FuseMail

SafeSend - Recipient Verification software

Microsoft Outlook add-in used to prevent misaddressed email or inadvertent autocomplete email mistakes by requiring the user to confirm external recipients and file attachments before an email can be sent.
Our module further scans attachments and email content for particularly sensitive data, allowing companies to build additional custom DLP rules.

Features

• Email Miss Delivery Protection
• Email DLP
• Data Leakage Awareness
• On send pop up
• Reply All protection
• Attachment notification
• Auto Complete Protection
• Audit Logs
• Password Doc Scanning
• Accidental send protection

Benefits

• Removed user risk from mistaken emails
• User Awareness of sensitive infromation in emails
• Liability put on the user not admin team
• Reduced DLP tickets for support team
• Reduced risk from inside threats
• Reduces risk of human error in emails
• Easy deployment of effective tools
• Low friction solution
• User centric security solution
• Helps reduce possibility of reputational damage

£250 a transaction a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.babbs@vipre.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

549522897868525

Contact

Andrea Babbs
0800 093 2580
andrea.babbs@vipre.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The solution only works on Outlook (Windows Outlook, Mac Outlook and OWA) dependant on deployment some are locally installed on the machine or hosted on customer's infrastructure.
• System requirements:
  • IIS server
  • Azure Infrastructure
  • Outlook installed on Windows or Mac device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all inquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: We provide remote assistance included in our license fee assisting in deployment and policy configuration of the solution.; ; Our technical support team is dedicated to exceeding our SLA guarantees by providing exceptionally quick responses to all inquiries. While our SLA commits to responding within 8 hours for high-severity incidents and 24 hours for medium and low-severity issues, our average response time is under 2 hours across all severity levels. This rapid response rate reflects our commitment to delivering superior service and support, ensuring that our customers and partners receive timely and effective solutions to their inquiries. Currently, all severity of tickets are answered under the 2 hour timeframe.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Clients receive the software via secure download link, we provide documentation and online training including onboarding with our deployment team. We assist in policy creation before deployment to user via the customer's desired deployment preference. We do however provide comprehensive online documentation (https://success.vipre.com) and any customer can contact Support with questions. Our Support team scores in the 90s for Customer Satisfaction and is happy to walk customers through any configuration questions they might have. We have never had the need to create formal training courses because our solutions are so intuitive and easy to use.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The product does not store any personal data but audit logs are always on the customer's infrastructure so no export is needed.
• End-of-contract process: Buyers are given plenty of warning about the pending end of a contract, once the renewal date passes a notification will be shown saying there isn't a license and the software no longer works. It is up to the organisation to uninstall the software from devices.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Users can customise our software in a range of ways. This includes, but not limited to, adding logos, changing all text, changing language options, and customising policies to fit client needs.

Scaling

• Independence of resources: As SafeSend is locally installed, customers are responsible for standing up and maintaining any infrastructure. With web add-in deployments, SafeSend settings and behaviours are dynamically served by a web server, or Azure App. Customers need to deploy infrastructure to match their usage with adequate resilience according to recommendations. Our support and onboarding teams are on hand to help.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: VIPRE does not process or store any customer data. Consequently, there is no need for data protection at rest. ; SafeSend is a stateless Outlook add-in that functions entirely within the user's network, ensuring that data management and all associated processes are confined to the user's infrastructure. This design negates the need for data transfer outside of the local network.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: VIPRE does not process or store any customer data. Consequently, there is no need for a data extraction process at the conclusion of a contract.
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: SafeSend is a stateless Outlook add-in that functions entirely within the user's network, ensuring that data management and all associated processes are confined to the user's infrastructure. This design negates the need for data transfer outside of the local network.
• Data protection within supplier network: Other
• Other protection within supplier network: No data comes into our network, therefore there is no data for us to protect. SafeSend is a stateless Outlook add-in that functions entirely within the user's network, ensuring that data management and all associated processes are confined to the user's infrastructure. This design negates the need for data transfer/protection outside of the local network.

Availability and resilience

• Guaranteed availability: Our software is locally installed, and is therefore completely user controlled. As the software is not on our infrastructure, there is no uptime or availability that we control ourselves: service availability is therefore determined by the users.
• Approach to resilience: Local installed so no need for internet or network
• Outage reporting: Obligations towards reporting outages typically applies to scenarios where a service provider has direct control over the service performance. Since VIPRE does not manage the infrastructure surrounding SafeSend, it would not be feasible to apply a standard approach to data restoration/storage migration in this context.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Authenticate with windows log in, to access Outlook
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is strictly controlled to ensure security and integrity. The PC add-in requires a password that is exclusive to the administrator, which can be updated following the organisation's password policy through group policy. Similarly, the Web add-in is only accessible to Microsoft administrators who have privileged access rights, allowing them to modify policies or manage deployment. This multi-layered approach to access restriction ensures that sensitive operations are safeguarded against unauthorised access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC-2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Our security governance processes aligns closely with the guidelines outlined by the National Institute of Standards and Technology (NIST) Cyber Security Framework. By adhering to NIST standards, we ensure that our security practices are comprehensive, well-defined, and continuously updated to mitigate emerging threats and vulnerabilities.
• Information security policies and processes: Our Corporate Security Policy details the security requirements that allow our company to provide high-level and secure service to our customers, including company-wide standards for password composition, rotation, management, and storage. Workspace and database encryption(all databases must be encrypted at rest and all data encrypted in transit) is required, along with multi-factor authentication for all systems that support it. Access control to our systems is closely vetted and reviewed as well. Our systems must be properly hardened and vetted before connecting to our network to ensure the protection and privacy of data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Management is the process for consistently documenting, recording, reviewing, testing and approving changes to IS. This policy provides a required framework for executing this process to minimise the risk of business interruption, inaccurate reporting and lost data and/or assets resulting from undesired or defective changes made to ZD IS. The policy also requires that changes are communicated effectively to Stakeholders, are accepted and followed by Stakeholders and are documented in a manner to provide adequate audit trail for compliance with external regulations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our information security personnel depend on various sources regarding security vulnerability announcements such as CVE’s, US-Cyber Security notifications (US-Cert), National vulnerability database, and vendor specific related security bulletins.; When information about a new vulnerability is discovered, it is analysed, and a recommendation is made based on the following factors:; • Risk exposure; • The Impact; • Cost to deploy; • Availability of patches and\or workarounds
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: “Defence in depth” strategy is followed (not limited to): network layer defences such as network firewalls, Web Application Firewalls, Intrusion Detection Systems (“IDS”), Intrusion Prevention Systems (“IPS”), Endpoint-level protection, multifactor authentication, strong passwords, security groups, permissions, and access control lists.; Websites and firewalls configured to protect against Denial of Service, Distributed Denial of Service (DDoS) attacks and protection from Bot-based unauthorised access attempts.; NIPS (Network Intrusion Prevention Systems) & HIPS (Host-based Intrusion Prevention Systems), or NIDS (Network Intrusion Detection Systems) & HIDS (Host-based Intrusion Detection Systems) monitor activity on a real-time basis. NIPS/NIDS & HIPS/HIDS activity logs actioned as appropriate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Detection of Information Security Incidents occurs in multiple ways and reported by both internal and external sources. ; Information Security Department Lead is notified, and Intake information is used to perform an initial analysis: ; (1) determine whether the occurrence is an actual “Incident” as defined in our documentation; (2) preliminarily classify the prioritisation level of the Information Security Incident based upon the guidelines. ; A report containing the following areas is produced following an event:; -Analysing the root cause of the Information Security Incident to identify what, how and why it happened.; -Confirming remedial measures were taken.; -“lessons learned” from all parties.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Vipre are committed to operating sustainably and limiting any damaging effects our operations may have on climate change and biodiversity, even as our direct operations generate relatively insubstantial greenhouse gas emissions. As such, we have received validation of our science-based greenhouse gas emissions reduction targets from the Science Based Targets initiative (SBTi), a partnership between the CDP, the United Nations Global Compact, World Resources Institute, and the Worldwide Fund for Nature. ; ; Vipre values remote work and flexibility, with many positions offering the potential for entirely remote or hybrid schedules. We are committed to reducing the energy used in our operations relative to the size of our company. This includes actions to reduce office space, locate offices in energy-efficient buildings where possible, and use alternative or renewable energy technologies and sources where practical. ; ; Our Environmental Policy extends to our supply chain, with the aim to include them in our environmental management goals and initiatives. We aim to work with vendors who share our beliefs and adhere to best practices. When feasible, vendors are required to comply with our Environmental Policy or adopt similar policies. ; ; To achieve Net Zero targets by 2050, we plan to perform an annual GHG inventory process, assured by an independent third-party, to measure our GHG emissions. We aim to provide transparency on our climate change efforts by responding annually to CDP. We also plan to continue efforts to reduce emissions generated in our operations, integrate environmental risk evaluation criteria into the due diligence process for mergers and acquisitions, work closely with largest suppliers and vendors, encourage employees to engage in sustainability efforts, and educate employees on being more sustainable in their everyday lives.

  Covid-19 recovery

  During the global pandemic, we made no COVID-19 related redundancies and ensured that employees remained gainfully employed, thereby supporting people and communities to manage and recover from the impacts of COVID-19. ; ; To provide both physical and mental support, we offer a number of wellness initiatives to employees affected by COVID-19. These supports are provided through private healthcare provision. ; ; To support the COVID-19 recovery effort, Vipre has implemented improvements in workplace conditions. This includes enabling all employees to move to remote or hybrid working depending on personal requirements. Additionally, our offices maintain full employee trackers for use within office locations, allowing for effective communication if anyone displays symptoms.

  Tackling economic inequality

  Vipre’s Code of Business Conduct and Ethics expresses our commitment to stand against discrimination in all its forms, including on the basis of race and sexual orientation. We remain steadfast in our commitment to supporting racial equity by promoting our DEI values through our platforms, and utilising our financial and technological resources in our local communities. ; ; Vipre are committed to having a positive impact on the communities where we live and work. Through our global charitable giving platform, employees can organise their own events and sign up for others — virtual or in-person — to volunteer on their own or with their colleagues. This global platform helps amplify events and streamline sign-ups for volunteering initiatives. Many initiatives have been present within our business units for years. The platform also raises awareness of opportunities for employees to donate their time and talents to organisations that help our local communities. ; ; Vipre volunteer with organisations making a difference via our ZD Cares program, which consists of: ; ; Volunteer Time Off, a policy that gives full-time employees 16 hours and part-time employees eight hours of annual paid time off to volunteer with organisations of their choice. ; ; Charitable giving, including an employee matching gift program and the Dollars for Doers program rebranded as “Donations by Doing,” gives employees donation dollars for every hour they volunteer their time. ; ; Employee Assistance Fund provides relief to employees experiencing unexpected financial hardship resulting from the impact of federally qualified, natural and other disasters as well as other personal hardships.

  Equal opportunity

  Vipre is committed to providing a supportive and inclusive environment that helps employees achieve their career goals. Our human capital management policies and initiatives demonstrate our commitment to equal opportunity, fair labour practices, competitive compensation and benefits, fostering diversity and inclusion in the workplace, and supporting employees’ personal development through training and education. ; ; Our Code of Business Conduct and Ethics highlights our commitment to providing equal employment opportunities to all qualified persons. Our policies include recruiting, hiring, transferring, promoting, and compensating employees based on qualifications, ability, and merit, without regard to any protected characteristics. ; ; Further to this, Vipre has a zero-tolerance approach to modern slavery and is committed to acting ethically and with integrity in all business dealings and relationships. We are committed to implementing and enforcing effective systems and controls to protect against modern slavery in our own business or supply chain. ; ; We are also committed to ensuring transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the Modern Slavery Act 2015.

  Wellbeing

  Within our Health and Wellbeing Initiatives, Vipre offers comprehensive health insurance coverage with multiple medical plans. In 2023, we paid 82% of health insurance costs in some regions and our programs include matching contributions in Health Savings Accounts. Our programs also feature low co-payments or deductibles on both primary and mental health care, 100% free telemedicine services including mental health for employees who participate in select medical plans, and concierge support for questions regarding employee benefits. ; ; Vipre provides financial support to charitable organisations and non-profits focused on important issues impacting our communities, including education, food insecurity, health and wellbeing, and the environment. We also develop innovative programs using our digital media and internet platforms to provide individuals and organisations with valuable resources and tools to help improve the lives of vulnerable people. ; ; Our company and its employees recognise the importance of volunteering time to support local organisations that are making a difference in your communities. We have a Volunteer Time Off policy with full-time employees given 16 hours of paid time off annually and part-time employees given eight hours to volunteer with organisations of their choice.

Pricing

• Price: £250 a transaction a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free 14 day trial actioned via link sent to client from our account management or support team

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.babbs@vipre.com. Tell them what format you need. It will help if you say what assistive technology you use.