allpay Limited

allpay Print

allpay Print designs, prints and despatches corporate stationery, flyers, posters and marketing collateral via online ordering to more than 850 clients from the public and private sectors and prints and despatches nearly 3 million individual print items per annum.

Features

  • All print produced on one UK site, dedicated account management
  • Graphic design service available
  • Latest digital and litho print and mailing equipment and technology
  • Highly trained and motivated staff
  • Proven track record in public sector
  • Safe remote access using Secure File Transfer (SFTP)
  • Environmental control over the whole process
  • Choice of delivery methods, also Direct Mailing
  • Economies of scale pricing
  • Online over the cloud ordering and management

Benefits

  • No third party involvement gives full control
  • Quality guaranteed, ISO 9001, Cyber Essentials Plus, ISO 27001 accredited
  • Total customer commitment with audited processes
  • User friendly and flexible services
  • No software installation or maintenance required
  • Secure 24-hour cloud based access for data or proofing
  • Maximise cost savings through variable, volume-based pricing structure
  • Helps you achieve environmental credentials - paper PEFC-sourced
  • Company with over 20 years’ experience in the business

Pricing

£0.43 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@allpay.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 8 4 3 3 2 8 7 7 0 4 8 9 6 8

Contact

allpay Limited Ailsa Tuck
Telephone: 01432852404
Email: tenders@allpay.net

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Any planned maintenance will be carried out outside of the normal working day to minimise any disruption to the service. Clients will be made aware of any planned work prior to commencement.
System requirements
  • The solution is browser baesd with only internet access required
  • The solution is compatible with IE9 and above
  • The solution is compatible with Chrome 24 and above
  • The solution is compatible with Safari 9, Firefox 18
  • The solution is compatible with Opera 15 and above
  • The solution is browser based with only internet access required

User support

Email or online ticketing support
Email or online ticketing
Support response times
UK in-house Customer Service Contact Centre (CSCC) team is available between 08:00 and 18:00 Monday to Friday for both client and payer queries.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Allpay Print would consider any request for support but most of its interaction - due to the service it provides - is electronic. If any onsite support was required, it would discuss any costs involved directly with the client.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Allpay Print will appoint a contract manager and deputy for any work requested. The dedicated manager will liaise and work with the client team to ensure smooth delivery and provide management reports to the client on a weekly basis, providing clarity on how the contract is performing, whilst also giving information on live orders and delivery performance.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Allpay Print will work with clients to ensure a smooth exit once the contact ends. Any client data will be returned in the format requested either via SFTP or securely via management portals.
End-of-contract process
The contract price covers the setting up of the service as agreed. If the contract has run its intended or extended term or for any other agreed reason we would return client data (as detailed in the previous question). We would offer (subject to the exact requirement) any assistance we can to allow a smooth exit and transfer to any new supplier.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Each print and design item request is fully customisable, as are printing options, finishes, mailing, designs and paper.

Scaling

Independence of resources
Allpay Print uses a number of utilisation tools to monitor its networks and associated equipment to ensure that all of its clients receive service in accordance with the agreed Service Levels expected. An automated reporting and monitoring process is in place for all platforms, with alert messaging provided to key business stakeholders at certain capacity thresholds. As the service components and client applications can be run on multiple servers and separate services, the architecture is inherently scalable. As such, the solution can easily grow onto multiple servers across data centres making the system horizontally scalable.

Analytics

Service usage metrics
Yes
Metrics types
Reports are presented to clients on a bespoke basis discussed at time of order. 24 Design & Print will generate reports to meet client requirements. Generally, these take the form of weekly reports on all work in progress and projects.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Allpay Print would expect orders and copy to be transmitted over the portal via Secure File Transfer Protocol.

Uploads of Word, CSV, or PDF documents are accepted, but bespoke methods of transmission can be discussed.
Data export formats
Other
Other data export formats
  • PDF
  • Word
Data import formats
Other
Other data import formats
  • PDF
  • Word

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Online portal: 99.5% availability excluding downtime required for planned upgrade and maintenance.

allpay Print has the following standard SLAs (these can be negotiated). These would typically be reviewed at the performance review meetings e.g. monthly/quarterly. If performance falls short of the required standards, allpay Print would seek to remediate the performance through internal management.

On receipt of content to receipt of electronic proof - 1 Working day
On receipt of amended content to receipt of electronic proof - 1 Working day
On receipt of approved proof to order conformation - Same day
On receipt of amended artwork to receipt of amended proof - 1 Working day
On receipt of the approved purchase order to delivery - 3 working days (subject to complexity and negotiation)
Approach to resilience
Allpay Print has in place contingency measures should an unexpected event occur and has a comprehensive Business Continuity and Disaster Recovery plan in place.

This is tested regularly with the results recorded and audited in line with ISO 9001 and includes maintenance of our print equipment.

All equipment has a maintenance regime that is recorded and this is verified by internal and external audits. We have between 10-12 audits per annum undertaken by external auditors, to measure against ISO, PCI DSS Card Production, Financial Conduct Authority (FCA), Visa and Mastercard compliance rules and accreditation, and itself undertakes c.40 internal audits of processes and procedures to ensure on-going quality and compliance.

allpay Print has five different printing presses available, across multiple sites separated by at least 50 metres, ensuring contingency measures are in place in case of machine breakdown. allpay Print also has SLAs with its machine suppliers that guarantee that an engineer will be on-site within two hours of breakdown.
Outage reporting
Any client-affecting outage will be reported by email and telephone depending on the severity of the situation.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Access to 24 Design & Print's management portals is authenticated via username and password and via key authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
04/12/2017
What the ISO/IEC 27001 doesn’t cover
The accreditation covers all aspects of 24 Design & Print's IT and Security.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • Mastercard and Visa accreditation
  • DPA Registration
  • ISO 9001
  • Authorised as Electronic Money Institution (Financial Conduct Authority)
  • ISO 27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Allpay Print operate a fully documented and audited Security Information Policy and ISO 27001 accreditation. The Head of Compliance has overall responsibility for ensuring that the policy is followed who reports to the board of directors on any related matters. A copy of the policy can be provided on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Allpay Print uses a Software Development Life Cycle (SDLC) – a series of steps that provides a model for the development and lifecycle management of an application/software. Further to this, 24D&P has technical implementation plans and a change control board to verify changes prior to release into production. allpay Print uses an Agile development methodology and conforms to OWASP (Open Web Application Security Project). Developers also have training in secure coding techniques. allpay Print internally code reviews all major applications and revisions against such criteria as the OWASP top 10. Practices comply with ISO 27001 and Cyber Essentials Plus.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Allpay Print performs monthly internal and external vulnerability scans as required by PCI. Internal auditors review systems as required and in conjunction with the 24 D&P audit plan devised to maintain compliance with ISO 27001 & PCI standards. IT Operations have implemented various tools to monitor the health of the network, e.g. Ops Manager, Apps Manager, Tripwire, SIEM, IPS/IDS, Sophos Suite etc. Checks are made for patches and updates daily, once alerted to a new patch, IT Support will download and review the new patch within four hours of its knowledge of release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Vulnerability scans are run against the network infrastructure for devices on a scheduled periodic basis and reports are generated on the vulnerabilities identified across the assets in each network zone. In response to any identified compromise, allpay Print has a fully documented and audited Information Security Response Plan that covers all reports of information security weaknesses or events relating to any of the organisation’s information assets. This is available on request. allpay Print has in place SLAs for incident response management, detailing fix times, response times and interval updates for critical and high impact incidents. These are available on request.
Incident management type
Supplier-defined controls
Incident management approach
Allpay Print has pre-defined processes in place for incident management. This is inline with ISO 27001. allpay Print's Information Security Policy Handbook provides a framework for the management of information security to minimise risk (this is available on request). The high-level procedure for responding to any security incident is as follows:
• Advise Head of Compliance
• Commence investigations
• Submit Security Incident form
• Identify and implement resolution
• Produce report
• Update documentation
• Advise management.

Incident reports are available to clients through allpay Print.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.43 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@allpay.net. Tell them what format you need. It will help if you say what assistive technology you use.