Stannp Hybrid Mail

Stannp Direct Mail Platform

Stannp.com offer a SaaS web based solution to direct mail; offering companies a fully digital, integrated solution to their direct mail needs. With over 30 years experience in printing and mailing, our online platform has thousands of active customers, serviced through our capacity to mail over 50 million items annually.

Features

  • Same Day Delivery
  • Granular Reporting
  • Custom Printing and Multiple Mailing Formats
  • Intergrated Platform Mail Tracking
  • Dedicated Account Management
  • Unlimited Users
  • Data Cleaning
  • Web Based Access
  • Supports API programmatic access

Benefits

  • No volume commitment
  • Only pay for what you mail
  • Web based- can be accessed on the move
  • Simple pricing structure and volume discounts
  • International mailings
  • Free support and technical assistance
  • ISO9001 Quality Standard customer support
  • No minimum commitment

Pricing

£0.31 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorien@stannp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 7 0 0 9 3 4 2 7 2 3 0 5 2 7

Contact

Stannp Hybrid Mail Lorien Hamilton
Telephone: 01271 344507
Email: lorien@stannp.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
  • Internet Connection
  • Web Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
30 minute initial response time Monday to Friday 9am-5pm.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Automated testing
Onsite support
No
Support levels
All clients receive the same level of support at no additional cost.

We provide a full support service as standard to all clients which includes;
Online and offline downloadable documentation.
Tutorial videos.
Downloadable templates.
Live web chat support.
Email support.
Telephone support.

Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All service users have their own unique login. our web wizard guides all users through campaign creation; a new user can go from sign up to print read campaign in just a few minutes.

We provide online training via webchat, support via email and telephone, and a comprehensive suite of user documentation, FAQs, videos and downloadable templates.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users are able to directly downloadable their data from our platform at anytime.
Users retain full control of their data within our system, and can amend, download or delete individual records or all of their data as required.
End-of-contract process
At not additional cost, data will be destroyed inline with our data protection Procedures (available upon request) and ISO27001 guidelines.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile service is identical to desktop service (within the constraints of the capabilities and screen resolution of the device being used).
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Web browser login
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Accessible via any standard browser
API
Yes
What users can and can't do using the API
Our APIs provide programmatic access to your Stannp account. Things like configuring campaigns, feeding data and triggering mail pieces to be dispatched can all be achieved using simple yet secure HTTP requests.

We also offer webhook capabilities. Webhooks allow you to subscribe to events that happen within the Stannp Direct Mail platform. We will send a HTTP POST request to the webhook’s configured URL. Webhooks can be used to update any external software or notify you on key events such as the day a mailpiece is expected to be delivered.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Any part of your Direct Mail campaign can be customised by the user on the Stannp.com platform. Text & Images can be added as variable data and dynamically populated in your mail piece, giving full personalisation of your content.

Design features of the mail piece (font, colour, size, etc.) can also be customised within our campaign wizard.

Scaling

Independence of resources
Stannp's cloud based platform was designed from the start with high volumes of simultaneous user access in mind; the system capacities are designed to manage and operate whilst large volumes of users are accessing the system.

We actively monitor system resources and resource utilisation, and can load balance and scale responsively based on user demand.

Analytics

Service usage metrics
Yes
Metrics types
The Stannp platform has a reporting section in the dashboard which displays a summary of campaigns and items that have been dispatched. The reports can be drilled down to an individual mail piece level to see the status of each item.

Audit trails can also be viewed and exported for user activity within the platform.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Stannp is accredited annually to ISO 27001.
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All data can be exported on demand from the online dashboard if the user account has the correct authorisation role.

Data can be filtered and searched before exporting. Data exports include recipient data, campaign reports and billing. Any other data that we may hold can be requested.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • Xlsx
  • Word
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Stannp uses third party service status monitoring to report the availability of our services. We are cloud based and have load balanced systems in place to ensure maximum service uptime, even during upgrade periods. Our SLA states we our service availability remains above 99%.
Approach to resilience
Available on Request
Outage reporting
If the service is partially degraded we will include a notification message within our dashboard. We also have a public service status reporting page which is hosted by a third party. We also have API end points to determine the current availability status.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Username and password
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
5th May 2019
What the ISO/IEC 27001 doesn’t cover
No out of scope activities
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Barclaycard Data Security Manager
PCI DSS accreditation date
29/06/2018
What the PCI DSS doesn’t cover
Nothing relevant to this service
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Stannp's policies and processes are in line with our ISO 27001 accreditation.

IS policies and processes include;
- Information Security Policy
- Access Control Policy
- Password Policy
- Virus & Malware Policy
- Application Security Policy
- Vulnerability Assessment Policy
- Information Security Education & Awareness Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We develop in an agile fashion, so we are constantly upgrading the platform with minor feature improvements. It’s common the platform will see weekly production upgrades. Before the upgrades happens, any code changes are automatically tested with our rigorous unit and integrations test suite which ensures we avoid any breaking changes or security vulnerabilities. Software upgrades happen in the cloud without any service disturbance.

The development revision history is maintained in GitHub which stores information on whether each code commit has passed unit tests and has been reviewed to adhere to our standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have internal vulnerability process in pace to maintain our ISO27001 and ISO9001 certifications. Penetration tests are scheduled to run every month on the platform by third party security experts Qualsys. Reports are produced with categorised and scored items that may have been found. All high risk vulnerabilities are acted upon immediately to patched and fix. A rescan is scheduled for proof of the fix.

When developing new software we have code standards and automated unit tests and security alerts in place to mitigate introduction of any new vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A firewall protects all access to our servers apart from public facing ports. Stannp use a service which monitors server logs for any suspicious activity such as failed login attempts or URL scanning for popular vulnerabilities. In the event anything being flagged the client is immediately blocked and notification is made to the information security managers. The information security managers assess the risk and allocates the need an urgency to act.
Incident management type
Supplier-defined controls
Incident management approach
Stannp have a predefined incident management policy with a separated GDPR data breach notification plan and a disaster recovery plan.

Users can easily report incidents using directly to account managers or using traditional contact methods including email, tickets or phone.

Staff have been well trained on how to report incidents to the information security managers.

Information security managers assess the incident report and it's risks using predefined metrics. Detailed incident reports are discussed and emailed to any users affected and the ICO if required.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Covid-19 recovery

Covid-19 recovery

Lead by our Human Resource Manager, our organisation makes ongoing changes to working arrangements during the COVID-19 pandemic, such as changes to government guidance or employees' circumstances.
Equal opportunity

Equal opportunity

Our policy is to create an environment in which individual differences and the contributions of all our staff are recognised
and valued.

• Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.

• Training, development and progression opportunities are available to all staff.

• To promote equality in the workplace which we believe is good management practice and makes sound business sense.

• We will review all our employment practices and procedures to ensure fairness.

• Breaches of our equality policy will be regarded as misconduct and could lead to disciplinary proceedings.

• This policy is fully supported by senior management and has been agreed with trade unions and/or employee representatives.
Wellbeing

Wellbeing

We provide occupational therapy support when an employee is off sick for a long time or is returning from sickness absence.
We employee a Health & Safety Executive who helps deliver the organisations responsibility for for our employees' health, safety and wellbeing – both when they are in the workplace and when they work remotely.

Pricing

Price
£0.31 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Account set-up, user set-up, document testing,data upload, training materials and user guides are all included in the free trial.

We provide all new sign-ups with a free £2 credit for a trial send at no cost to the user. There is no time limit on the free trial.
Link to free trial
https://www.stannp.com/register?source=referral-GovUK-Gcloud

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorien@stannp.com. Tell them what format you need. It will help if you say what assistive technology you use.