DATA RESTORATION / SERVICE MIGRATION
This service to be agreed directly with the client on a case by case basis.
CONSUMER RESPONSIBILITIES
The Client shall (in addition to any other obligations imposed on it by any Services Agreement):
 make available to personnel such office and secretarial services as may be necessary for the provisions of the Services;
 ensure that its employees co-operate with us in relation to the provision of the Services; and
 promptly furnish us with such information and documents as it may reasonably request for the proper performance of its obligations hereunder.
Save where the Services are provided on a fixed price basis or unless otherwise specified in the Order Form, the Client agrees to be responsible for the
management and control of the Services, and to make available to us an authorised representative who shall:
 be authorised to make or procure binding decisions for the Client with regard to this Agreement, including any change to the Services or other
variation hereto; and
 review all documents that are provided by us for review hereunder so that corrections or changes may be made by us.
The Client shall be responsible for obtaining all necessary consents, licences, registrations, certificates and permissions necessary to enable us and the
Client to perform their obligations under any Services Agreement.
TECHNICAL REQUIREMENTS
The Service can be deployed on the following infrastructure:
 Minimum Dual-Core 2.0GHz Xeon Processor
 Minimum 2GB RAM, 40GB HDD
 Windows 2003 Server Standard Edition or newer operating system
 Internet Information Services (IIS) 6.0 or higher
 Microsoft .NET Framework 2.0
 Microsoft SQL Server 2005 Standard Editions or newer Database System, with Full-Text indexing enabled (preferably installed on a separate server
of similar specification)
The Solcara software can connect to other internal and external information systems. Integrations with internal databases, document management
systems, SMTP server and Active Directory can be agreed with the Client. To access external systems the software can be configured with proxy information
for internet access. Connection management can be applied to control the volume of requests from the Service to connected systems where bandwidth
considerations are in place. Delivery is through client-side browsers and requires no local software installation.
DETAILS OF ANY TRIAL SERVICE AVAILABLE
Trials can be setup with prior agreement. Users can also Trial within a “deployed service”.
DATA LOCATION
We have data centres in multiple locations including, UK and Ireland and we can accommodate consumer requirements for EU hosting.
DATA CENTRE TIER
Thomson Reuters Data Centres are Tier 3. All our data centres are secure with appropriate access controls in place on a 24/7 basis and our policy is based
on the following:
1. Application hardware must be securely isolated in a separate cage, or at a minimum, in a separate locked rack.
2. There must be appropriate devices in place to detect and suppress threats to a building environment. For example, fire detection and suppression
devices and water detection devices if needed.
3. Building space must be allocated in such a way as to guarantee component resilience against localised building failure. To be specific, an ‘a side’
component must reside in a completely different space from a ‘b side’ component so that a localised failure impacting one side will not impact the
other.
4. It is expected that building spaces will be designed with appropriate protection so that a failure in one area of the building cannot spread to
another. Examples of possible failure include fire, flood and contamination.
5. It is expected that as further space is allocated to other infrastructures within a data centre there will be appropriate controls in place to ensure
there is no threat to the infrastructure already in place.
6. If physical tapes are used for data backup it must be possible to store them on site within a fire proof safe and to forward them to an alternative
location.
7. Power and cooling supply services must be provided on a 24/7 basis.
8. There must be appropriate controls in place to guarantee both power and cooling continuity. This should include safeguards to ensure power and
cooling demands do not exceed supply, power supply to components available from two independent supplies, uninterruptable power supply,
power suppliers from local utilities routed into the building through more than one entry point, sufficient generator capacity to pick up the loading
should there be a failure of an external utility, 24/7 monitoring to detect and resolve power and cooling failure, and appropriate power and cooling
component resilience.
9. Skilled staff should be available on site to carry out installation and maintenance of physical components as required on a 24/7 basis. This could
include for example; servers, network components, data backup and restore capabilities and cabling.
10. There must be clear and simple standards to ensure physical components are implemented without impeding access to other components and that
maintenance can be carried out without risk of misidentification or physical error.
11. All physical components must be clearly labelled, there should be no exceptions.
12. If there is a failure on site staff must be able to provide accurate information on the state of a physical component and carry out given instruction.
13. It must be possible at all times to physically repair or replace a failed component within a few hours, preferably less than 4 hours.
14. On site staff must also be provided to carry out regular duties such as floor walks to identify possible failure or changing backup tapes as instructed.
15. It must be possible to carry out the secure destruction of any component hosting secure data.
16. Appropriate records must be kept enabling any component to be located and to keep track of power and cooling requirements.
OTHER CLIENT SOFTWARE THAT MAYBE USED WITH THE SERVICE
Solcara integrates well with most document management and database systems, intranets and SharePoint where the software is installed locally. As part of
an implementation project plan, the project team can create an integration plan for the client.
OPEN STANDARDS AND OPEN SOURCE
Open standards such as HTTP, RSS and XML are used by the service. Open Source software is not used in our service.
SUPPORT BOUNDARIES AND/OR INTERFACES
Support is offered via help facilities on the service/site along with email and helpdesk support based in the UK Monday to Friday.
PERFORMANCE ATTRIBUTES
Solcara is aligned with industry standards and is highly reliable for daily operations. We work closely with clients to optimise Solcara’s performance in
relation to the client’s environment. The response times and uptime performance of the Solcara application depend greatly on the installed hardware and
network infrastructure. Techniques such as clustering and load balancing can be utilised to provide for high availability, scalability, and performance. In a
typical production environment end-users can expect up to 99% uptime and screen response in under two seconds for most application functions except
where data is being retrieved from a third party system. We work with the client’s IT staff to determine the hardware and network configuration required
for their specific environment.
Self service provisioning/de-provisioning
The site/service has an administration interface that can allow for additional resources and additional users to be added – subject to appropriate training
and licensing agreements being in place.
For any “service” users can self-register and verify to gain access to service, or the “administrators” control the scope of the service and would be needed to
setup new instances/sites if required.
PROVISIONING / DE-PROVISIONING THE SERVICE FROM THE POINT OF ORDER
The service is typically available within 2-3 weeks of order, subject to specific requirements relating to resources required and branding.
THIN CLIENT MODES THAT CAN BE USED WITH THE SERVICE
The service is solely accessed using an internet browser.