G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with CDS are still valid.
CDS

Hybrid Mail and Outbound Communications

CDS and our partner Publisure offer an integrated multi-channel communications platform for outbound communications, incorporarting hybrid mail, SMS, email, web portal capabilities and print and fulfilment from our secure digital facility in Aylesbury. We integrate with virtually any internal application and help to deliver immediate efficiency and cost savings.

Features

  • Hybrid mail automation of desktop, print and post
  • Auditability and full audit trail of all outbound communications
  • Electronic signatures
  • SMS integration
  • Secure email - PIN encrypted
  • Integrated web portal - print, post, emailm SMS or publish
  • Detailed Management Information
  • Automatic registration and authentication
  • Digitises your physical communications
  • Full MailMark integration

Benefits

  • Immediate cash savings
  • Increased auditability and compliance of outbound communications
  • Simple and easy to deploy
  • Automatically digitises your outbound documents
  • Automates and eliminates manual processes
  • Track posted documents via MailMark
  • Generates an archive of our outbound integration
  • Integrates with your existing multi channel applications
  • Provides full MI reporting

Pricing

£1 to £250,000 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.astin@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

4 6 2 8 4 9 9 5 2 6 0 4 4 4 2

Contact

CDS Jonathan Astin
Telephone: 07904 570073
Email: jonathan.astin@cds.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
Then Publisure solution integrates with a range of applications and supports Windows, Citrix and Terminal Services environments and inputs from UNIX environments via 'hot folders' or CUPS integration with the windows print spooler. The solution requires Windows 2012 or above.
System requirements
  • Requires Windows 2012 or above
  • Can be installed in any windows operating environment
  • External firewall changes required if implemented as an outsourced solution
  • Unix Integration via CUPS and Samba share
  • Local Firewall configurations may be required on the Publisure server
  • Supports Delimited datafiles (CSV) or XML inputs
  • Supports PDF or Postscript Inputs
  • PIF/PAF license required for MailMark

User support

Email or online ticketing support
Email or online ticketing
Support response times
Publisure responds to all tickets within 4 hours. Standard support and maintenance is available Monday to Friday between 9.00am and 5.30pm. Extended weekend cover is available as an additional service to the standard Support and Maintenance offering
For full details of response times, please refer to the service definition document.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is provided via Publisure's Helpdesk to agreed SLAs. Response times vary depending on the severity of the issue and range from
- Severity 1 (30 minutes)
- Severity 2 (60 minutes - 2 days)
- Severity 3 (4 hours - 5 days)
- Severity 4 (4 hours).
SLA Explanation
Severity 1 - is usually when the problem is detrimental to the business and is impacting the business directly as a result of Publisure software . Severity 2 - is usually if a server, network, application, database goes down which is causing a business impact to users and the business. Severity 3 - Where a bug is raised as part of the support process, Publisure support will liaise with the development team and provide a synopsis of the problem within 2 working days and a proposed timescale for its resolution, within a reasonable time frame. Severity 4 - Where issues are caused by non Publisure software or environments, some advice will be given and support offered, but with no guarantee of resolution.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CDS provides a tailored on-boarding pathway based on your individual requirements. On-boarding is a collaborative process, involving stakeholder interviews and workshops, through which we will ensure we fully understand your functional and technical requirements. This includes process design, workflow, user experience design, template development, data migration, system integration and hosting.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Publisure provides an open framework for data migration. Data is held in the form of indexed data and associated PDF documents.
On the termination of a contract, the documented Publisure APIs enable the customer to extract all data from the Publisure system. If required Publisure provide consultancy services to help deliver this 'end of life' service.
End-of-contract process
Support of the Publisure interfaces and export APIs is provided as part of a valid support and maintenance contract.
Over and above the standard data extraction tools, any additional consultancy services would be charged separately.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Inputs into the system requires the use of a shared windows print device or the ability to drop a PDF into a 'Hot folder'. These requirements may place some limitations on the use of Mobile devices for submission of documents into the system. However, users can access the user interfaces via supported mobile or desktop Browsers .
Service interface
Yes
Description of service interface
The interfaces are currently undergoing validation and development to meet accessibility standards
Accessibility standards
None or don’t know
Description of accessibility
Testing with assistive technology is being carried out as part of Publisure's ongoing assessment of compatibility standards
Accessibility testing
Testing with assistive technology is being carried out as part of Publisure's ongoing assessment of compatibility standards
API
Yes
What users can and can't do using the API
The solution provides APIs for both inputs and outputs.
The basic Publisure API print driver allows any print enabled application to submit documents into the Publisure system. Publisure also provide a number of pre-configured output APIs. For example, integration with other third party Hybrid Mail solutions providing the customer with a non proprietary platform for automating print and post. Publisure provides a simple scripting language which can be used to create many different forms of output - for example, in addition to our own SMS, secure email and Web Portal applications, the powerful scripting language has been used to create integration with many third party products.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users have the ability to customise the user interfaces using standard resources such as logos, text and third party integrations. These configurations are managed through a standard configuration interface.

Scaling

Independence of resources
The performance of our cloud based services are continually monitored.
We have a detailed scaling model that allows us to scale up or down based on anticipated demand and pro-actively manage the resources available in the Publisure datacentre. The architecture and topology used in the datacentre ensures we have the ability to add additional hardware and software resources on demand.

Analytics

Service usage metrics
Yes
Metrics types
The system provides detailed management information and usage metrics including the name of the originator,workgroup or department, cost centre, recipient, status and delivery method. It also offers a closed loop solution recording how the document was processed, chosen channel and date and time of delivery.
Publisure also provides integrated MailMark capabilities for print and post allowing documents to be tracked through Royal Mail.
Reporting types
  • API access
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Publisure

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
A simple set of Publisure reports allow the customer to extract metadata from the database in either CSV or PDF format.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The cloud option is provided as part of a managed service and benefits from software, support and a secure, fault tolerant (99.95% availability) hosting environment, provided by MemSet (www.memset.com), which is certified to ISO27001.
MemSet use two UK Datacentre located in Reading, Berkshire. Both sites have state-of-the-art facilities, top-quality connectivity and are manned 24/7 with skilled personnel.
Approach to resilience
This Information is available on request
Outage reporting
Alerts are generated by the client software if there is an outage in the datacentre.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Where the software is implemented on client side, authentication is managed through the customers Active Directory configurations and Group Policies. If not directly integrated into Active Directory Publisure utilises Username and Password authentication. Passwords have to conform to agreed standards of complexity. Additionally two step authentication can be implemented requiring the additional use of a security PIN Number.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Publisure have implemented a detailed and robust policy on security governance and are in the final stages of gaining ISO27001 accreditation
Information security policies and processes
As part of our ISO 27001 accreditation we have detailed and documented information security policies, which cover all aspects of information governace.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All hardware and software changes are tracked in accordance with Publisure's ISO27001 policies. In terms of software development we use a structured change management platform BitBucket. This allows Publisure to incrementally manage the development and evolution of our software platforms at an individual component level. Each time a new version of the software is released it undergoes an internal security audit followed by a full penetration testing exercise.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The Publisure architecture and associated technologies have been designed to minimise any potential threat or external vulnerabilities. Publisure rigorously maintain firewall and anti virus software to ensure the system is always up to date with the latest available configurations We assess potential threats to our service by collating information from a number of different sources - Security partners, Specialised Software partners and Infrastructure Provides to ensure we meet ongoing challenges. Patches are deployed as soon as they have been validated, tested and released.
Protective monitoring type
Undisclosed
Protective monitoring approach
Publisure have a policy of continuous improvement and periodically review processes for potential threats. These cover both internal and external services.
Every new version of the software undergoes a full penetration testing exercise before being made available. If a potential threat is identified, the vulnerability is assessed and prioritised . Typically inclidents are responded to within 24 hours.
Incident management type
Undisclosed
Incident management approach
Any problem identified by the customer is logged with the Publisure Help Desk. The Help desk raises a support ticket and provide an incident number. Publisure agree the Incident severity and engage with the customer to reach a resolution within agreed SLA's. For serious incidents, a specific incident report is raised and a thorough review of the incident is undertaken to identify the cause and resolution. These findings together with any additional recommendations are documented and agreed with the customer.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£1 to £250,000 a licence
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.astin@cds.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.