Hybrid Mail Solutions Ltd

Hybrid Mail Me

Hybrid Mail Me is a cloud-based hybrid-mail-management-system that enables users to arrange mailings of any size with an internet connection or through a mobile device. Hybrid Mail Me offers desktop print-driver, API and web portal access. Data transmitted via secure HTTPS.

Features

  • Safe and secure
  • Secure encryption and transmission
  • Works with existing software
  • Simple integration
  • Wide range of submission methods, API/Print Client & Web Portal
  • Full audit trail & 24 hour availability
  • Accurate addressing by Royal Mail PAF
  • Document integrity from 2D Barcodes
  • Detailed management information
  • Extracting document references

Benefits

  • Reduced Production and Postage costs
  • Reduced investment
  • Reduced maintenance costs
  • Increased productivity/longer production windows
  • Increased document integrity
  • Improved management information
  • Improved document quality
  • Faster communications
  • Immediate 24/7 access
  • Managed Service approach

Pricing

£0.04 to £1.70 per user per year

Service documents

Framework

G-Cloud 11

Service ID

1 1 9 4 6 0 1 4 6 8 6 0 4 4 4

Contact

Hybrid Mail Solutions Ltd

Colum Courtney

02867723100

columcourtney@hybridmailsolutions.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Hybrid Mail Me is a print and mail service which can be added on to a client relationship management system to facilitate mailing.
Cloud deployment model
Private cloud
Service constraints
Works on all systems except MAC's.
System requirements
  • Computer with Internet access
  • Microsoft Internet Explorer 6 or above, Firefox, Safari, Chrome
  • Internet browser scripts enabled.*
  • Internet browser pop-ups enabled.^
  • PDF application for previewing mail

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions are responded to by our UK based customer service team immediately within 3 rings. The team are available from 8.30am to 5.30pm Monday to Friday. Response times are typically 1 hour. We are also available out of hours via email and if emergency via phone at extra cost.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
All support after setup is via phone, email or online via teamviewer. Calls are answered within 3 rings and emails are responded to within 1 hour. Our target is to close queries with first point of contact. If this is not possible we escalate to software support and our technical support engineers. Support within hours doesn't cost. Out of hours at weekend and bank holidays is at a cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All chosen Users of the Service will be provided with their own login/Service Access Credentials. Hybrid Mail Solutions Ltd. provide on-site training. This training can be tailored to suit the client either in one-to-one sessions, group sessions or ‘train the trainer’ sessions. HybridMail's training sessions should take no longer than 1 hour per user.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The HybridMailMe system does not store data beyond a 90-day period. The system can remove data automatcially by the timeline requested. i.e. every 30 days if requested. Users upload data from their own systems and keep complete control of their templates at all times. Users can choose to delete their account at any time, at which point the deletion process will commence. HybridMailMe is not used as a storage facility for files, however templates can be stored within the stock library and downloaded or deleted by the user as required. Once the contract ends the users, groups and organisation is removed from the system deleting all data and structures.
End-of-contract process
Exiting from our standard HybridMailMe service incurs no charges or fees. Any special requests with regards to the exiting process would be dealt with on a client-by-client basis. In accordance with General Data Protection Requirements, we will ensure that: Data and Digital Assets will be deleted, Login Credentials will be deleted, Software and existing system communication mechanisms will be deactivated.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
You can only access the web portal through the mobile and not utilise the print driver and API.
Service interface
Yes
Description of service interface
API
Accessibility standards
None or don’t know
Description of accessibility
We do not meet any of the accessibility standards
Accessibility testing
We do not meet any of the accessibility standards
API
Yes
What users can and can't do using the API
The API provides the same Hybrid Mail functionality that is available through the web portal. The API Drop Client document can be found at https://hybridmailme.com/downloads/index.aspx HybridMailMe secure API allows you to send A4 letters, from a click of a button within clients own computer systems. HybridMailMe creates a Hybrid of electronic and physical mail by transmitting an electronic document and mailing list to us, where we print and mail it as real post. The HybridMailMe API allows you to add a Hybrid Mail service right into your own systems and workflows. The API is a SOAP-based web-service allowing the creation, proofing and confirmation of orders for mailings of letters. Documents (PDF or Word files) are submitted as files. Address lists may be selected by name, submitted as a file (CSV, XLS, XLSX, Tab delimited, fixed length fields etc.) or added as individual addresses. API allows for different templates to be applied to letters and system rules can define a simplex, duplex, mono or colour letter. Attachments can be added to the API letter if required. Limitations are the attachment needs to be an extractable PDF attachment not a scanned image.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The webportal, API, and print client can be white label at a cost.

Scaling

Independence of resources
Our sites have been designed and operate specifically for the purpose of high volume printing. We produced millions of documents and mailed over millions envelopes throughout our time in business. Our print and enclosing capabilities enable us to seamlessly incorporate new commitments into our existing workload and allow us ample headroom to manage unexpected or short turnaround requirements. We monitor utilisation and spare capacity and invest in new equipment as soon as we reach 85% utilisation in peak periods. In advance of equipment reaching end of lease, vendors are engaged to ensure continual upgrade in quality and efficiency.

Analytics

Service usage metrics
Yes
Metrics types
Reporting is done through automated management information reports sent daily, weekly, monthly or adhoc as requested. User can log in and track mail online from printing to enveloping to archiving.
Files are accessed via HybridMailMe and Admin users can view sanctions and templates.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Print client and API allows users to send their data across.
HybridMailMe Drop Folder Client is an application that monitors folders on your computer for letter files. If a file is moved into one of these folders it will be submitted to the HybridMailMe server for printing and posting.
The Drop Folder Client is primarily intended to receive the output of systems that generate large volumes of letters, often in bursts. Files are sent across via sftp/https and encrypted to 256BIT.
Data export formats
  • CSV
  • Other
Other data export formats
  • WORD
  • PDF
  • Flat Files
  • Xml Files
Data import formats
  • CSV
  • Other
Other data import formats
  • Mail Merge
  • WORD
  • PDF
  • Xml Formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Our SLA states users can access our system 24/7 to send mail. In all our times of business we have not being out of service for longer than 5 minutes over the course of any year. If our system is down for software upgrades it does not impact the end user as files are sent across to our secure failover site in South West Comms and from there the files are retrieve and processed. There are no refunds as we do no charge for the service. User's only pay for the mail they send.
When a document is sent to HybridMailMe by 3pm its printed and posted same day for UK.
Approach to resilience
The HMS servers are hosted within a resilient Tier 4 Data Centre at South West Communications. Tier 4 is most stringent level of which is designed to host mission critical computer systems with fully redundant subsystems and compartmentalised security zones controlled by biometric access controls method. There are two HMS servers; one main and one backup, which are powered by stand-alone generators thus ensuring continued data supply. If a problem is detected, switch over to the backup server will occur. Working collaboratively with a client, HMS will work within any existing Disaster Recovery (DR) and Business Continuity framework to support business critical functions within the company. HMS will manage this process against pre-agreed SLAs covering all types of incidence, and provide a service to match any requirements. HMS operates a number of DR services, at different service levels across multiple contracts. In line with HMS existing contracts, fully effective, robust and tested operational and disaster recovery measures will be agreed and documented in the business continuity plan by HMS and will be reviewed with client every three months.
Outage reporting
The API would inform users the system is off with a flashing red light, the service would not transfer files across and the users would see the files in their failed folder or remaining static in the API inbox folder. An email would be generated by the business and a Service Impacting Report would be generated and communicated to all users giving status of outage, update progress report and estimated time to clear.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
As indicate below.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
18/05/2018
What the ISO/IEC 27001 doesn’t cover
ISO/IEC 27001 covers mailing, printing and provision of associated services. ISO27001 covers disaster recovery and business continuity.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Penetration Testing Certification
  • ISO 27001
  • Cyber Essentials Plus
  • NHS Data Security and Protection Toolkit compliance

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Hybrid Mail Solutions Managing Director is responsible for security policies and processes in the organisation. The entire organisation down to operational director and production and customer support staff sign off on the security policy and procedures. The security of our data, policies and customer information is top priority at Hybrid Mail Solutions. We are committed to the protection of personal data and the fundamental rights of data subjects, in compliance with relevant laws such as the General Data Protection Regulation (GDPR). In order to support a robust approach to personal data protection and information security in general, Hybrid Mail Solutions has adopted recommendations by supervisory authorities and industry best practices. Hybrid Mail Solutions is ISO27001 certified and accredited. Certificate Number: 14125397. The Hybrid Mail Solutions Servers are hosted within a resilient Tier 4 Data Centre at South West Communications. Tier 4 is most stringent level of security in terms of data control which is designed to host mission critical computer systems with fully redundant subsystems and compartmentalised security zones controlled by biometric access controls method. All staff receive refresher training and sign off on security policies and procedures. HMS has a Quality Management System certified, audited and accredited.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change control is covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Vulnerability management type
Undisclosed
Vulnerability management approach
Vulnerability Management Process is covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Our security online is covered by Bullguard which provides information on antivirus, vulnerabiltiies, threats, backup data, identity protection and security controls.
Protective monitoring type
Undisclosed
Protective monitoring approach
All risk controls are covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required.
Incident management type
Undisclosed
Incident management approach
All incident management processes are covered as part of our ISO 27001 ISMS procedures, a copy of the procedure can be supplied if required. All incidents are logged and tracked. Non conformance reports are used as part of the Quality Management System and reviewed at quarterly audit meetings and management reviews for future learning and to mitigate any repeat incidents. Daily operational faults are captured on the fault log and procedures for reporting and capturing faults is available to all staff. Service Affecting Issues are highlighted immediately to directors and operational plan/DR comes into play involving all stakeholders.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Pricing

Price
£0.04 to £1.70 per user per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑