Swiss Post Solutions

Swiss Post Solutions Hybrid Mail

Allows printing and posting letters from desktops by routing them digitally to SPS’ plants for off-site printing and posting via lower cost Downstream Access mail. Optionally, letters can be printed/enveloped in-house by the client,then relayed to SPS for posting, removing the need for franking and reducing postage costs.


  • Improved workflow and document production efficiency
  • Lower transaction costs and access to postal discounts
  • Secure and scalable cloud based service
  • Intuitive single-click print process for service users
  • Printing of e-signatures and logos
  • Ability to review and hold for authorisation before printing
  • Supports direct bulk mail input
  • Track and trace, detailed management information and disaster recovery cover
  • Digital output file provided with meta data
  • ISO certified environment (27001,14001, 9001)


  • Immediate postal savings (approx.40%) and low set up costs
  • Reduced spend in house print and mail
  • Insight into printing costs across organisation
  • Reduces time spent on print (>30%) increase personal productivity
  • Improved access to information, supports mobile/remote working
  • No IT integration required and reduced calls to helpdesk
  • No impact on delivery times
  • Audit trail on all items - proof of post date
  • Reduced carbon footprint (40-50%) by moving to efficient print platform


£0.012 per unit

Service documents


G-Cloud 11

Service ID

5 0 0 5 6 0 3 7 8 5 7 0 2 3 1


Swiss Post Solutions

Brett Champion

07909 996860

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints At this time, there are no foreseen service constraints that buyers should know about.
System requirements
  • Print driver is required to be installed on client site
  • Users have anti-virus Softare installed on their devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Varied on Clients requirements
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels We have a Service Centre (Help Desk) included as part of our service. The normal operating hours of our Service Centre are 8am to 6pm but clients have the ability to submit a query/ticket between 7am and 8am via our online Service Centre Plus online system. Anything received between 7am and 8am will be picked up by the Help Desk staff at 8am. Should this not be sufficient, we are happy to look at bespoke options for specific clients. Our support engineers are on hand to assit users with a range of queries and tickets are raised for all queries which are monitored to resolution. Oher than our Service Centre Plus online system, support queries can also be sent in by email, phone or fax.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started All chosen Users of the Service will be provided with their own login/Service Access Credentials. SPS adopts the train-the-trainer approach to product training. User guides will also be provided.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A specific Data extraction plan will be planned and agreed with the customer. Depending on the agreed data extraction plan, will depend on the method of data extraction. All data extraction methods are secure and inline with ISO27001 procedure
End-of-contract process Exit fee's will be discussed and agreed with the client on each contractual basis before contract signature. Depending on the clients requirements regarding Contract exit and termination, will depend on what happens at the end of the contract

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation All customisations of all SPS Services will be explored and agreed with the buyer prior to contract. Client themselves are unable to make ad-hoc customisation with SPS' Solution


Independence of resources SPS has invested heavily into all its services to ensure the system capacities are built and designed to manage and operate whilst large volumes of users are accessing and using the system.


Service usage metrics Yes
Metrics types Yes, we provide full Management Information reporting. The system records detailed information to provide comprehensive qualitative and quantitative MI reporting. Reports are typically periodic and are emailed directly to authorised requesting users.
A typical report profile would include:
• Daily throughput reports – usually broken down to department and users
• Weekly usage by user – again by department and users
• Monthly reports – these supplement the standard reports giving breakdowns by other criteria such as stationery, inserts and can often include graphical elements such as a “heat map” showing where packs have been sent.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach Customer authored Data is encrypted at rest for all cloud services. When hard disks are taken out of service they are demagnetised and destroyed on site. Our sites are accredited annually to ISO27001.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is transferred via a print driver for our Ad Hoc Hybrid Mail solution or as a data file via SFTP for our Bulk Transactional Print Hybrid Mail solution
Data export formats Other
Other data export formats SFTP
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks All communication between clients and our Hybrid Mail server is encrypted using SSL/TLS. Additional asymmetric encryption is also applied at a document level with a new key pair being generated for each document transmitted. All customer-facing servers negotiate a secure session using SSL/TLS with client machines, securing the data in transit. This applies to various protocols such as HTTP(S), POP3, etc.Microsoft has support for strong encryption using TLS1.2 across all workloads. The use of TLS/SSL establishes a highly secure client-to-server connection to help provide data confidentiality and integrity between the desktop and the data centre.
Data protection within supplier network Other
Other protection within supplier network Supplier-Defined process audited and certified to ITHC standard.

Availability and resilience

Availability and resilience
Guaranteed availability SPS meets target service levels set at between 99.6% and 100%. We can provide details of SLA and service level credits are agreed with clients on a case by case basis
Approach to resilience Available on request
Outage reporting Email alerts from the SPS Support Team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Username and password as well as authorisation levels are assigned to all users of the system.Allowing users with higher level of authority to access management interfaces and support channels
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS
ISO/IEC 27001 accreditation date 16/09/16
What the ISO/IEC 27001 doesn’t cover What is Covered in SPS ISO/IEC Certification;

Information Security relating to hardware, Software, LAN and WAN management, documentation including paper based and digital Customer communications for client facing information, client owned and supplied information and internal processing facilities relating to the provision of central mail rooms including customer locations, document processing centres and head office activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ITHC

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes SPS policies and processes are in line with ISO 27001 accreditation. SPS security policies include;
- Information Security Policy
- Data Protection Policy
- Encryption policy
- Password Policy
- Physical Security policy
- Incident Management and improvement process

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach SPS’ approach to Solution configuration and Risk management is built on recognised principles of change management and is again closely aligned with the principles of PRINCE2. SPS’ risk assessment and change management process ensures that there are regular reviews of any potential risks during the development pipeline of the solution and at the very least a one-time review of risks associated with any changes made to the solution throughout its lifetime. From this review, necessary preventive and / or contingency actions will be identified and passed to detailed work planning, including an update of the solution pipeline.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The compliance team within SPS are responsible for the internal auditing of all processes and procedures. This includes undertaking with our information security manager information security risk assessments and risk treatment plans, looking at all critical assets and processes, alongside a Business Impact Assessment and BC Risk Assessment a Business, looking at critical business systems and processes. This is all then followed up by internal and external audits covering all parts of the certificated standards to ensure that SPS is working to their own internal processes and controls and we are able to maintain 9001, 14001, 27001 certifications.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The respective asset owners are responsible for arranging for the controls to be implemented effectively; this would typically include defining the controls in policies and/or procedures, so that they can become part of everyday business practice. Asset owners are responsible also for the management of any risks which are not specifically addressed in the Risk Assessment. The SPS Risk Assessment and Risk Treatment plan document is structured by using the Asset List to identify the threats to each asset. Each threat and consequent risk is quantified. We further analyse this information for all significant risks and their respective controls.
Incident management type Supplier-defined controls
Incident management approach SPS' procedure provides guidance on the handling of security incidents, breaches or suspected incidents and breaches.This policy applies to all SPS systems and sites and to all SPS staff, temps, contractors and third parties working on behalf of SPS. Once the incident has been identified and contained, efforts can then be focused on finding an appropriate solution. The fundamental features of any solution should be investigation, action and follow-up/record-keeping; the order in which they are implemented depends upon the nature of the incident.
The Services Director, assisted by the Compliance manager, will initiate the appropriate investigation.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.012 per unit
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑