Xerox (UK) Ltd

Xerox Hybrid Mail

Automate and simplify your outbound mail via Cloud service or on-premise software that enables lower cost print and mail, and one platform to transform your printed output to digital , enabling electronic communications for your service users.


  • Immediate cost savings (typically 30%+)
  • Track and trace of outbound mail via the software
  • Reduced back office handling of mail (typically 40%+)
  • Ability to send outbound mail electroncially (typically 80%+ saving)
  • Single software platform for all features
  • No IT integration required - although API's available
  • Portal view of electronic documents available as an option


  • User friendly dashboard
  • Secure Cloud service or on-premise software hosting
  • Supports large mailpacks with multiple inserts
  • Add inserts to your mailpacks
  • Pull, hold and review mail items
  • Detailed management information
  • ISO certified environment
  • Personalise your outbound mailings using in-built OCR technology
  • Bulk upload functionality
  • Credible public sector user base


£0.010 per unit

Service documents


G-Cloud 11

Service ID

7 0 2 7 0 9 8 5 5 0 2 5 6 2 3


Xerox (UK) Ltd

John Oster


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None at the present time.
System requirements Printer driver (Client side)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within agreed service levels.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels A minimum of 96% average across the service level measurements of processing of mail, items delivered to the DSA provider, returned items from Royal Mail, accurate and timely management information and accuracy and timely billing by Xerox.

Standard opening hours – 8am to 5:30pm (excluding weekends and UK bank holidays). Xerox will get back to the Customer with an answer or resolution within 24 working hours of receipt of the incident.

Xerox provides an account manager with technical support resources available across Xerox.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Xerox provide user guides and a train-the-trainer approach is deployed. The software also provides help features.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Extract plan would be jointly created by both parties. Note: data not held beyond 60 days by the Supplier.
End-of-contract process See Terms and Conditions of Service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Specifically for viewing online web portal.
Service interface No
Customisation available Yes
Description of customisation Dependent on your business needs, and at additional cost the work can be undertaken by the Supplier. For example, personalisation of web presentment and print drivers.

We offer mailroom assessment services to help customers understand their 'as is' operation and provide 'to be' service improvement recommendations and roadmaps for change.


Independence of resources The service is built to accommodate very large volume of users and load. We regularly monitor the hybrid mail systems and regular health check emails are generated, ensuring the system is adequately resourced.
We have thousands of users running on our hybrid mail service without any problems. If any performance issues are raised or detected, they are fully investigated and the resolution is implemented.


Service usage metrics Yes
Metrics types Available online and emails. Typically covers volumes, usage, inserts, return items etc. Bespoke MI reports can also be created online.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach PDF / XML / XLS / DOC file formats for export.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Word
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • Word
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability If at any time Xerox does not meet minimum of 96% average across the Service Level measurement on any three consecutive quarters in any discrete nine-month period, the Supplier would propose a 0.5% Service Credit of total invoice value (ex. VAT) in which the event of failure occurred.
Approach to resilience The Supplier’s information security management includes a robust business continuity planning process.
Protection for customers through:
• Emergency preparedness: plans that ensure our readiness to respond to an unexpected or unwanted event of a safety, health, or environmental nature that calls for immediate action.
• Crisis management: the overall coordination of our response to a crisis, in an effective, timely manner, with the goal of avoiding or minimising damage to the financial position, reputation, or ability to operate for the Supplier and our Customers.
• Business resumption: documented processes and procedures developed to protect and restore vital end-to-end business processes in the event of a disaster. The primary objective is to minimise the negative effects of a major disruption to business operations in the most feasible and cost-effective manner that will restore the business process and its related sub-processes to normal operations.
• IT disaster recovery: activities and plans designed to return our information and communication systems to an acceptable condition and to minimise loss

The business continuity arrangements are subject to an annual assurance process.

Xerox will ensure that contingency plans for High Impact eventualities are reviewed, measured, and agreed in conjunction with the Customer.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels User name and passwords control levels of access, views and reporting.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Check
ISO/IEC 27001 accreditation date Check
What the ISO/IEC 27001 doesn’t cover Check
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Policies are inline with ISO 27001 and include information security, GDPR, incident management and physical security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management process includes risk assessment and documented changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our software risk procedures are detailed in a ISO27001 Procedure Document which is available on request.

Updates & patches are deployed as soon has they become available, and only deployed when customer authorisation is obtained.

A third party security source complies with the software's CyberEssentialsPlus certification.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Regular system monitoring.

A security incident is raised as detailed in the ISMS Incident Management Procedure - available on request.
Incident management type Supplier-defined controls
Incident management approach Our software's ISO27001 ISMS Incident Management Procedure Document is available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)


Price £0.010 per unit
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑