Cloud based Hybrid Mail services
Online drag and drop solution plus SFTP, API integration options
- Desktop 'drag and drop' hybrid mail
- Hybrid mail API, SFTP integration options
- 1st Class, 2nd Class and International delivery
- Letters, large letters and postcards
- Online document archive, print and download features
- High quality 100gsm paper for letters 350gsm for postcards
- Optional leaflet and brochure inserts
- Braille print is available
- Unlimited user accounts
- Documents can be 'held' for approval or removed
- Very easy desktop access - cloud-based
- No setup, license or maintenance fees
- Easily integrated with existing systems
- Saves up to 50% on the cost of mailing letters
- Reduces labour time and costs due to simple upload
- No need for franking machines - reduces cost
- No training necessary - very intuitive thus high adoption rates
- Access to postal discounts to reduce costs
- No minimum volume requirement - simply pay for items posted
- Range of billing options to enable easy reconciliation
£0.43 per unit
- Free trial available
Citipost Mail Limited
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Our service can be linked to any number of legacy systems including (but not limited to) billing, CRM, marketing, revs and bens applications. Connection can be via API or SFTP to fully automate the creation of letters for mailing.|
|Cloud deployment model||Private cloud|
|Service constraints||No constraints. Easy access via Desktop or integration.|
|System requirements||No licenses or special systems requirements|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Typical turnaround time is within 24 hours Monday to Friday.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
We are very happy to provide on-site support for user implementations and training if required.
We also provide on-site project management when APi and SFTP integrations are required.
We provide on-site technical support if required.
All support and assistance is provided at no extra cost.
|Support available to third parties||Yes|
Onboarding and offboarding
A full client analysis and information share needs to be undertaken, so that a full understanding of the clients business needs are gained and we can determine how we can best implement this service into your business. As part of the onboarding process for a bespoke solution, our chosen software partner SDL will work closely with both Digi-Mail and the client to understand the full requirements of the services required and how they can be integrated with the Digi-Mail platform.
Once the client analysis has been undertaken and the complexity of the requirements are understood, a draft proposal will be provided to the client for approval and once agreed, a schedule of work and an implementation timeline will be provided. Full training will be provided to users to ensure that a full understanding of the capabilities are gained.
|End-of-contract data extraction||We will agree the data extraction process on a case by case basis, and in compliance with GDP regulations.|
|End-of-contract process||The price of the service is fully inclusive. Being a portal based service means no had or software installations at the client end and therefore no decommissioning costs.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||
The service is accessible via a web portal at the following address
Each user can access services according to their permissions which are set upon implementation and can also be updated at any time.
Users can upload documents for submission, they can also access a full archive of their documents sent within the last 90 days. All documents are deleted from the archive after 90 days in order to comply with GDPR.
|What users can and can't do using the API||We will work with users to set up our services via API. Users can make change requests and there are no limitations to APi implementations. APi implementations are provided at no extra cost to the user.|
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||Inserts can be customised. Template designs are all held in the user's own domain so there is freedom to make unlimited changes to templates without charge.|
|Independence of resources||
We currently have a small team on our Digi-Mail but as the product grows or our clients’ requirement peak for various times of the year we have a Client Services team of over 15 staff covering all our clients and these have all received training in respect of Digi-Mail therefore the skill set is transferable.
Capacity of our sorting machines is 192,000 items per 8 hour shift, on average we currently receive 100,000 items per day for sorting on the machines. We can staff from other areas of our South Normanton processing centre and have local contracts with staffing agencies.
|Service usage metrics||Yes|
We can provide service usage statistics at user level; department level and organisation level.
we can provide information on quantities, formats and costs mailed under each account.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Users can download their data at an individual user level.
API exports can be set up to transfer organisation level data transfers into a document management system
We will work with users to set up our services via API. Users can make change requests and there are no limitations to APi implementations.
APi implementations are provided at no extra cost to the user.
API documentation is available for data exports
|Data export formats||Other|
|Other data export formats|
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
The two hosting environments we use are each available with a Monthly Uptime Percentage of at least 99.95%. We do not make a charge for access to the portal, and therefore do not offer a refund policy. Users only pay for what is physically mailed.
Elastic Load Balancing automatically distributes incoming application traffic across multiple instances to enable higher levels of availability and performance
Volume data is replicated across multiple servers in an Availability Zone to prevent the loss of data from the failure of any single component.
Volumes are designed for an annual failure rate (AFR) of between 0.1% - 0.2%, where failure refers to a complete or partial loss of the volume, depending on the size and performance of the volume. This makes our hosting environment volumes 20 times more reliable than typical commodity disk drives, which fail with an AFR of around 4%.
The hosting environment is designed to provide 99.999999999% durability of objects over a given year.
|Approach to resilience||
Citipost have a comprehensive IT Disaster recovery planning is a subset of the larger Business Continuity Process and includes planning for resumption of computer Applications, Company Data, Server Hardware, Communications & Telephony services and other IT infrastructure.
Our IT disaster recovery planning covers the protection of all data saved on company network, infrastructure and network services.
The following areas have been considered:
• Single disk failures
• Multiple disk failure
• Unauthorised modification of content
• Data loss
• Software failure for each key piece of software used
• Machine failure for each key piece of equipment on network or used to generate content;
• Multiple machine failure;
• Machine theft for each piece of equipment on network or used to generate content;
• Network security breaches for each device on the delivery network;
• Capacity overload;
• Loss of building through fire, flood etc.
• Local network failure;
• Power failure;
• Loss of internet connection;
• Denial of service attack (when deliberate - or occasionally accidental - action by a third party brings down part or all of our network services).
|Outage reporting||There is a public dashboard which each user has access to, any outage notifications are displayed on here. We would also provide email alerts in the event of any serious outages.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||User access is defined at the point of account creation, the level of visibility for individual users can be defined and agreed with the senior management team.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||04.07.2017|
|What the ISO/IEC 27001 doesn’t cover||NA|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||20/07/2012|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||N/A|
|Who accredited the PCI DSS certification||Worldpay|
|PCI DSS accreditation date||27/04/2018|
|What the PCI DSS doesn’t cover||N/A - PCI compliance is hosted by Worldpay|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The environment we use has the following assurance and compliance programs.
o PCI DSS Level 1 Service Provider
o AICPA SOC 1 audits
o AICPA SOC 2 audits
o AICPA SOC 3 audits
o CSA STAR Registrant
o ISO 27001 certified
o ISO 9001 certified
The cloud platform provides several important benefits to UK organisations and enables you to meet the objectives of the Communications Electronics Security Group’s fourteen Cloud Security Principles for United Kingdom (UK) OFFICIAL classified workloads (whitepaper).
Citipost Mail operate a top down approach to all employees and cascade vital information on security policies to all staff in order to ensure compliance with our ISO27001 accreditation. The Head of Support Services for Citipost Mail is Chris Jones.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All changes are tested in a secure test environment. We communicate changes to customers and then publish changes.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Threats are all identified via our penetration testing. System is also fully secure, any failed login attempts will block the user and send a notification to our admin team. On receipt of the information we assess the risk.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Penetration testing and management processes are managed by our 3rd party supplier. Incidents are responded to within 24 hours.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Email or online ticketing support
Support response times
We provide email support. We aim to provide an initial response within 1hr during working hours Our aim is to fully resolve customer issues within 24hrs
User can report and manage status and priority of support tickets online
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.43 per unit|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||We can provide limited access to trial the service. Any trial would be agreed on a case-by-case basis. there is no 'free access' version of the solution so we would agree terms for a test environment with the user.|