Stannp Direct Mail Platform
Stannp.com offer a SaaS web based solution to direct mail; offering companies a fully digital, integrated solution to their direct mail needs. With over 30 years experience in printing and mailing, our online platform has thousands of active customers, serviced through our capacity to mail over 50 million items annually.
- Same Day Delivery
- Granular Reporting
- Custom Printing and Multiple Mailing Formats
- Intergrated Platform Mail Tracking
- Dedicated Account Management
- Unlimited Users
- Data Cleaning
- Web Based Access
- Supports API programmatic access
- No volume commitment
- Only pay for what you mail
- Web based- can be accessed on the move
- Simple pricing structure and volume discounts
- International mailings
- Free support and technical assistance
- ISO9001 Quality Standard customer support
- No minimum commitment
£0.32 to £0.88 per unit
Stannp Hybrid Mail
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||30 minute initial response time Monday to Friday 9am-5pm.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||Automated testing|
All clients receive the same level of support at no additional cost.
We provide a full support service as standard to all clients which includes;
Online and offline downloadable documentation.
Live web chat support.
Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.
|Support available to third parties||Yes|
Onboarding and offboarding
All service users have their own unique login. our web wizard guides all users through campaign creation; a new user can go from sign up to print read campaign in just a few minutes.
We provide online training via webchat, support via email and telephone, and a comprehensive suite of user documentation, FAQs, videos and downloadable templates.
|End-of-contract data extraction||
Users are able to directly downloadable their data from our platform at anytime.
Users retain full control of their data within our system, and can amend, download or delete individual records or all of their data as required.
|End-of-contract process||At not additional cost, data will be destroyed inline with our data protection Procedures (available upon request) and ISO27001 guidelines.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile service is identical to desktop service (within the constraints of the capabilities and screen resolution of the device being used).|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Accessible via any standard browser|
|What users can and can't do using the API||
Our APIs provide programmatic access to your Stannp account. Things like configuring campaigns, feeding data and triggering mail pieces to be dispatched can all be achieved using simple yet secure HTTP requests.
We also offer webhook capabilities. Webhooks allow you to subscribe to events that happen within the Stannp Direct Mail platform. We will send a HTTP POST request to the webhook’s configured URL. Webhooks can be used to update any external software or notify you on key events such as the day a mailpiece is expected to be delivered.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Any part of your Direct Mail campaign can be customised by the user on the Stannp.com platform. Text & Images can be added as variable data and dynamically populated in your mail piece, giving full personalisation of your content.
Design features of the mail piece (font, colour, size, etc.) can also be customised within our campaign wizard.
|Independence of resources||
Stannp's cloud based platform was designed from the start with high volumes of simultaneous user access in mind; the system capacities are designed to manage and operate whilst large volumes of users are accessing the system.
We actively monitor system resources and resource utilisation, and can load balance and scale responsively based on user demand.
|Service usage metrics||Yes|
The Stannp platform has a reporting section in the dashboard which displays a summary of campaigns and items that have been dispatched. The reports can be drilled down to an individual mail piece level to see the status of each item.
Audit trails can also be viewed and exported for user activity within the platform.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Stannp is accredited annually to ISO 27001.|
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
All data can be exported on demand from the online dashboard if the user account has the correct authorisation role.
Data can be filtered and searched before exporting. Data exports include recipient data, campaign reports and billing. Any other data that we may hold can be requested.
|Data export formats||CSV|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Stannp uses third party service status monitoring to report the availability of our services. We are cloud based and have load balanced systems in place to ensure maximum service uptime, even during upgrade periods. Our SLA states we our service availability remains above 99%.|
|Approach to resilience||Available on Request|
|Outage reporting||If the service is partially degraded we will include a notification message within our dashboard. We also have a public service status reporting page which is hosted by a third party. We also have API end points to determine the current availability status.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Username and password|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||5th May 2019|
|What the ISO/IEC 27001 doesn’t cover||No out of scope activities|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Barclaycard Data Security Manager|
|PCI DSS accreditation date||29/06/2018|
|What the PCI DSS doesn’t cover||Nothing relevant to this service|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Stannp's policies and processes are in line with our ISO 27001 accreditation.
IS policies and processes include;
- Information Security Policy
- Access Control Policy
- Password Policy
- Virus & Malware Policy
- Application Security Policy
- Vulnerability Assessment Policy
- Information Security Education & Awareness Policy
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We develop in an agile fashion, so we are constantly upgrading the platform with minor feature improvements. It’s common the platform will see weekly production upgrades. Before the upgrades happens, any code changes are automatically tested with our rigorous unit and integrations test suite which ensures we avoid any breaking changes or security vulnerabilities. Software upgrades happen in the cloud without any service disturbance.
The development revision history is maintained in GitHub which stores information on whether each code commit has passed unit tests and has been reviewed to adhere to our standards.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We have internal vulnerability process in pace to maintain our ISO27001 and ISO9001 certifications. Penetration tests are scheduled to run every month on the platform by third party security experts Qualsys. Reports are produced with categorised and scored items that may have been found. All high risk vulnerabilities are acted upon immediately to patched and fix. A rescan is scheduled for proof of the fix.
When developing new software we have code standards and automated unit tests and security alerts in place to mitigate introduction of any new vulnerabilities.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||A firewall protects all access to our servers apart from public facing ports. Stannp use a service which monitors server logs for any suspicious activity such as failed login attempts or URL scanning for popular vulnerabilities. In the event anything being flagged the client is immediately blocked and notification is made to the information security managers. The information security managers assess the risk and allocates the need an urgency to act.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Stannp have a predefined incident management policy with a separated GDPR data breach notification plan and a disaster recovery plan.
Users can easily report incidents using directly to account managers or using traditional contact methods including email, tickets or phone.
Staff have been well trained on how to report incidents to the information security managers.
Information security managers assess the incident report and it's risks using predefined metrics. Detailed incident reports are discussed and emailed to any users affected and the ICO if required.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.32 to £0.88 per unit|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Account set-up, user set-up, document testing,data upload, training materials and user guides are all included in the free trial.
We provide all new sign-ups with a free £1 credit for a trial send at no cost to the user. There is no time limit on the free trial.
|Link to free trial||https://www.stannp.com/register?source=referral-GovUK-Gcloud|