FDM plc

Hi-mail Hybrid Mail

FDM plc is one of the UK’s leading print and mail companies. Our hybrid mail solution, Hi-mail®, allows you to print & post all of your documents directly from your PC, Laptop, Smartphone or Tablet for up to 70% less than your existing print and postage costs.


  • Live Document Tracking
  • Custom Print & Mailing Profiles
  • Document Automation Flow
  • Built in Document Library
  • Same Day Mailing
  • Document Archiving
  • Dedicated Support Portal
  • Group, Team and User Management
  • Granular MI Reporting
  • Brand & Document Control


  • Safe & secure data encryption
  • Save up to 70% on your print and mailing costs
  • No set-up costs - only pay for what you send
  • Fully scalable for teams big and small
  • Fully detailed, itemised reporting on a user-by-user basis
  • NHS HSCN Approved
  • Simple pricing structure and volume discounts
  • Free support and technical assistance
  • Built by industry experts for over 25 years
  • Specialists in Local Government & Public Sector requirements


£0.34 to £1.16 per unit

Service documents


G-Cloud 11

Service ID

8 8 8 5 4 9 4 8 8 8 5 4 8 5 7


FDM plc

Iain Bloomfield



Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Minimum system requirements: Windows XP / OSX Mountain Lion or above. Minimum 5mb Hard Disk Space
System requirements
  • Internet Connection required
  • PDF Viewer (Abode Acrobat or similar)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Average response times Mon - Fri = 18 minutes.
Average response times Sat - Sun = 30 minutes.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Live web chat has been tested by regular users with assisted technologies.
Onsite support
Onsite support
Support levels
We provide a fully featured support service as standard to all clients which allows users and administrators to access a range of technical support options including:

Online and offline documentation.
Live web chat services with a technical engineer or user support agent
Web support ticketing service
Email support ticketing service
Telephone support service

Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.

All clients receive the same level of support at no additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
Initial account set-ups are completed by the Hi-mail support team with a range of onsite training, online training and user documentation options provided for all new accounts.

An initial consultation is undertaken with each new account to determine the best method of training solutions and then these are customised to suit each clients needs.

These includes quick start guides, user guides and administrator guides in both PDF and online formats as well as an E-Learning suite of services that allow users to learn at their own pace whilst being guided through the key features of the software.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data can be extracted by Account Administrators using the built in user interface or by request from one of the Hi-mail Technical Engineers.
End-of-contract process
At the end of a contract FDM will initiate our end of contract procedure in accordance with our Data protection Procedures and ISO27001 guidelines.

This process is managed by the clients dedicated Account Manager and ensures that all data is securely destroyed and documented.

In accordance with Principle Five of the Data Protection Act 1998, FDM ensures that all personal data, in any format is retained for no longer than necessary. All data classified as ‘Confidential’ (i.e all raw client personal data) is retained by FDM for a period of three months, after which it is deleted beyond recovery, unless specifically requested by the client to retain the data for a longer or shorter period.

Data that is classified as ‘Restricted’ is retained by FDM according to purpose and requirement. When managing all information classified as ‘Confidential’ or ‘Restricted’ on behalf of a client, the relevant FDM Client Account Manager is considered the ‘Data Owner’ and therefore responsible for it’s handling in accordance with this policy.

Data in both electronic and printed formats must be deleted or destroyed according to the schedule as outlined in our ISO27001 Data protection procedure policy which is available on request.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The virtual print driver is only available on desktop devices. Users of mobile and tablet devices must use either the web-portal upload option or the network folder upload options unless connected to a remote working PC.
Service interface
Description of service interface
Hi-mail's service interface has been developed for users of all types and abilities to move easily through the order process with accessibility and simplicity at it's core. Simple and clear interfaces allow users to self manage their orders and for Group and Account Administrators to easily manage their users in a simple, yet powerful way.

All interfaces have been designed to work on a range of devices, screen sizes and with the user of assistive technologies to enable all user types to be able to use the service efficiently.
Accessibility standards
Accessibility testing
Extensive interface testing is carried out with each new release of the Hi-mail software to ensure that all functionality is compatible with with WCAG standards.

This includes testing Hi-mail on a variety of a screen sizes, font sizes, zoom levels, high contrast screen modes, alt-tagged images and tables and keyboard friendly browsing.

Testing is carried out using a range of W3 org testing tools and the Web Accessibility Evaluation Tools List.
Customisation available
Description of customisation
Administrators can customise a variety of features and accessibility options within the service for each user, account, sub-account or user group.

Each user is also assigned a profile that can be customised to enable them to adjust the working interface of the software to their specific needs.


Independence of resources
The Hi-mail service has been built to be fully scalable and has sufficient measures built in to ensure that users are not impacted by increases or spikes in usage. These include a range of partitioned hybrid servers, dedicated high-speed fibre connections and scalable database architecture.


Service usage metrics
Metrics types
The Hi-mail service monitors all account usage and a variety of reports can be exported at any time by users with sufficient administrative access.

More detailed server reports can also be requested from the Hi-mail Technical Support team as required.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All data can be exported from a variety of reporting functions within the software. Filtering and search features allow users to look up specific criteria of data from their account history and export these for local download.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • RTF
  • Word

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Hi-mail's uptime is monitored 24 hours a day using a 3rd party software monitoring service and is available to view online at any time.

System availability is guaranteed at 99.9%.
Approach to resilience
This information is available upon request.
Outage reporting
Hi-mail is monitored 24 hours a day by 2 separate systems. Together these systems provide us with a range of downtime reporting services including:

Detailed email notifications
Publish Dashboard
Log file recoding and notification system

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All management interfaces and support channels are restricted to authorised personnel only.

Users who require access to management interfaces must be requested and approved by a Hi-mail engineer or senior Account Manager who can then grant access. Access is then restricted by either VPN connection, 2-factor authentication or 3 part password system.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BM Trada
ISO/IEC 27001 accreditation date
November 2017
What the ISO/IEC 27001 doesn’t cover
All operations are covered by ISO27001
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Self Accredited
PCI DSS accreditation date
Re-accredited May 2018
What the PCI DSS doesn’t cover
Nothing relevant to this service.
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
FDM is fully accredited to ISO27001 standards and is regularly audited to ensure continued compliance. We are also accredited to Information Governance Toolkit level 2 and HSCN compliant.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
FDM's research and development process runs on a bi-annual basis and is governed by our data protection and ISO27001 and ISO9001 policies. Our change management process includes processes for new development testing, risk analysis and security considerations for each new development stage. This is then backed up detailed change log documentation which is made available to all clients at least 4 weeks prior to any new software deployments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
FDM's network and services are monitored by a third party security service that remotely apply all patches as soon as they become available ensuring that our services are kept up to date and protected from all potential threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
FDM's services are monitored 24/7 by a Cisco ASA firewall and threat defence system that logs and alerts us to all suspicious activity including (but not limited to) unknown or failed login attempts, failed network access attempts and suspicious IP address activity.

Our third party security monitoring partners also monitor our network 24 hours a day and have engineers on hand to deal with any potential threats or compromises within 30 minutes.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are assessed on potential data security and risk to service criteria. Users can report incidents using and of the document technical support methods and are then logged for future reporting.

All incidents are then investigated within 30 minutes of initial notification for source and solution. Incident reports can be provided upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
NHS Network (N3)


£0.34 to £1.16 per unit
Discount for educational organisations
Free trial available
Description of free trial
Initial account set-up, user set-up, document testing, document assessment, training materials and user guides are included in the free trial. There is time limit on the free trial as all accounts are placed in 'Test mode' to allow you to trial the system for as long as needed.
Link to free trial

Service documents

Return to top ↑