QUADIENT UK LIMITED

Impress

Quadient Impress is a user-friendly, managed service for the production and delivery of external communications. Documents are received either singularly, via individual user, or as a batch feed from a host system (ERP).
Once uploaded Impress, an automated workflow prepares documents for sending via post, email, SMS or web portal.

Features

• Hosted, scalable Portal supporting Physical & Digital Communication delivery
• Outsourced Hybrid Mail service
• Multi-Channel Output (Mail, SMS, Email, FAX, Archive)
• Version, Content and Template Control
• Fully automate communication production
• Validation and clean address data automatically when creating communications
• Merge and sort communications when producing communications
• Document enhancement and Template Library Control
• Secure production of your customer communications
• Personalised customer portal

Benefits

• Automation minimises manual document handling errors
• Improved customer experience from compliance and speed of delivery
• Shared media, library and templates ensures customers receive consistent messages
• Centralisation increases control over communications, archiving and document storage
• Reduce cost of customer communications
• Physical and Digital communication transformation
• Business rules improve workflow compliance aligned with GDPR regulations
• Support flexible and remote working
• Reduce late payments propensity
• Customer self service for copy invoices

£0.56 a transaction

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

411233540029858

Contact

Adam Smith
07725 826750
bids.uk@quadient.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: E-delivery; Digital archive; Template Management (see Inspire); Document Composition
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 r2
  • Microsoft Window Servers 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 8.1 64 BIT
  • Microsoft Windows 11
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The response is same day, and cover is provided during normal office hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Accessibility Testing done by Supplier of web chat software using a professional testing agency
• Onsite support: Yes, at extra cost
• Support levels: The annual subscription to Quadient Impress entitles the customer to the support cover afforded by a standard QuadientCare Service Plan, which is described below.; ; Installation; ; Upon purchase of your software, we will contact you to arrange a convenient time for the software to be installed and commissioned within your business environment.; ; Telephone Support; ; Provides access to our Contact Centre, where immediate assistance may be obtained from our Service Agents.; A request for Product Technical Support will be placed and a Specialist will contact you within the agreed response timescale.; ; Telephone Response Time; ; We will target to provide remote support (based on customer providing remote access) within 8 hours.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: A combination of on-site and off-site training (depending on client requirements), as well as user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This will be agreed as part of data retention
• End-of-contract process: At the end of the contract term agreed the service will either automatically renew, or if cancellation is requested, access to the platform will cease.; ; All data will be digitally destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Processing of documentation from a host CRM directly into a delivery channel in the Hybrid delivery platform
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Solution can be set up to customer requirements for user access, automation, branding and approval for release of communications

Scaling

• Independence of resources: We actively monitor system resources and automatically monitor resource utilisation. This can scale responsively

Analytics

• Service usage metrics: Yes
• Metrics types: Channel distribution; Production status; Document approvals
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can download the finished communication and store as a PDF. User access to the portal allows a view of the communication. Data storage is agreed with the customer.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • DOCX
  • PCL5
  • PS (Post Script)
  • TNO

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.5
• Approach to resilience: Available on request
• Outage reporting: Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: User configuration within the platform based around user profiles and teams allocation
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL Business Assurance Limited
• ISO/IEC 27001 accreditation date: 28/12/2017
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The UK Professional Services Team (PSO) follows the Cyber Essentials standard. Their compliance to the standard is monitored by QuadientUK's internal audit team. Members of PSO are only able to access a customer system when the customer activates an administration account for them. PSO reports to the Head of Operations, who reports to the Quadient UKIDACHIT Exec.; ; The Development and DevOps teams follow ISO27001. They are in a separate reporting line from PSO. The heads of these teams report to the Head of Development, who in turn reports into a Group board. DevOps, which monitors the platform and handles third-line is the only team allowed to access customer data. DevOps is a small specialist team, and it is tightly audited and vetted.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Development and DevOps Teams use the Agile/Scrum development methodology to develop Quadient Impress. This methodology does not proscribe processes around configuration and change management. Developers upload their code at the end of each day into a version control system. Automated Testing processes test the code overnight and report to the developers the next day.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Product Management commission periodic full penetration testing against the service to identify platform and application vulnerabilities. The DevOps Team actions the list of identified vulnerabilities.; There are tight processes around access to the platform in order to prevent the deployment of malware.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The DevOps Team uses monitoring tools in the Azure platform and logs in the application to identify signs of possible attacks. This team takes responsibility for responding to attacks and protecting the application or alerting Microsoft.
• Incident management type: Supplier-defined controls
• Incident management approach: The Dev Ops Team monitors the platform and application using Azure and third-party tools. They are responsible to analyse unusual behaviour and respond to it if required. They have contacts at Microsoft for flagging platform and security issues.; The UK PSO handle second-line customer calls. They contact the OMS Dev Ops Team when they suspect an attack

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our employees come from diverse backgrounds, work in different countries, hold different positions, and think in different ways. But what binds us together as a community is our passion for our work and our desire to make meaningful connections for our customers.; Every unique Quadient employee is valuable to our success as a business and should be treated with fairness and respect.; ; We offer equal employment opportunities to all employees and applicants. We do not tolerate discrimination with reference to age, race, gender, ethnic or social origin, nationality, language, religion, health, disability, marital status, sexual orientation, political or philosophical opinion, veteran (Quadient is a signatory to the Armed Forces covenant) or other status, trade union membership, or other characteristics protected by applicable laws and regulations. All employees, regardless of job title or level, must be treated fairly in matters affecting promotion, training, hiring, compensation, and termination.; ; We have set high ethical standards for everyone who acts on behalf of Quadient, and we strictly prohibit any acts of violence, harassment, and bullying, whether done by an employee or a non-employee. Harassment and bullying are offensive, intimidating, malicious, and/or insulting repetitive behaviours involving the misuse of power that can make a person feel vulnerable, upset, humiliated, undermined, and/or threatened.; ; In 2020, Quadient released it’s first annual Inclusion and Diversity employee survey. We use these survey results as our baseline metric. Our goal is to improve our scores on a yearly basis. In 2023, as a result of these surveys Quadient released an Inclusion Policy which outlines our expectations and commitments to this area.

Pricing

• Price: £0.56 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.