Stannp Hybrid Mail

Stannp Direct Mail Platform

Stannp.com offer a SaaS web based solution to direct mail; offering companies a fully digital, integrated solution to their direct mail needs. With over 30 years experience in printing and mailing, our online platform has thousands of active customers, serviced through our capacity to mail over 50 million items annually.

Features

• Same Day Delivery
• Granular Reporting
• Custom Printing and Multiple Mailing Formats
• Intergrated Platform Mail Tracking
• Dedicated Account Management
• Unlimited Users
• Data Cleaning
• Web Based Access
• Supports API programmatic access

Benefits

• No volume commitment
• Only pay for what you mail
• Web based- can be accessed on the move
• Simple pricing structure and volume discounts
• International mailings
• Free support and technical assistance
• ISO9001 Quality Standard customer support
• No minimum commitment

£0.31 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorien@stannp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

570093427230527

Contact

Lorien Hamilton
01271 344507
lorien@stannp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Internet Connection
  • Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 minute initial response time Monday to Friday 9am-5pm.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Automated testing
• Onsite support: No
• Support levels: All clients receive the same level of support at no additional cost.; ; We provide a full support service as standard to all clients which includes;; Online and offline downloadable documentation.; Tutorial videos.; Downloadable templates.; Live web chat support.; Email support.; Telephone support.; ; Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All service users have their own unique login. our web wizard guides all users through campaign creation; a new user can go from sign up to print read campaign in just a few minutes.; ; We provide online training via webchat, support via email and telephone, and a comprehensive suite of user documentation, FAQs, videos and downloadable templates.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users are able to directly downloadable their data from our platform at anytime. ; Users retain full control of their data within our system, and can amend, download or delete individual records or all of their data as required.
• End-of-contract process: At not additional cost, data will be destroyed inline with our data protection Procedures (available upon request) and ISO27001 guidelines.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service is identical to desktop service (within the constraints of the capabilities and screen resolution of the device being used).
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web browser login
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessible via any standard browser
• API: Yes
• What users can and can't do using the API: Our APIs provide programmatic access to your Stannp account. Things like configuring campaigns, feeding data and triggering mail pieces to be dispatched can all be achieved using simple yet secure HTTP requests.; ; We also offer webhook capabilities. Webhooks allow you to subscribe to events that happen within the Stannp Direct Mail platform. We will send a HTTP POST request to the webhook’s configured URL. Webhooks can be used to update any external software or notify you on key events such as the day a mailpiece is expected to be delivered.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Any part of your Direct Mail campaign can be customised by the user on the Stannp.com platform. Text & Images can be added as variable data and dynamically populated in your mail piece, giving full personalisation of your content.; ; Design features of the mail piece (font, colour, size, etc.) can also be customised within our campaign wizard.

Scaling

• Independence of resources: Stannp's cloud based platform was designed from the start with high volumes of simultaneous user access in mind; the system capacities are designed to manage and operate whilst large volumes of users are accessing the system.; ; We actively monitor system resources and resource utilisation, and can load balance and scale responsively based on user demand.

Analytics

• Service usage metrics: Yes
• Metrics types: The Stannp platform has a reporting section in the dashboard which displays a summary of campaigns and items that have been dispatched. The reports can be drilled down to an individual mail piece level to see the status of each item.; ; Audit trails can also be viewed and exported for user activity within the platform.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Stannp is accredited annually to ISO 27001.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All data can be exported on demand from the online dashboard if the user account has the correct authorisation role. ; ; Data can be filtered and searched before exporting. Data exports include recipient data, campaign reports and billing. Any other data that we may hold can be requested.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls
  • Xlsx
  • Word
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Stannp uses third party service status monitoring to report the availability of our services. We are cloud based and have load balanced systems in place to ensure maximum service uptime, even during upgrade periods. Our SLA states we our service availability remains above 99%.
• Approach to resilience: Available on Request
• Outage reporting: If the service is partially degraded we will include a notification message within our dashboard. We also have a public service status reporting page which is hosted by a third party. We also have API end points to determine the current availability status.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 5th May 2019
• What the ISO/IEC 27001 doesn’t cover: No out of scope activities
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Barclaycard Data Security Manager
• PCI DSS accreditation date: 29/06/2018
• What the PCI DSS doesn’t cover: Nothing relevant to this service
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Stannp's policies and processes are in line with our ISO 27001 accreditation.; ; IS policies and processes include;; - Information Security Policy; - Access Control Policy; - Password Policy; - Virus & Malware Policy; - Application Security Policy; - Vulnerability Assessment Policy; - Information Security Education & Awareness Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We develop in an agile fashion, so we are constantly upgrading the platform with minor feature improvements. It’s common the platform will see weekly production upgrades. Before the upgrades happens, any code changes are automatically tested with our rigorous unit and integrations test suite which ensures we avoid any breaking changes or security vulnerabilities. Software upgrades happen in the cloud without any service disturbance.; ; The development revision history is maintained in GitHub which stores information on whether each code commit has passed unit tests and has been reviewed to adhere to our standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have internal vulnerability process in pace to maintain our ISO27001 and ISO9001 certifications. Penetration tests are scheduled to run every month on the platform by third party security experts Qualsys. Reports are produced with categorised and scored items that may have been found. All high risk vulnerabilities are acted upon immediately to patched and fix. A rescan is scheduled for proof of the fix.; ; When developing new software we have code standards and automated unit tests and security alerts in place to mitigate introduction of any new vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: A firewall protects all access to our servers apart from public facing ports. Stannp use a service which monitors server logs for any suspicious activity such as failed login attempts or URL scanning for popular vulnerabilities. In the event anything being flagged the client is immediately blocked and notification is made to the information security managers. The information security managers assess the risk and allocates the need an urgency to act.
• Incident management type: Supplier-defined controls
• Incident management approach: Stannp have a predefined incident management policy with a separated GDPR data breach notification plan and a disaster recovery plan.; ; Users can easily report incidents using directly to account managers or using traditional contact methods including email, tickets or phone.; ; Staff have been well trained on how to report incidents to the information security managers.; ; Information security managers assess the incident report and it's risks using predefined metrics. Detailed incident reports are discussed and emailed to any users affected and the ICO if required.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Lead by our Human Resource Manager, our organisation makes ongoing changes to working arrangements during the COVID-19 pandemic, such as changes to government guidance or employees' circumstances.
• Equal opportunity:

  Equal opportunity

  Our policy is to create an environment in which individual differences and the contributions of all our staff are recognised ; and valued.; ; • Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; ; • Training, development and progression opportunities are available to all staff.; ; • To promote equality in the workplace which we believe is good management practice and makes sound business sense.; ; • We will review all our employment practices and procedures to ensure fairness.; ; • Breaches of our equality policy will be regarded as misconduct and could lead to disciplinary proceedings.; ; • This policy is fully supported by senior management and has been agreed with trade unions and/or employee representatives.
• Wellbeing:

  Wellbeing

  We provide occupational therapy support when an employee is off sick for a long time or is returning from sickness absence.; We employee a Health & Safety Executive who helps deliver the organisations responsibility for for our employees' health, safety and wellbeing – both when they are in the workplace and when they work remotely.

Pricing

• Price: £0.31 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Account set-up, user set-up, document testing,data upload, training materials and user guides are all included in the free trial. ; ; We provide all new sign-ups with a free £2 credit for a trial send at no cost to the user. There is no time limit on the free trial.
• Link to free trial: https://www.stannp.com/register?source=referral-GovUK-Gcloud

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorien@stannp.com. Tell them what format you need. It will help if you say what assistive technology you use.