SPS UK&I LIMITED

SPS UK&I Omni-Channel Solution

Swiss Post Solutions Omni-Channel document management
services cover all categories of physical and digital
communications. We take care of all your physical and digital documents and processes,using an integrated/centralised platform to steer and direct your communications to the individual recipient through the full range of physical and electronic output channels

Features

• Mailroom Service - Receive, sort, deliver, scan, workflow, archive
• Document Input Processing, Scan, index, capture, extract, deliver
• Intelligent Automation - Artificial Intelligence – Robotic Process Automation
• Business Process Service - Validate ,Verify, Check,Execute,Process
• Document Output Processing - Create ,Dispatch,Print, Send

Benefits

• Efficient, user-friendly and flexible communication with employees
• Secure, and fully traceable digital communication channel with IncaMail
• Savings in postal rates, fast and secure communication
• Support of client’s corporate responsibility programs
• End-to-End processing of the respective files
• High Staff Competence level in processing and financial market expertise
• Flexibility in handling increased file volume
• Security and quality standards are enhanced

£6.26 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.team@spsglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

251324633503149

Contact

Bid Team
07748114237
bid.team@spsglobal.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The OCS bi-drectional communication management hosted software complements existing business processes and end recipient communications
• Cloud deployment model: Private cloud
• Service constraints: No Constraints anticipated
• System requirements: Web access restricted by IP address for Admin users

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependent on client requirements
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: 1st Line support (end external users) £1k - £5k/month; 2nd line support to admin users included in management fee; SaaS so no requirement for Direct technical account management or engineers; Development team to deal with change requests and support requests charged at £150/hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Both onsite and virtual training is offered as well as on screen FAQ's and help, however our solutions are designed intuitively and with the user in mind therefore minimum training is usually required
• Service documentation: No
• End-of-contract data extraction: Individual users can download their data at any time. Client contract users can request the return of all information in a format compatible with the import system or it can be loaded and indexed to disk or hard drive
• End-of-contract process: Varies depending on Client requirements and governance processes

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No substantial differences
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Yes, API is used to facilitate Single Sign On from client side systems or existing web services as well as used for real time calling of information from either Client established databases/systems or third party look ups such as address details
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Yes from a colour palette and branding perspective. Complete personalised solutions can be offered and priced on requests

Scaling

• Independence of resources: SPS is a Global service provider and has built it's hosted solutions in such a way to guarantee the user experience and fast retrieval and return of data. Usage statistics are constantly monitored and service capacity adjusted accordingly prior to any potential issues arising.

Analytics

• Service usage metrics: Yes
• Metrics types: Service Metrics provided by SPS MI Platform, all key usage metrics provided, e.g Volumes processed daily/weekly/monthly
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Individual users can export their data in PDF, CSV, HTML, XML depending on the formats offered by the SPS Client
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Typically SPS will use SFTP to transfer data to and from the buyers network. Web services, where used will use SSL encryption and is reviewed regularly in line with best practice
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SPS meets target service levels set at between 99.6% and 100%. We can provide details of SLA and service level credits are agreed with clients on a case by case basis
• Approach to resilience: Available on request
• Outage reporting: Email alerts from the SPS Support Team.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username and password as well as authorisation levels are assigned to all users of the system.Allowing users with higher level of authority to access management interfaces and support channels
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 29/08/2019
• What the ISO/IEC 27001 doesn’t cover: What is Covered in SPS ISO/IEC Certification; Information Security relating to hardware, Software, LAN and WAN management, documentation including paper based and digital Customer communications for client facing information, client owned and supplied information and internal processing facilities relating to the provision of central mail rooms including customer locations, document processing centres and head office activities.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Standards Council
• PCI DSS accreditation date: 14/09/21
• What the PCI DSS doesn’t cover: The PCI-DSS certification covers our inbound document processing operations, such as document scanning, data capture, confidential document processing. All other outbound/printing or digital communication solutions are not PCI DSS certified
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SPS policies and processes are in line with ISO 27001 accreditation. SPS security policies include; - Information Security Policy - Data Protection Policy - Encryption policy - Password Policy - Physical Security policy - Incident Management and improvement process

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SPS’ approach to Solution configuration and Risk management is built on recognised principles of change management and is again closely aligned with the principles of PRINCE2. SPS’ risk assessment and change management process ensures that there are regular reviews of any potential risks during the development pipeline of the solution and at the very least a one-time review of risks associated with any changes made to the solution throughout its lifetime. From this review, necessary preventive and / or contingency actions will be identified and passed to detailed work planning, including an update of the solution pipeline.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The compliance team within SPS are responsible for the internal auditing of all processes and procedures. This includes undertaking with our information security manager information security risk assessments and risk treatment plans, looking at all critical assets and processes, alongside a Business Impact Assessment and BC Risk Assessment a Business, looking at critical business systems and processes. This is all then followed up by internal and external audits covering all parts of the certificated standards to ensure that SPS is working to their own internal processes and controls and we are able to maintain 9001, 14001, 27001 certifications.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The respective asset owners are responsible for arranging for the controls to be implemented effectively; this would typically include defining the controls in policies and/or procedures, so that they can become part of everyday business practice. Asset owners are responsible also for the management of any risks which are not specifically addressed in the Risk Assessment. The SPS Risk Assessment and Risk Treatment plan document is structured by using the Asset List to identify the threats to each asset. Each threat and consequent risk is quantified. We further analyse this information for all significant risks and their respective controls.
• Incident management type: Supplier-defined controls
• Incident management approach: SPS' procedure provides guidance on the handling of security incidents, breaches or suspected incidents and breaches.This policy applies to all SPS systems and sites and to all SPS staff, temps, contractors and third parties working on behalf of SPS. Once the incident has been identified and contained, efforts can then be focused on finding an appropriate solution. The fundamental features of any solution should be investigation, action and follow-up/record-keeping; the order in which they are implemented depends upon the nature of the incident. The Services Director, assisted by the Compliance manager, will initiate the appropriate investigation.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Through SPS’ Engage framework we have looked to drive improvements to sustainable working in recent years – factoring environmental considerations into business decisions. In 2019, we consolidated two of our largest SPS locations together into one combined operations centre, significantly cutting down on waste, emissions and power usage. This redevelopment culminated in a £2 million investment into our newly formed Digital Transformation Centre (DTC), with a focus on sustainability and security. Motivated by reducing our reliance on traditional energy sources, we installed a solar panel array on the roof of the new facility. ; ; Since their installation in August 2019, our DTC has generated 71,600kwh of renewable electricity to date, equating to a 59.2 tonne reduction in greenhouse gas emissions. 100% of this power is delivered to the DTC, meaning the site is maintained by 100% renewable energy, with an additional power surplus. SPS is also actively returning any excess power produced to the National Grid. ; ; The ‘reduce, re-use, recycle’ principle is also actively promoted at our DTC. Whilst all legal requirements surrounding waste are adhered to, including the Green Government Commitment, preventing the production of waste in the first place is paramount. Our unique on-site shredding capability works alongside with our waste contractor ensuring a 100% paper recycling rate. At present 80% of all waste from our DTC is recycled. All SPS sites maintain waste transfer records, meaning we can analyse our figures and identify areas for improvement.

Pricing

• Price: £6.26 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.team@spsglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.