FDM plc

Hi-mail Hybrid Mail

FDM plc is one of the UK’s leading print and mail companies. Our hybrid mail solution, Hi-mail®, allows you to print & post all of your documents directly from your PC, Laptop, Smartphone or Tablet for up to 70% less than your existing print and postage costs.


  • Live Document Tracking
  • Custom Print & Mailing Profiles
  • Document Automation Flow
  • Built in Document Library
  • Same Day Mailing
  • Document Archiving
  • Dedicated Support Portal
  • Group, Team and User Management
  • Granular MI Reporting
  • Brand & Document Control


  • Safe & secure data encryption
  • Save up to 70% on your print and mailing costs
  • No set-up costs - only pay for what you send
  • Fully scalable for teams big and small
  • Fully detailed, itemised reporting on a user-by-user basis
  • NHS HSCN Approved
  • Simple pricing structure and volume discounts
  • Free support and technical assistance
  • Built by industry experts for over 25 years
  • Specialists in Local Government & Public Sector requirements


£0.34 to £1.16 per unit

Service documents

G-Cloud 10


FDM plc

Iain Bloomfield



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Minimum system requirements: Windows XP / OSX Mountain Lion or above. Minimum 5mb Hard Disk Space
System requirements
  • Internet Connection required
  • PDF Viewer (Abode Acrobat or similar)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Average response times Mon - Fri = 18 minutes.
Average response times Sat - Sun = 30 minutes.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Live web chat has been tested by regular users with assisted technologies.
Onsite support Onsite support
Support levels We provide a fully featured support service as standard to all clients which allows users and administrators to access a range of technical support options including:

Online and offline documentation.
Live web chat services with a technical engineer or user support agent
Web support ticketing service
Email support ticketing service
Telephone support service

Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.

All clients receive the same level of support at no additional cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Initial account set-ups are completed by the Hi-mail support team with a range of onsite training, online training and user documentation options provided for all new accounts.

An initial consultation is undertaken with each new account to determine the best method of training solutions and then these are customised to suit each clients needs.

These includes quick start guides, user guides and administrator guides in both PDF and online formats as well as an E-Learning suite of services that allow users to learn at their own pace whilst being guided through the key features of the software.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data can be extracted by Account Administrators using the built in user interface or by request from one of the Hi-mail Technical Engineers.
End-of-contract process At the end of a contract FDM will initiate our end of contract procedure in accordance with our Data protection Procedures and ISO27001 guidelines.

This process is managed by the clients dedicated Account Manager and ensures that all data is securely destroyed and documented.

In accordance with Principle Five of the Data Protection Act 1998, FDM ensures that all personal data, in any format is retained for no longer than necessary. All data classified as ‘Confidential’ (i.e all raw client personal data) is retained by FDM for a period of three months, after which it is deleted beyond recovery, unless specifically requested by the client to retain the data for a longer or shorter period.

Data that is classified as ‘Restricted’ is retained by FDM according to purpose and requirement. When managing all information classified as ‘Confidential’ or ‘Restricted’ on behalf of a client, the relevant FDM Client Account Manager is considered the ‘Data Owner’ and therefore responsible for it’s handling in accordance with this policy.

Data in both electronic and printed formats must be deleted or destroyed according to the schedule as outlined in our ISO27001 Data protection procedure policy which is available on request.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The virtual print driver is only available on desktop devices. Users of mobile and tablet devices must use either the web-portal upload option or the network folder upload options unless connected to a remote working PC.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our interface has been tested by regular users and industry standard tools with assistive technology turned on.
Customisation available Yes
Description of customisation Administrators can customise a variety of features and accessibility options within the service for each user, account, sub-account or user group.

Each user is also assigned a profile that can be customised to enable them to adjust the working interface of the software to their specific needs.


Independence of resources The Hi-mail service has been built to be fully scalable and has sufficient measures built in to ensure that users are not impacted by increases or spikes in usage. These include a range of partitioned hybrid servers, dedicated high-speed fibre connections and scalable database architecture.


Service usage metrics Yes
Metrics types The Hi-mail service monitors all account usage and a variety of reports can be exported at any time by users with sufficient administrative access.

More detailed server reports can also be requested from the Hi-mail Technical Support team as required.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported from a variety of reporting functions within the software. Filtering and search features allow users to look up specific criteria of data from their account history and export these for local download.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • RTF
  • Word

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Hi-mail's uptime is monitored 24 hours a day using a 3rd party software monitoring service and is available to view online at any time.

System availability is guaranteed at 99.9%
Approach to resilience This information is available upon request.
Outage reporting Hi-mail is monitored 24 hours a day by 2 separate systems. Together these systems provide us with a range of downtime reporting services including:

Detailed email notifications
Publish Dashboard
Log file recoding and notification system

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All management interfaces and support channels are restricted to authorised personnel only.
Users who require access to management interfaces must be requested and approved by a Hi-mail engineer or senior Account Manager who can then grant access. Access is then restricted by either VPN connection, 2-factor authentication or 3 part password system.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BM Trada
ISO/IEC 27001 accreditation date November 2017
What the ISO/IEC 27001 doesn’t cover All operations are covered by ISO27001
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self Accredited
PCI DSS accreditation date Re-accredited May 2018
What the PCI DSS doesn’t cover Nothing relevant to this service.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes FDM is fully accredited to ISO27001 standards and is regularly audited to ensure continued compliance. We are also accredited to Information Governance Toolkit level 2 and HSCN compliant.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach FDM's research and development process runs on a bi-annual basis and is governed by our data protection and ISO27001 and ISO9001 policies. Our change management process includes processes for new development testing, risk analysis and security considerations for each new development stage. This is then backed up detailed change log documentation which is made available to all clients at least 4 weeks prior to any new software deployments.
Vulnerability management type Supplier-defined controls
Vulnerability management approach FDM's network and services are monitored by a third party security service that remotely apply all patches as soon as they become available ensuring that our services are kept up to date and protected from all potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach FDM's services are monitored 24/7 by a Cisco ASA firewall and threat defence system that logs and alerts us to all suspicious activity including (but not limited to) unknown or failed login attempts, failed network access attempts and suspicious IP address activity.

Our third party security monitoring partners also monitor our network 24 hours a day and have engineers on hand to deal with any potential threats or compromises within 30 minutes.
Incident management type Supplier-defined controls
Incident management approach All incidents are assessed on potential data security and risk to service criteria. Users can report incidents using and of the document technical support methods and are then logged for future reporting.

All incidents are then investigated within 30 minutes of initial notification for source and solution. Incident reports can be provided upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.34 to £1.16 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Initial account set-up, user set-up, document testing, document assessment, training materials and user guides are included in the free trial. There is time limit on the free trial as all accounts are placed in 'Test mode' to allow you to trial the system for as long as needed.
Link to free trial https://www.fdmplc.com/hi-mail-sign-up-now/?source=G%20Cloud%2010


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑