CFH Docmail Ltd

Docmail

Docmail is a cloud-based hybrid-mail-management system which allows users to arrange mailings of any size from any device with an internet connection. Docmail offers desktop print driver and web portal access. Data is transmitted via secure HTTPS connection for remote print and post fulfilment at our highly secure production facilities.

Features

• Remote access 24/7
• Instant access to real-time reporting
• Flexible postage options - DSA, standard, 1st class
• Highly secure data transfer - HTTPS
• Free-of-charge UK-based customer service helpdesk
• Department/cost centre/budgetary control
• Flexible - no minimum/maximum quantity obligations
• ISO 27001/9001/14001/Cyber Essentials Plus certified
• Remote fulfilment - no printing or hand enclosing of letters
• Flexible communication options - letter / e-delivery / SMS

Benefits

• Significant cost savings on traditional print and post methods
• Reduces administrative burden - letters remotely printed and posted
• Flexible communication options - letter / e-delivery / SMS
• Arrange mailings of any size with a few button clicks
• Access Docmail 24/7 from any device with an internet connection
• Achieve maximum postage discounts - DSA provider
• UK-based helpdesk support
• Access via web portal or desktop print driver
• API interface available to automate delivery of documents
• Postcard delivery app for mobiles

£0.69 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@cfh.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

249274988473802

Contact

Jon Marsh
01761416311
tenders@cfh.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Through API use, Docmail can link to any business process that involves printing and posting. Alternatively, it can be used as a stand-alone service via the desktop print driver or website.
• Cloud deployment model: Private cloud
• Service constraints: Docmail is available 24/7 365 days of the year. System down-time/maintenance is occasional and always pre-planned, only taking place out-of-hours, typically at the weekends, when business usage is at a minimum. Users are always pre-notified of any such down-time via an email communication and alert warning flash when they log into our hybrid portals. ; ; Our standard up-time recorded in the last two years is 99.6% and 99.7%.; ; We have a converged platform of servers across our three production sites. This allows files to be transferred electronically to any of our sites, and printed immediately.
• System requirements:
  • Compatible with Windows 7-10, Android and iOS
  • Compatible with most file types including Word, .xls, .csv, PDF
  • Compatible with desktop virtualisation
  • Internet access or N3/HSCN connection required
  • Website supported by latest versions of web browsers
  • Print driver requires .NET framework 3.5

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions are responded to by our UK based customer service team. The team are available from 8.30am to 5.30pm Monday to Friday. In the vast majority of cases questions are responded to immediately.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide a field-based account manager to visit site and deliver training and support. ; ; Our UK-based Docmail customer service team are available 8.30am─5.30pm, Monday to Friday, and offer phone and email support. They also offer a remote log-in facility to help users set up orders. ; ; Our IT helpdesk is available 24 hours a day, thus providing out-of-hours support. The IT department is manned between the hours of 6.30 am and 9.30 pm, with call-out support outside these hours to maintain our infrastructure and ensure the uptime of our web service.; ; We provide Docmail user guides in hard-copy and electronic format for continuous reference. Guides can be amended to include bespoke branding and corporate guidelines.; ; We also provide a full resource hub of help facilities which include: ; • A ‘Getting Started’ guide; • A complete walkthrough guide ; • Downloadable ‘How To’ user videos; • FAQs (Frequently asked Questions); • A ‘Help and Contact’ information guide
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full on-site training in the form of a field-based account manager who will attend site. Training can take the form of one-to-one sessions, group sessions, and also ‘train the trainer’ sessions, whereby key personnel are trained up to a level where they can teach and assist other staff members. As Docmail is extremely intuitive and user-friendly training should take no longer than 1 hour per user.; ; We also provide a remote customer service helpdesk which is available 8.30 to 5.30pm, Monday to Friday. Our friendly team can provide assistance with setting up orders and also provide a remote log-in facility.; ; In addition we provide a full resource hub of help facilities which include: ; • A ‘Getting Started’ guide; • A complete walkthrough guide for our web service and print driver; • Downloadable ‘How To’ user videos; • FAQs (Frequently asked Questions); • A ‘Help and Contact’ information guide; ; All training and support is provided completely free of charge.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Hard copy
  • Electronic
  • Video
• End-of-contract data extraction: The Docmail system does not store data beyond a 21-day period. Users upload data from their own systems and keep complete control of their templates at all times.; ; Users can choose to delete their account at any time, at which point the deletion process will commence. Docmail is not used as a storage facility for data, however generic templates can be stored within the library and downloaded or deleted by the user as required.
• End-of-contract process: Exiting from our standard Docmail service incurs no charges or fees. Any special requests with regards to the exiting process would be dealt with on a client-by-client basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Using the mobile app users can design and print postcards.; ; The desktop service is deployed as a print driver or is accessible using a web browser.; ; When using the print driver, documents are managed via the user's own in-house systems and transmitted to CFH for printing.; ; When using the website, documents and mailing lists are uploaded for document merging and printing.; ; Docmail also has the capability to send digital documents via e-delivery to secure personalised inboxes.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Docmail e-delivery is a secure online document sharing and delivery portal designed to meet the Accessible Information Standard (AIS). Docmail e-delivery is available via a website and app and allows organisations to safely send documents and information to; their end recipients and also to establish whether the document has been delivered, opened, and downloaded. Once your end users have registered for a Docmail e-delivery account they will have an option to enable “accessibility” via their PC or smart phone. All documents that they receive through Docmail e-delivery will then be read out to them.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: To support the Accessible Information Standards our Hybrid Mail solution has a number of features that will facilitate accessible information being provided to clients. These include: • Large print letters – templates for these can be incorporated in the original; specification, or added later as necessary. • Secure e-delivery – by sending letters electronically to patients they are able to access information via their own computer that will have the necessary features to enable them to read it clearly. Customers can also; enable ‘accessibility’ on their devise and the document will be read to them • Braille – we have a long standing partnership with the Scottish Braille Press with whom we have worked for many year • CD – CFH is able to produce a CD or audio file of a document for patients who are unable to read information in a written format.
• API: Yes
• What users can and can't do using the API: The API provides the same Docmail functionality that is available through the web portal.; The API document can be found at https://www.cfhdocmail.com/API/index.html. Docmail's secure API (Application Programming Interface) allows you to send A4 letters, Postcards, Greeting Cards and Business Cards from a click of a button within client’s own computer systems. Docmail creates a hybrid of electronic and physical mail by transmitting an electronic document and mailing list to us, where we print and mail it as real post. The; Docmail API allows you to add a Hybrid Mail service right into your own systems and workflows. The API is a SOAP-based web-service allowing the creation, proofing and confirmation of orders for mailings, single letters, postcards and greeting cards.; Documents (PDF, RTF or Word files) are submitted as files or selected by name from your account. Address lists may be selected by name, submitted as a file (CSV, XLS, XLSX, Tab delimited, fixed length fields etc.) or added as individual addresses using the AddAddress call.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Many features of the Docmail service can be customised. We have provided some examples below (this list is not exhaustive):; ; Mailing preferences; Corporate hierarchy; Account access for users; Profiles for the print driver; ; How users can customise:; Customisation is controlled through the Docmail Admin portal.; ; Who can customise:; Permission is granted at user level.

Scaling

• Independence of resources: We constantly review and manage our overall capacity to ensure that we can cope with growing transactional volumes. We invest in new equipment as soon as we reach 80% utilisation in peak periods. We have recently invested in continuous colour digital printing equipment which significantly adds to our already substantial capacity; ; CFH has three UK-based sites. Each site runs independently; however, in the event that one site was unavailable the spare capacity at the two remaining sites is sufficient to manage production volumes on a short-term basis, bringing significant business continuity benefits.

Analytics

• Service usage metrics: Yes
• Metrics types: The Docmail web portal provides authorised users with 24/7 access to a comprehensive MI suite. Reports are self-served as and when needed, as this real-time system allows data to be viewed at all times. Data can also be downloaded in .xls format and scheduled delivery times can be set up for authorised email addresses to receive the reports of their choosing. Data can be filtered on a vast selection of criteria to suit requirements. Some report examples include:; ; • Number of processed documents – letters and attachments/inserts; • Number of first and second class delivered items; • Quality review findings
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can download their templates from the mailing library at any time. Proofs are available for download as a PDF prior to despatch. ; ; Real-time reporting information is downloadable in .csv format and is accessible to authorised users on a self-service basis 24/7.; ; Entire mailings can be downloaded as a .zip file and stored by the client for upload at a later date (for repeat mailings).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Word templates
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Printed document via print driver
  • Word
  • PDF
  • RTF
  • TXT
  • XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Docmail sends all data over HTTPS connection which is encrypted by Transport Layer Security (TLS). HTTPS verifies the authenticity of the Docmail website and protects the privacy and integrity of all data that users send to us.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: CFH is ISO 27001 and DPA accredited. ; ; Data is logically separated on our servers from other users of the service. All data remains located in the UK on company-owned hardware. Customer data is never held on local drives or desktops. Confidential and sensitive data is encrypted as part of the automated backup function. Processing of files is automated and not visible to production personnel.; ; Docmail sits behind a double-skinned firewall. A DMZ provides a buffer to internal firewalls (anti-virus/anti-malware / Data Loss prevention / Intrusion Prevention) and the internal CFH network. We undergo regular internal and external penetration testing.

Availability and resilience

• Guaranteed availability: Docmail is available 24/7 365 days of the year. System down-time/maintenance is occasional and always pre-planned, only taking place out-of-hours (usually between midnight and 2am). Users are always pre-notified of any such down-time.
• Approach to resilience: Our service is designed to minimise single points of failure using clustering and micro services.; ; Software is penetration tested and all releases are SAT and UAT tested prior to release.; ; We operate from 3 UK-based sites (Windsor, Radstock and Livingston). Our multi-site structure provides robust business continuity benefits to our clients. All 3 sites operate independently but spare capacity, mirrored functionality and full redundancy between sites ensures that printing will continue in the event of temporary operational downtime at any one site.; ; All of our sites have been designed and operate specifically for the purpose of high volume printing. We produced 550 million documents and mailed over 75 million envelopes in 2021. Our extensive print and enclosing capabilities enable us to seamlessly incorporate new commitments into our existing workload and allow us ample headroom to manage unexpected or short turnaround requirements.; We monitor utilisation and spare capacity and invest in new equipment as soon as we reach 80% utilisation in peak periods. In advance of equipment reaching end of lease, we will engage with equipment vendors to ensure a programme of continual upgrade in quality, efficiency and capability.
• Outage reporting: Email notifications are sent prior to any scheduled downtime.; ; Website, API and print driver provide notifications of service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interfaces (for example, for reporting/invoicing) with pre-defined user access controls can be set up for clients at implementation. These are password protected so that only authorised users can gain access. ; ; The Docmail support interface is only available internally at CFH Docmail Ltd. Helpdesk staff have individual user name and password protected logon access. Staff can only access the admin site from computers within our premises. They are not able to remotely log on from other locations, such as home.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group
• ISO/IEC 27001 accreditation date: 16/12/2017
• What the ISO/IEC 27001 doesn’t cover: We are pleased to confirm that there are no exclusions to our 27001:2013 certification. Our certification includes all elements of the standard.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: C&CCC Standard 55 certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: CFH is accredited to ISO 27001 Information Security Management System. Our procedures and policies are written and followed within the guidelines of this standard. We are currently working towards Cyber Essentials accreditation.; ; CFH’s external certification/accreditation/licensing body is BSI. They carry out audits of our certifications twice per year. We also have a team of 10 BSI approved internal auditors who ensure that ISO standards are being maintained throughout the business. Our internal auditors conduct audits twice per year.; ; We have an internal Information Security policy and several Information Security Standard Operating Procedures (SOPs).; ; These standards provide a framework for managing information security to ensure that:;  Information is protected against unauthorised access/use;  Confidentiality of information is assured;  Integrity of information is maintained;  Regulatory and legislative requirements are met;  Breaches of Information Security are reported and investigated;  Standards are produced to support company policy;  Business requirements for the availability of information and information systems are met.; ; Managers are directly responsible for implementing the policy within their business areas, and for ensuring staff compliance.; ; Each employee is responsible for complying with the Information Security Policy which is accessible on the internal shared drive.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The components of our service are tracked through Accord (MIS) change management and our formal project management process. The software development life-cycle includes privacy by design (every time we change something we consider the privacy of people's data) at every stage of the process / business decision.; ; We segregate duties so that different people are responsible for different parts of a change. This ensures that several check points are incorporated into the change process and that adequate oversight is provided.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform monthly vulnerability checks against our services using leading industry best-practice tools. In addition we use SIEM monitoring to highlight potential issues. ; ; We assess threats according to their severity: critical, significant, minor, negligible and this dictates our response. For example, for critical threats a remediation plan must be available within 24 hours.; ; Threat information can come from a variety of sources. For example, vulnerability scanning, penetration testing, anti virus software, email alert and phone alert.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All audits are recorded in our SIEM solution. SIEM highlights potential compromises/issues.; ; Our response to potential compromises is governed by our internal Standard Operating Procedures - IT028 Cyber Security Event Management and IT034 Network Vulnerability Management ; ; The response time frame depends on severity:; Emergency - immediately; Critical - a remediation plan must be available within 24 hours; High - a remediation plan must be available within 72 hours; Medium - a remediation plan must be available within 1 week; Low - no immediate remediation plan is necessary but these vulnerabilities should be monitored at the next reporting date
• Incident management type: Supplier-defined controls
• Incident management approach: We have a pre-defined process for common events which is covered by our internal policies and SOPs - Information Technology Security Policy, IT028 Cyber Security Event Management, IT034 Network Vulnerability Management.; ; SOP IT028 Cyber Event Management has a Cyber Security Incident report form appended to it which users can use to report on and give details of incidents. The form includes an action log so that remedial activity can be recorded.; ; The incident report form is available to all staff on a shared internal drive. Incident reports are provided back to customers on a customer-by-customer basis.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  CFH run an environmental management system (EMS) and maintain certification to ISO 14001 throughout our Group locations with clearly defined resource consumption reduction targets. There is clear responsibility at all levels within the business including representation and reporting within the board and business owners.; ; The commitment of CFH to reduce our environmental impact has seen a reduction in energy consumption over the past ten years of 10% in a period where the business has grown by 83%. All paper waste arising from processing activities is subject to shredding and baling before transfer to paper mills for incorporation into recycled paper products. Waste from products and activities are segregated according to waste type (paper, cardboard, plastic, wood, metals, solvents, inks) and recycled using approved and registered waste recycling bodies. We use water-based inks where possible so that waste can be harmlessly disposed of.; ; Digital equipment is generally purchased on lease agreements based on the latest technology and environmental efficiency (energy use; consumables; waste). At the end of the agreement equipment is either returned to the supplier for re-leasing to another company or purchased outright and installed at our other two production sites to provide replication and business continuity. Equipment that cannot be returned, re-used or sold is dismantled according to waste type (metals, WEEE) and sent for recycling via approved waste recycling bodies. This is enabling us to improve efficiencies and reduce reliance on finite natural resources across the Group by extending equipment life and then reusing or recycling.; ; 100% of our company vehicles are either electric or hybrid and must be used for travel where public transport is not appropriate. Our company Travel Policy requires all staff to consider the mileage that they travel for work and they encourage low carbon travel wherever possible.
• Covid-19 recovery:

  Covid-19 recovery

  All office staff and those without a production role have been working from home since March, 2020. CFH have worked tirelessly throughout the pandemic to ensure staff who had to be in on the premises to do their work were safe and appropriately looked after. We have introduced social distancing, one way systems, side by side working rather than face to face and masks are still obligatory. By being ahead of the curve with our measures we have been able to operate fully and ensure all our clients have received the outstanding service they rely on from us. ; ; We have supported our existing clients to communicate with their customers, patients, or residents throughout the pandemic. We have also been able to quickly onboard new clients to our hybrid mail service, Docmail, which has enabled their staff continue to produce high quality documents and letters to be sent, even though they are working from home. ; ; We have also ensured that all staff have access to mental health support when needed, we have a number of trained mental health first aiders on our staff who receive regular training and are available to talk to anyone who needs them. We also provide access to other mental health services through our company insurance provider.
• Tackling economic inequality:

  Tackling economic inequality

  CFH’s procurement department ensures that materials which are the best value for money are obtained for production. The quality, integrity and reliability of our supply chain is balanced against price to assess the suitability of suppliers. ; ; With a supplier list in excess of 500 on the Purchase Ledger Trading Report continuous efforts are made to keep purchasing as local as possible, to aid growth in the economy in the area in which we operate. More than 60% of our suppliers have less than 250 employees, classifying them as Small to Medium-sized Enterprises (SMEs). This includes but is not limited to key procurement streams such as material suppliers and distribution services. ; ; New Suppliers receive site audits. This ensures we are confident with their ability to provide an excellent service to us and that they can meet our needs in terms of quality, quantity and availability. CFH undertake credit checks through N2Check on all suppliers. N2Check provides business credit information for nearly 8 million UK Ltd companies, partnerships and sole traders. This allows us to minimise risks associated with dealing with new suppliers. This service also includes alerts of any significant changes at that business so we are aware of any potential issues that my affect our future working relationship. ; ; Suppliers are scored on a number of factors and this information is kept on file. A quality percentage threshold is set for suppliers and their quality assessment scores are constantly updated and any service failures noted immediately. If a supplier falls below the threshold, the process of assessing potential new suppliers for the service will begin.; ; We manage cyber security risks in the delivery of a contract by not sub-contracting any part of our work to third party providers. All work is undertaken by us and under our stringent ISO compliant procedures.
• Equal opportunity:

  Equal opportunity

  At CFH we take great pride in being the type of organisation where equality of opportunity and treating people fairly have been at the core of our values for over 40 years. Whilst the career path that each member of staff chooses to take may be unique to them alone, we believe strongly in extending the same opportunities for growth and development to all employees.; ; We employ a diverse staff across the group. Staff include those with a range of disabilities and those from disadvantaged or minority groups and those from a variety of ethnic backgrounds. We encourage ALL staff to undertake training, move to higher paid roles and consider their career progression with us. ; ; We report our gender pay gap data as required by the Government. The differential between median pay across genders at CFH is 8% - that compares extremely favourably against a national average of 18.4% (April 2017). We are confident that at CFH, men and women are paid equally for doing the same job and we continue to encourage everyone to make the most of the opportunities available to them. This diverse and inclusive culture will remain at the heart of CFH for the next 40 years.; ; We are committed to ensuring that there is no modern slavery or human trafficking in our supply chains or in any part of our business. Our Anti-slavery Policy reflects our commitment to acting ethically and with integrity in all our business relationships and to implementing and enforcing effective systems and controls to ensure slavery and human trafficking is not taking place anywhere in our supply chains.
• Wellbeing:

  Wellbeing

  We take the wellbeing of our staff very seriously at CFH. We have an in-house gym at our head office and main production site in Radstock. This is free to use for all staff 24/7. For staff who are not local or work at our other sites we give healthy discounts on local gym memberships. We provide free yoga sessions on a weekly basis. These used to be face to face but are now online so that more staff can access and benefit from them. ; ; We have trained a number of mental first aiders to work at each of our sites and these are available to staff at any time. We also provide counselling through our insurance company. ; ; To keep everyone staff at work we have robust health and safety procedures in place and these are overseen by our Group Head of Quality, Health and Safety and Environment. All staff are provided with appropriate PPE for their work environment and undertake mandatory health and safety training during induction and at annual intervals thereafter. We have first aiders, fire marshalls and safety champions across the company to ensure continued compliance with best practice. ; ; We encourage our staff to volunteer in the community and we support local charities through a range of initiatives. These include paying entry fees for the Bath Half marathon for staff and supporting their training schedules; providing raffle prizes for local charities, working with our local primary school so staff listen to readers each week and we also provide a large number of trees to local communities each year to enhance the environment.

Pricing

• Price: £0.69 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: All users get free credit to try our system. This can range from £1 to £100 depending on the test or pilot scheme required. ; There is no time limit to use the test credit.
• Link to free trial: https://www.cfhdocmail.com/live/signupnew.aspx?VM=Everyone

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@cfh.com. Tell them what format you need. It will help if you say what assistive technology you use.