QUADIENT UK LIMITED

MailCentral

MailCentral is a 'best of breed', non proprietary middleware platform that enables your desktop, departmental and/or corporate applications to seamlessly integrate with your preferred digital communication channels such as SMS, email, web portal and App without changes to existing formats or workflow.

Features

• Inhouse or outsourced Hybrid Mail (Non-Proprietary solution)
• Integrated Customer (Patient Portal)
• Email and Secure Email Integration
• Interactive (two-way) SMS
• Non Proprietary Middleware
• Intuitive simple user interfaces
• Detailed Management reporting for auditability and compliance
• Detailed Track and trace capabilities (Detailed Audit Trail)
• Digitally transforms any printed (i.e. Physical) communication
• Intelligent workflows - least cost communications workflow

Benefits

• Dynamically publish on-line communications from any application
• Eliminates manual processes - delivering significant workplace efficiencies
• Delivers significant cost savings across all forms of communication
• Eliminates postage costs
• Maximises auditability and Compliance
• Simplifies Digital Transformation workflows
• Quick and Easy integration with your preferred digital platforms
• Centralises, optimises and digitises your outbound communications
• Simple, Accessible Self Serve implementation workflows
• Enhances your options to deliver a 'digital first' strategy

£10,000.00 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

574543157788058

Contact

Adam Smith
07725 826750
bids.uk@quadient.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office 365 and other cloud based applications
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements: Only requires download and installation of of desktop clients

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4 hours (excluding weekends)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We will provide a technical account manager for each customer to liaise and co-ordinate responses if required. Standard Support levels Severity 1 (Response 30 minutes, response 1 Day) - is usually when the problem is detrimental to the business and is impacting the business directly as a result of software, i.e.: if the business could lose a significant amount of money caused by whatever problem there may be. Severity 2 (Response 60 minutes, response 2 Days) - is usually if a server, network, application, database goes down which is causing a business impact to users and the business. Severity 3 - (Response 4 Hours, response 5 Days) - Where a bug is raised as part of the support process, Quadient will liaise with the development team and provide a synopsis of the problem within 2 working days and a proposed timescale for its resolution, within a reasonable time frame. Severity 4 (Response 4 Hours, No SLA) - Where issues are caused by non Quadient software or environments, some advice will be given and support offered, but with no guarantee of resolution
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users can download the MailCentral clients from the SaaS based service Training can be delivered on-site, remotely or through on line videos and tutorials. User guides, training documentation is delivered in a digital (PDF) format.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • PostMan
  • PDF
• End-of-contract data extraction: MailCentral provides simple export facilities enabling customers to extract their data when the contract ends
• End-of-contract process: Self Serve data extraction is provided in the price of the contract. Any consultancy or customised outputs will incur an additional cost

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The MailCentral User interface allows users to view manage and control the documents they have submitted and manage their associated digital workflows. The web interface provides detailed 'track and trace' capabilities for each document that is submitted. Full management reporting is available The interface offers multi level access rights enabling users access to be restricted based on pre-defined workflows.
• Accessibility standards: None or don’t know
• Description of accessibility: User can submit documents from virtually any application using a simple, intuitive print driver Users are then able to view, manage and control the documents they (or their workgroup have submitted) The system provides a detailed audit trail and feedback regarding how the document has been communicated (i.e. post, SMS. email, portal App etc) Full Administration and management interface for authorised users enabling simple set up and configuration of the system. Seamless integration with either our own or the customers preferred digital communication channels via documents API interfaces.
• Accessibility testing: User Interface has been implemented with due consideration of assistive technology
• API: Yes
• What users can and can't do using the API: Documents can be submitted via a simple API interface (rather than being printed or dropped into hot folders) The API interface provides a fully featured interactive gateway to all the standard MailCentral management reporting interfaces Integration with Active Directory, SAML and SSO Platforms
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The interface can be customised using your logo and details. The system can submit hybrid mail outputs to virtually any supplier on the CCS framework ensuring the technology is owned and managed by the customer (and not a third party) The API interfaces enable the customer to integrate the digital outputs with their preferred in-house or third party digital communication channels

Scaling

• Independence of resources: If required a server can be dedicated to a specific client ensuring the platform is both scalable and independent of other organisations transactional requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: MailCentral provides a fully integrated management reporting interface. MailCentral enables this data to be delivered in PDF or CSV format MailCentral reports on documents that have been submitted into the system per user, workgroup or department MailCentral details the time a document was submitted into the system and the time it was then output via the relevant physical (i.e. print and post) or physical channel MailCentral provides full closed loop reporting and details each document and whether it has been processed within the agreed SLA. MailCentral provides a simple intuitive dashboard with which to manage your digital transformation processes
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users are able to export their data using a simple reporting interface
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • PDF
  • Postscript
  • ASCII

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Servers are hosted in Azure Microsoft guarantee that API Management Service instances running in the Consumption Tier, Basic Tier, Standard Tier, and Premium Tier deployments scaled within a single region will respond to requests to perform operations at least 99.95% of the time
• Approach to resilience: Available on request
• Outage reporting: Email Alerts and Dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access in management interfaces and support channels is restricted by the 'roles' associated with each users login credentials
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SN Registrars
• ISO/IEC 27001 accreditation date: 08/06/2022
• What the ISO/IEC 27001 doesn’t cover: Scope of ISO27001 Accreditation: The development, sale and maintenance within the UK, of a suite of software which is primarily designed to automate the delivery of documents.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Results of annual penetration testing

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Documented in our ISO27001 policy - this can be made available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Documented in our ISO27001 policy - This can be made available on request
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Information from potential threats gathered from Anti Virus supplier, and development channels for each of the toolkits being implemented Ensuring toolkits and database engines are up to date Patches (if required) applied at least once every month
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Anti Virus Scans Vulnerability reporting Penetration testing Cyber Essentials plus accreditation If a potential compromise is identified, its severity is assessed and a plan of action put in place to mitigate or eliminate the risk. Any Incident regarding data is treated as a P1 and our SLA for an initial response is 30 minutes
• Incident management type: Supplier-defined controls
• Incident management approach: Documented as part of our ISO 27001 policies - available on request User report incidents via the on-line help desk Full and detailed incident reports are provided via the Job Ticket and as a specific physical document (if required)

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Quadient complies and pays the National Living Wage amount of £9.50 and above for all of its Employees. We also strongly encourage our suppliers to do the same.; Quadient UK Ltd is committed to acting ethically and with integrity in all its business relationships and has zero tolerance for modern slavery and human trafficking. As part of this commitment, we prohibit the use of forced, bonded (including debt bondage) or indentured labour, involuntary prison labour, slavery, or trafficking of persons and employment of children within our organisation and our supply chains; Quadient UK Directors and senior management shall take responsibility for implementing this policy statement and its objectives and shall provide adequate resources to ensure that slavery and human trafficking is not taking place within its organisation or within its supply chain.

Pricing

• Price: £10,000.00 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids.uk@quadient.com. Tell them what format you need. It will help if you say what assistive technology you use.