Hybrid Mail Solutions Ltd

Hybrid Mail Me

Hybrid Mail Me is a cloud-based hybrid-mail-management-system that enables users to arrange mailings of any size with an internet connection or through a mobile device. Hybrid Mail Me offers desktop print-driver, API and web portal access. Data transmitted via secure HTTPS.


  • Safe and secure
  • Secure encryption and transmission
  • Works with existing software
  • Simple integration
  • Wide range of submission methods, API/Print Client & Web Portal
  • Full audit trail & 24 hour availability
  • Accurate addressing by Royal Mail PAF
  • Document integrity from 2D Barcodes
  • Detailed management information
  • Extracting document references


  • Reduced Production and Postage costs
  • Reduced investment
  • Reduced maintenance costs
  • Increased productivity/longer production windows
  • Increased document integrity
  • Improved management information
  • Improved document quality
  • Faster communications
  • Immediate 24/7 access
  • Managed Service approach


£0.04 to £1.70 per user per year

Service documents

G-Cloud 11


Hybrid Mail Solutions Ltd

Colum Courtney



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Hybrid Mail Me is a print and mail service which can be added on to a client relationship management system to facilitate mailing.
Cloud deployment model Private cloud
Service constraints Works on all systems except MAC's.
System requirements
  • Computer with Internet access
  • Microsoft Internet Explorer 6 or above, Firefox, Safari, Chrome
  • Internet browser scripts enabled.*
  • Internet browser pop-ups enabled.^
  • PDF application for previewing mail

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Questions are responded to by our UK based customer service team immediately within 3 rings. The team are available from 8.30am to 5.30pm Monday to Friday. Response times are typically 1 hour. We are also available out of hours via email and if emergency via phone at extra cost.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels All support after setup is via phone, email or online via teamviewer. Calls are answered within 3 rings and emails are responded to within 1 hour. Our target is to close queries with first point of contact. If this is not possible we escalate to software support and our technical support engineers. Support within hours doesn't cost. Out of hours at weekend and bank holidays is at a cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All chosen Users of the Service will be provided with their own login/Service Access Credentials. Hybrid Mail Solutions Ltd. provide on-site training. This training can be tailored to suit the client either in one-to-one sessions, group sessions or ‘train the trainer’ sessions. HybridMail's training sessions should take no longer than 1 hour per user.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The HybridMailMe system does not store data beyond a 90-day period. The system can remove data automatcially by the timeline requested. i.e. every 30 days if requested. Users upload data from their own systems and keep complete control of their templates at all times. Users can choose to delete their account at any time, at which point the deletion process will commence. HybridMailMe is not used as a storage facility for files, however templates can be stored within the stock library and downloaded or deleted by the user as required. Once the contract ends the users, groups and organisation is removed from the system deleting all data and structures.
End-of-contract process Exiting from our standard HybridMailMe service incurs no charges or fees. Any special requests with regards to the exiting process would be dealt with on a client-by-client basis. In accordance with General Data Protection Requirements, we will ensure that: Data and Digital Assets will be deleted, Login Credentials will be deleted, Software and existing system communication mechanisms will be deactivated.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service You can only access the web portal through the mobile and not utilise the print driver and API.
Service interface Yes
Description of service interface API
Accessibility standards None or don’t know
Description of accessibility We do not meet any of the accessibility standards
Accessibility testing We do not meet any of the accessibility standards
What users can and can't do using the API The API provides the same Hybrid Mail functionality that is available through the web portal. The API Drop Client document can be found at https://hybridmailme.com/downloads/index.aspx HybridMailMe secure API allows you to send A4 letters, from a click of a button within clients own computer systems. HybridMailMe creates a Hybrid of electronic and physical mail by transmitting an electronic document and mailing list to us, where we print and mail it as real post. The HybridMailMe API allows you to add a Hybrid Mail service right into your own systems and workflows. The API is a SOAP-based web-service allowing the creation, proofing and confirmation of orders for mailings of letters. Documents (PDF or Word files) are submitted as files. Address lists may be selected by name, submitted as a file (CSV, XLS, XLSX, Tab delimited, fixed length fields etc.) or added as individual addresses. API allows for different templates to be applied to letters and system rules can define a simplex, duplex, mono or colour letter. Attachments can be added to the API letter if required. Limitations are the attachment needs to be an extractable PDF attachment not a scanned image.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The webportal, API, and print client can be white label at a cost.


Independence of resources Our sites have been designed and operate specifically for the purpose of high volume printing. We produced millions of documents and mailed over millions envelopes throughout our time in business. Our print and enclosing capabilities enable us to seamlessly incorporate new commitments into our existing workload and allow us ample headroom to manage unexpected or short turnaround requirements. We monitor utilisation and spare capacity and invest in new equipment as soon as we reach 85% utilisation in peak periods. In advance of equipment reaching end of lease, vendors are engaged to ensure continual upgrade in quality and efficiency.


Service usage metrics Yes
Metrics types Reporting is done through automated management information reports sent daily, weekly, monthly or adhoc as requested. User can log in and track mail online from printing to enveloping to archiving.
Files are accessed via HybridMailMe and Admin users can view sanctions and templates.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Print client and API allows users to send their data across.
HybridMailMe Drop Folder Client is an application that monitors folders on your computer for letter files. If a file is moved into one of these folders it will be submitted to the HybridMailMe server for printing and posting.
The Drop Folder Client is primarily intended to receive the output of systems that generate large volumes of letters, often in bursts. Files are sent across via sftp/https and encrypted to 256BIT.
Data export formats
  • CSV
  • Other
Other data export formats
  • WORD
  • PDF
  • Flat Files
  • Xml Files
Data import formats
  • CSV
  • Other
Other data import formats
  • Mail Merge
  • WORD
  • PDF
  • Xml Formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA states users can access our system 24/7 to send mail. In all our times of business we have not being out of service for longer than 5 minutes over the course of any year. If our system is down for software upgrades it does not impact the end user as files are sent across to our secure failover site in South West Comms and from there the files are retrieve and processed. There are no refunds as we do no charge for the service. User's only pay for the mail they send.
When a document is sent to HybridMailMe by 3pm its printed and posted same day for UK.
Approach to resilience The HMS servers are hosted within a resilient Tier 4 Data Centre at South West Communications. Tier 4 is most stringent level of which is designed to host mission critical computer systems with fully redundant subsystems and compartmentalised security zones controlled by biometric access controls method. There are two HMS servers; one main and one backup, which are powered by stand-alone generators thus ensuring continued data supply. If a problem is detected, switch over to the backup server will occur. Working collaboratively with a client, HMS will work within any existing Disaster Recovery (DR) and Business Continuity framework to support business critical functions within the company. HMS will manage this process against pre-agreed SLAs covering all types of incidence, and provide a service to match any requirements. HMS operates a number of DR services, at different service levels across multiple contracts. In line with HMS existing contracts, fully effective, robust and tested operational and disaster recovery measures will be agreed and documented in the business continuity plan by HMS and will be reviewed with client every three months.
Outage reporting The API would inform users the system is off with a flashing red light, the service would not transfer files across and the users would see the files in their failed folder or remaining static in the API inbox folder. An email would be generated by the business and a Service Impacting Report would be generated and communicated to all users giving status of outage, update progress report and estimated time to clear.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels As indicate below.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 18/05/2018
What the ISO/IEC 27001 doesn’t cover ISO/IEC 27001 covers mailing, printing and provision of associated services. ISO27001 covers disaster recovery and business continuity.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Penetration Testing Certification
  • ISO 27001
  • Cyber Essentials Plus
  • NHS Data Security and Protection Toolkit compliance

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Hybrid Mail Solutions Managing Director is responsible for security policies and processes in the organisation. The entire organisation down to operational director and production and customer support staff sign off on the security policy and procedures. The security of our data, policies and customer information is top priority at Hybrid Mail Solutions. We are committed to the protection of personal data and the fundamental rights of data subjects, in compliance with relevant laws such as the General Data Protection Regulation (GDPR). In order to support a robust approach to personal data protection and information security in general, Hybrid Mail Solutions has adopted recommendations by supervisory authorities and industry best practices. Hybrid Mail Solutions is ISO27001 certified and accredited. Certificate Number: 14125397. The Hybrid Mail Solutions Servers are hosted within a resilient Tier 4 Data Centre at South West Communications. Tier 4 is most stringent level of security in terms of data control which is designed to host mission critical computer systems with fully redundant subsystems and compartmentalised security zones controlled by biometric access controls method. All staff receive refresher training and sign off on security policies and procedures. HMS has a Quality Management System certified, audited and accredited.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change control is covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerability Management Process is covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Our security online is covered by Bullguard which provides information on antivirus, vulnerabiltiies, threats, backup data, identity protection and security controls.
Protective monitoring type Undisclosed
Protective monitoring approach All risk controls are covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Incident management type Undisclosed
Incident management approach All incident management processes are covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required. All incidents are logged and tracked. Non conformance reports are used as part of the Quality Management System and reviewed at quarterly audit meetings and management reviews for future learning and to mitigate any repeat incidents. Daily operational faults are captured on the fault log and procedures for reporting and capturing faults is available to all staff. Service Affecting Issues are highlighted immediately to directors and operational plan/DR comes into play involving all stakeholders.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)


Price £0.04 to £1.70 per user per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑