RPOST UK LIMITED

RDocs: Document Security

RDocs™ is the most innovative solution for secure document sharing, offering advanced monitoring and remote-control features. Track who reads your documents, including where, when, and how often. Restrict access by geolocation, IP address, or domain, and protect against unauthorized sharing with steganographic technology. Share securely without centralized storage risks.

Features

• RPD Conversion: Built-in tracking and remote-control features for documents
• Access Controls: Customize security levels for email verification/restricted access.
• Location Protection: Restrict access based on geo-location or IP address.
• Content Protections: Apply dynamic watermarks, print restrictions and expiration.
• Remote-Control: Remotely expire or disable access to shared documents anytime.
• Social Interactivity: Sticky notes and in-document replies readers interactions
• Steganographic Technology: Identify document leakers with hidden tracking markers.
• Auditable Forensics: Monitor reader activities with timestamps and IP addresses.
• Manage Tab: Document activities comprehensive monitoring dashboard and exporting data.
• Kill Document: Completely kill shared documents, removing all metadata traces.

Benefits

• Security: Robust document protection with steganographic technology and location-based access.
• Privacy: Share documents securely without centralized storage, reducing compliance risks.
• Control: Remotely manage access, revoke, or kill documents when needed.
• Customization: Flexible access controls and content protection for various scenarios.
• Compliance: Meet security and privacy regulations with advanced access control.
• Transparency: Detailed forensic reports provide insights into all document interactions.
• Convenience: Easy-to-use for readers, with familiar PDF-like document access.
• Interactivity: Engage readers with in-document communication and notifications.
• Traceability: Easily export data to meet compliance and legal standards.
• Flexibility: Adapt security settings post-sharing for evolving document control needs.

£108 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rpost-uk@rpost.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

297924398981468

Contact

Kevin Love-Hughes
0203 078 7620
rpost-uk@rpost.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Various support plans are available. On basic plan response times are different at weekends but can be tailored to suit.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: (1) Plan pricing is a percent of the service order with minimums: a) *Premium: The greater of (a) 10% of total service order or (b) 25/month or 250/year if pre-paid b) *Platinum: The greater of (a) 15% of total service order or (b) 50/month or 500/year if pre-paid c) *Enterprise: The greater of (a) 20% of total service order or (b) 250/month or 2500/year if pre-paid (2) Included Live Phone/Live Remote Access aggregate instances per month: Premium: 2, Platinum: 3, Enterprise 3. (3) Eligible for enhancement, each enhancement has an additional cost. (4) Included Registered Receipt™ E-Delivery Investigative Support instances per month: Platinum: 2, Enterprise: 3. Full Support plan information available on request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: By providing training and documentation on the Onboarding Portal.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: RPost does not store user data
• End-of-contract process: RPost can terminate the service as requested and as we don't store user data there are normally no further activities required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: User friendly UI that allows access to features
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: None but meets standards
• API: Yes
• What users can and can't do using the API: Programmatically by customising their software to access the API features through REST
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Features can be selected as desired, and other services can be added such as branding. Mixture of user enable customisation and supplier only customisation. Ability to automate conversion to RPD with RMail Cloud Security Gateway.

Scaling

• Independence of resources: Use of a scaleable and highly redundant failover architecture on AWS.

Analytics

• Service usage metrics: Yes
• Metrics types: Through the RPortal users and administrators can monitor their usage and pull reports including historical.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All system stored data is encrypted at rest. The storage volumes are encrypted at block level using AES-256 in a manner consistent with NIST 800-57 and with FIPS 140-2 approved algorithms. (All drives are encrypted at the hardware level using Amazon Elastic Block Storage Encryption).
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: RPost does not store any data
• Data export formats: Other
• Other data export formats:
  • CSV
  • JSON
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data in transit is protected using RSA-AES256, PDF-AES256 or TLS encryption, based on the client preferences and settings.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Please refer to RPost SLA: https://rpost.com/legal-notices/service-level-agreement
• Approach to resilience: Please refer to https://rpost.com/legal-notices/service-level-agreement. Additional information available upon request.
• Outage reporting: Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Registered Users
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO9001, ISO27001, ISO27017 ISO27018 via AWS
  • RPost systems conform to the NIST 800-171

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: RPost has policies, procedures, and infrastructure to protect the physical security of its business offices and development lab. RPost infrastructure that operates the RMail services is an Amazon AWS infrastructure that carries an ISO 27001 Certificate and SOC2 Report. AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. Access to any of these reports can be provided if required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: RPost maintains a change management process to ensure that all changes made to the production environment are applied in a deliberate manner. Changes to information systems, network devices, and other system components, and physical and environment changes are monitored and controlled through a formal change control process. Changes are reviewed, approved, tested and monitored post-implementation to ensure that the expected changes are operating as intended.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security assessments shall be undertaken on a regular basis to identify vulnerabilities and to determine the effectiveness of patch management programs. The CTO will remain up to date with announced system security issues as they are made public. Each vulnerability will be reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.; RPost also have a Vulnerability Disclosure Program to enable user to report any vulnerability discovered. For additional informatio, please refer to https://RPost.com/legal-notices/vulnerability-disclosure-program
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Please refer to sections (II)(3) to (II)(7) of RPost SLA (https://RPost.com/legal-notices/service-level-agreement) for details about incident reporting, support, incident severity levels and escalation. RPost handles threat management as part of the SDLC process and every change introduced to the system. Please refer to RPost SDLC threat handling.pdf for more information. Infrastructure monitoring – as stated in the document “RPost Incident Response Plan - Confidential.pdf” , AWS servers are continuously monitored with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html) which transmits alarms and alerts to members of the Performance Monitoring Team. The performance monitor system determines the responsivity of each of these services every 5-10 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: Please refer to sections (II)(3) to (II)(7) of RPost SLA (https://RPost.com/legal-notices/service-level-agreement) for details about incident reporting, support, incident severity levels and escalation. For more information about RPost incident management processes, refer to the document “RPost Incident Response Plan - Confidential.pdf”.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  RPost are challenging the world of employment to move to a 'paperless office'. We understand the need to fight climate change globally and our products support this mission. Our products encourage people to transact digitally rather than by physical mail. RMail and RSign both include a Registered Receipt that can act as legal proof of delivery omitting the requirement to use post.

  Covid-19 recovery

  RPost offers flexible Work from Home Policy to all employees globally in order to combat Covid-19 recovery.

  Equal opportunity

  RPost is a global equal opportunities employer. We aim to meet and welcome diversity, inclusion and equality best practices wherever possible at a global level

  Wellbeing

  RPost advocates wellbeing in the workplace. We encourage regular in person and online meetings where employees can get together both in a team or individual setting

Pricing

• Price: £108 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Up to 2 units per month for all RDocs features ongoing
• Link to free trial: Www.rdocs.io

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rpost-uk@rpost.com. Tell them what format you need. It will help if you say what assistive technology you use.