FDM Ltd

Hi-mail Hybrid Mail

FDM plc is one of the UK’s leading print and mail companies. Our hybrid mail solution, Hi-mail®, allows you to print & post all of your documents directly from your PC, Laptop, Smartphone or Tablet for up to 70% less than your existing print and postage costs.

Features

• Live Document Tracking
• Custom Print & Mailing Profiles
• Document Automation Flow
• Built in Document Library
• Same Day Mailing
• Document Archiving
• Dedicated Support Portal
• Group, Team and User Management
• Granular MI Reporting
• Brand & Document Control

Benefits

• Safe & secure data encryption
• Save up to 70% on your print and mailing costs
• No set-up costs - only pay for what you send
• Fully scalable for teams big and small
• Fully detailed, itemised reporting on a user-by-user basis
• NHS HSCN Approved
• Simple pricing structure and volume discounts
• Free support and technical assistance
• Built by industry experts for over 25 years
• Specialists in Local Government & Public Sector requirements

£0.37 to £1.25 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@fdmplc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

602228366124286

Contact

Iain Bloomfield
02070551600
info@fdmplc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Minimum system requirements: Windows XP / OSX Mountain Lion or above. Minimum 5mb Hard Disk Space
• System requirements:
  • Internet Connection required
  • PDF Viewer (Abode Acrobat or similar)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Average response times Mon - Fri = 18 minutes.; Average response times Sat - Sun = 30 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Live web chat has been tested by regular users with assisted technologies.
• Onsite support: Onsite support
• Support levels: We provide a fully featured support service as standard to all clients which allows users and administrators to access a range of technical support options including:; ; Online and offline documentation.; Live web chat services with a technical engineer or user support agent; Web support ticketing service; Email support ticketing service; Telephone support service; ; Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support. ; ; All clients receive the same level of support at no additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial account set-ups are completed by the Hi-mail support team with a range of onsite training, online training and user documentation options provided for all new accounts.; ; An initial consultation is undertaken with each new account to determine the best method of training solutions and then these are customised to suit each clients needs. ; ; These includes quick start guides, user guides and administrator guides in both PDF and online formats as well as an E-Learning suite of services that allow users to learn at their own pace whilst being guided through the key features of the software.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data can be extracted by Account Administrators using the built in user interface or by request from one of the Hi-mail Technical Engineers.
• End-of-contract process: At the end of a contract FDM will initiate our end of contract procedure in accordance with our Data protection Procedures and ISO27001 guidelines.; ; This process is managed by the clients dedicated Account Manager and ensures that all data is securely destroyed and documented.; ; In accordance with Principle Five of the Data Protection Act 1998, FDM ensures that all personal data, in any format is retained for no longer than necessary. All data classified as ‘Confidential’ (i.e all raw client personal data) is retained by FDM for a period of three months, after which it is deleted beyond recovery, unless specifically requested by the client to retain the data for a longer or shorter period.; ; Data that is classified as ‘Restricted’ is retained by FDM according to purpose and requirement. When managing all information classified as ‘Confidential’ or ‘Restricted’ on behalf of a client, the relevant FDM Client Account Manager is considered the ‘Data Owner’ and therefore responsible for it’s handling in accordance with this policy.; ; Data in both electronic and printed formats must be deleted or destroyed according to the schedule as outlined in our ISO27001 Data protection procedure policy which is available on request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The virtual print driver is only available on desktop devices. Users of mobile and tablet devices must use either the web-portal upload option or the network folder upload options unless connected to a remote working PC.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Hi-mail's service interface has been developed for users of all types and abilities to move easily through the order process with accessibility and simplicity at it's core. Simple and clear interfaces allow users to self manage their orders and for Group and Account Administrators to easily manage their users in a simple, yet powerful way. ; ; All interfaces have been designed to work on a range of devices, screen sizes and with the user of assistive technologies to enable all user types to be able to use the service efficiently.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Extensive interface testing is carried out with each new release of the Hi-mail software to ensure that all functionality is compatible with with WCAG standards. ; ; This includes testing Hi-mail on a variety of a screen sizes, font sizes, zoom levels, high contrast screen modes, alt-tagged images and tables and keyboard friendly browsing. ; ; Testing is carried out using a range of W3 org testing tools and the Web Accessibility Evaluation Tools List.
• API: Yes
• What users can and can't do using the API: The Hi-mail API allows users to submit documents automatically to the new hybrid system. The API can integrate with many 3rd party systems (e.g. Civica) and documents can be submitted, authenticated and configured directly via the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Administrators can customise a variety of features and accessibility options within the service for each user, account, sub-account or user group. ; ; Each user is also assigned a profile that can be customised to enable them to adjust the working interface of the software to their specific needs.

Scaling

• Independence of resources: The Hi-mail service has been built to be fully scalable and has sufficient measures built in to ensure that users are not impacted by increases or spikes in usage. These include a range of partitioned hybrid servers, dedicated high-speed fibre connections and scalable database architecture.

Analytics

• Service usage metrics: Yes
• Metrics types: The Hi-mail service monitors all account usage and a variety of reports can be exported at any time by users with sufficient administrative access.; ; More detailed server reports can also be requested from the Hi-mail Technical Support team as required.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All data can be exported from a variety of reporting functions within the software. Filtering and search features allow users to look up specific criteria of data from their account history and export these for local download.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • RTF
  • Word

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Hi-mail's uptime is monitored 24 hours a day using a 3rd party software monitoring service and is available to view online at any time. ; ; System availability is guaranteed at 99.9%.
• Approach to resilience: This information is available upon request.
• Outage reporting: Hi-mail is monitored 24 hours a day by 2 separate systems. Together these systems provide us with a range of downtime reporting services including:; ; Detailed email notifications; Publish Dashboard ; Log file recoding and notification system

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces and support channels are restricted to authorised personnel only. ; ; Users who require access to management interfaces must be requested and approved by a Hi-mail engineer or senior Account Manager who can then grant access. Access is then restricted by either VPN connection, 2-factor authentication or 3 part password system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BM Trada
• ISO/IEC 27001 accreditation date: March 2017
• What the ISO/IEC 27001 doesn’t cover: All operations are covered by ISO27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Accredited
• PCI DSS accreditation date: Re-accredited May 2018
• What the PCI DSS doesn’t cover: Nothing relevant to this service.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 22001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: FDM is fully accredited to ISO27001 standards and is regularly audited to ensure continued compliance. We are also accredited to Information Governance Toolkit level 2 and HSCN compliant.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: FDM's research and development process runs on a bi-annual basis and is governed by our data protection and ISO27001 and ISO9001 policies. Our change management process includes processes for new development testing, risk analysis and security considerations for each new development stage. This is then backed up detailed change log documentation which is made available to all clients at least 4 weeks prior to any new software deployments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: FDM's network and services are monitored by a third party security service that remotely apply all patches as soon as they become available ensuring that our services are kept up to date and protected from all potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: FDM's services are monitored 24/7 by a Cisco ASA firewall and threat defence system that logs and alerts us to all suspicious activity including (but not limited to) unknown or failed login attempts, failed network access attempts and suspicious IP address activity.; ; Our third party security monitoring partners also monitor our network 24 hours a day and have engineers on hand to deal with any potential threats or compromises within 30 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are assessed on potential data security and risk to service criteria. Users can report incidents using and of the document technical support methods and are then logged for future reporting. ; ; All incidents are then investigated within 30 minutes of initial notification for source and solution. Incident reports can be provided upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Fighting climate change:

  Fighting climate change

  As most UK authorities have declared a climate emergency and FDM being primarily a supplier to local authorities almost all (90%) of our contracts now have a commitment to help tackle the climate emergency. We are working with them to develop new ways of service delivery that put sustainable commitments to the forefront of our service delivery and investments decisions. FDM already has 1 electric delivery vehicle and our last remaining non-zero emission vehicle will be replaced within the next 12 months. We aim to only use suppliers where electric vehicle only deliveries are a commitment by 2025.
• Covid-19 recovery:

  Covid-19 recovery

  FDM software has been vital during the Covid-19 epidemic by ensure vital government communications can be sent out whilst staff work from home.
• Tackling economic inequality:

  Tackling economic inequality

  FDM has been an employer in the East London area since 1993. 80% of our staff live locally and we encourage staff to use sustainable modes of transport to travel to work. FDM actively engages with local employment agencies and employment programs and over the last year FDM has taken on a number of local staff on apprenticeship programs. As we grow as an organisation we will continue to employ more and more local people. FDM takes very seriously the role in the sustainability of the local community and working with local authorities which is a key strategic aim for us as an organisation.
• Equal opportunity:

  Equal opportunity

  FDM will continue to practice its policies and objectives on equal opportunities, diversity, labour standards, ethical trading and a healthy and safe workforce. FDM endeavours to ensure that its training philosophy and procedures offer its employees an equal opportunities environment in which to grow, and carries out six-monthly reviews to assess performance and address any issues in relation to the company’s policies.
• Wellbeing:

  Wellbeing

  The well being of all staff is fundamental to our operations and we offer all staff access to appropriate resources to ensure a healthy workforce.

Pricing

• Price: £0.37 to £1.25 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Initial account set-up, user set-up, document testing, document assessment, training materials and user guides are included in the free trial. There is no time limit on the free trial as all accounts are placed in 'Test mode' to allow you to trial the system for as long as needed.
• Link to free trial: https://www.fdmplc.com/hi-mail-sign-up-now/?source=G%20Cloud%2010

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@fdmplc.com. Tell them what format you need. It will help if you say what assistive technology you use.