DATAGRAPHIC DIGITAL MAIL
We provide a secure application to generate personalised, omnichannel communications from any data source or format.
It allows users to automate print and online channel delivery options with client visibility and reporting at all stages. We use rules-based processing to deliver scalable print, email and SMS to achieve immediate savings.
Features
- Secure cloud-based document service, data transfer via API, SFTP
- Highly configurable document composition service accepting all data formats
- Integration into print workflows from existing systems/data
- Upload data once for print, emails, web pages or SMS
- Real-time MI at production and measurement of open/response rates
- Automated print delivery for unread online communications
- Consolidate different letters for the same recipient into one envelope
- Automate workflows, add selective inserts and enclosures
- Automated mail sortation and real-time address checking to increase deliverability
- Supports Accessibility formats
Benefits
- Target customers in specific formats/channels for better response rates
- Deliver immediate ROI – no capital spend or license fees
- Highly auditable process: full traceability from upload to completion
- Gain postal cost reductions from consolidated mail
- Improve address quality of data, helping documents reach recipients
- Convert costly stock types into a white paper solution
- Reduce risk of data breaches, reputational damage and compliance fines
- IT Light - no spend required on altering existing data
- Supports digital transformation agenda and transition to omnichannel communications
- Dedicated and experienced UK based account management team
Pricing
£0.02 to £0.54 a unit
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 0 6 3 5 5 4 1 1 2 4 8 7 5 6
Contact
DATAGRAPHIC LIMITED
Glyn King
Telephone: 01246 543000
Email: gking@datagraphic.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
Digital Mail provides a production service extension to any document or data producing software. The cloud service allows a link between any existing document output/printing services and our managed digital mail service.
No additional software is required as it's a standalone system that clients upload to manually via print driver/SFTP/API/HSCN. - Cloud deployment model
- Private cloud
- Service constraints
- There are no constraints, service is not limited to specific hardware of software configurations.
- System requirements
- Data must be sent via secure transmission method (e.g. SFTP)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Average ticket response time is within 2 hours during business hours and the same for weekends. Out of hours and weekend support can be provided at an additional cost, which is detailed in the attached SFIA card.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
You will be provided with a dedicated technical account manager who will be responsible for ongoing support and maintenance service updates. All support is provided by an experienced, UK based team. In addition, a service support desk is manned at Datagraphic between 8.30a.m. to 5.30pm. Monday to Friday at no additional cost. Our average response time for support calls is under one hour and our average response time for email support requests is 2 hours.
Datagraphic will publish a list of key contacts as part of Service Level documentation and detail roles and responsibilities within the support structure. This list will provide primary and secondary contacts in addition to escalation and out of hours/emergency contact details.
If additional support is required, this can be provided at an additional cost as part of a bespoke support package. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The service consists of two phases: implementation and live production.
Implementation
• Client Meeting
A meeting is organised to introduce buyer to dedicated account manager. Datagraphic listen to what the buyer requires including any desirables.
• Project Brief
Client supplies test data for their jobs over a secure data transfer such as SFTP or API. Upon receiving data, a job specification is provided which maps out the technical and production workflows of the job.
Approval is required of this prior to development, to ensure that clients requirements have been correctly interpreted.
• Development and initial proofing
Our document architects create initial programming proofs for review. This enables buyer to retain control and visibility of output. Amendments from clients are also made at this stage with approval required on final development proofs.
• Go Live
When all our internal testing and sign off checks are complete Datagraphic will ask for buyer to sign off first live files sent from client.
Live production
Buyers project can now run effectively. On going support will provided to buyers throughout the contract which includes Quarterly and Annual reviews, as well as online video and conference calls when needed for any new or change requests. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Datagraphic comply fully with the GDPR’s right to data portability.
To extract data at the end of the contract, Datagraphic will always work closely with Data Controllers to supply their data back to them, when required, in an appropriate and mutually acceptable format. This will be handled in coordination with the technical account manager.
Datagraphic specialise in Data transformation and manipulation. This speciality lies at the heart of our ability to provide secure multimedia / format communication solutions.
Datagraphic pride themselves on their ability to interpret and represent data in a multitude of formats.
As such Datagraphic are able to provide assurances that respective data can always be returned, when required in a format as required by a Data Controller. - End-of-contract process
- The secure return of any Client data and the disposal of data that is not required is included in the price. Through a dedicated single point of contact, Datagraphic work closely with Clients from the initial transfer meeting. The transfer plan will cover the following areas in respect of both parties; • The allocation of personnel to assist in the transition of services • Reporting channels • Liaison between Datagraphic and new provider • Responsibilities for approval of transfer project documentation • Escalation procedures In addition, both parties will agree that the transfer plan shall cover each party’s responsibilities for the provision of services; • Up to and on the termination date • During any parallel provision of services • During the hand back period after the termination date Responsibilities and obligations during transfer of; • Operational documents, including customer records, artwork and addresses • Purchasable relevant surplus stock. Datagraphic advise clients of the status throughout the process until the transfer.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- If e-delivery options are required notifications can be sent either via SMS or secure PURL which can be opened via any mobile device.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
-
Submission of PDF data via the API will allow your operating system to interface directly with our Digital Mail systems.
Users can perform most posting and tracking actions via the API service for completely automated production. Documents can be uploaded to the system via the API and a document status retrieved for any uploaded document giving a real time update on where the document is within production. Statuses can be requested by individual references or as a batch. There are limitations on how users can set up or make changes through the API which are defined by our security protocol and policies. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Buyers can easily customise this service to meet individual and client requirements. Datagraphic can work with buyers, taking existing data and reformatting current templates to achieve a more brand leading, aesthetically pleasing document.
Clients can choose how each document is printed in colour/ mono, simplex/ duplex and on what stock. This includes, but is not limited to, white paper, letterheaded stock, cheque stock, pressure seal and perforated paper. Envelope types can also be customised. Letters for the same recipient within different data sets can be consolidated or production of the run can be staggered according to customer requested timelines. If the mailing is deadline driven an appropriate production method can be automatically chosen based on proximity to the receipt of data.
Personalised enclosures can be included and can be customised dependant on a flag within the client data. Datagraphic can also assist with the design and supply of enclosures. Buyers can request for certain records within the data to be automatically suppressed or produced via Accessibility channels such as Braille or Large Print.
Buyers can also request to transform communications for secure email and SMS, providing a multi-channel experience for recipients but automatically triggering print if digital items remain unopened.
Scaling
- Independence of resources
- Our Digital Mail system is designed to load balance to ensure that users are not affected by overall high demand on the service. We operate a multi server platform to cater for this. We have a separate server for the front end, which is where the users would interface when uploaded, a separate server for the automation system that runs the processing of the uploads and creates output and meta data and another database server that handles all of the logging, tracking and archive of the system.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Reports can be sent at each stage of the service cycle from point of receiving data, to job being completed in production. Reports can detail, but not exclusive, to the following:
• Confirmation file has processed successfully
• Filenames
• Record quantity
• Number of suppressions
• Number of items mailing 1st or 2nd class
• Date to despatch
Metrics are also provided on Service Level Agreements and KPI’s to ensure on-time delivery and create transparency in the performance to the buyer. These are provided at quarterly and annual reviews or can be available on request. - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Other
- Other data at rest protection approach
- Physical access strictly controlled. Proximity-based access control system in operation. Staff access levels are role-based and granted on principal of least privilege. • Variety of encryption methods used based appropriateness of each relevant to situation. • Database fields for web-facing systems are encrypted, where feasible. • Company laptops & phones encrypted at system level, removing the risk of loss of confidentiality from lost or stolen laptops. • Anti-Virus/Anti-Malware software in place throughout • Heavily restricted Internet access. Only Business required and approved websites from our production networks. • Vulnerable endpoints, USB, CDs and Wi-Fi etc, are disabled through software.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Pre-configured push reports for exporting data or subsets of data will be agreed with the buyer at implementation stage.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- TXT
- XLS
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XLS
- PIP
- CSV
- HTML
- XML
- MICROSOFT WORD
- TEXT
- ZIP FILES
- PCL
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- The service is available 24/7/365 days of the year on dedicated servers with a 99.7% uptime SLA. Users are always pre-notified of any down-time and we can agree service credits in the unlikely event of not meeting guaranteed levels of availability.
- Approach to resilience
-
Datagraphic have developed controls to address threats to the following business continuity scenarios:
• Server Hardware Failure
• Internet Connectivity Failure
• Network Failure
• Cooling Failure
• Electrical Supply Failure
• Production Device Failure
• Key Staff Unavailability
We continually invest to ensure critical systems and processes are resilient to failure. Investments to date include backup information processing facilities, associated technology and the skills required to enable resilience in the event of Business Continuity invocation.
Wherever feasible we’ve eliminated single points of failure, examples include:
• Eliminating single points of failure from IT Infrastructure
• Fully virtualising IT Infrastructure
• Daily system level backups of IT systems
• Multiple, diverse, Internet connections
• High Availability, High Capacity Network
• Two separate server rooms at main site
• Data rooms with resilient climate control systems
• Business-critical systems replicated to disparate hardware
• On-site maintenance staff that routinely service and maintain equipment
• On-site spares for all critical systems
• Critical systems protected from power loss by UPS
• On-site diesel generator keeps core services running during mains power failure
• Cross training key staff and recording procedural details - Outage reporting
- Email alerts are sent prior to any scheduled downtime.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
-
We aim to disable all non-essential services on web facing systems.
Internet facing application servers are configured on a standard build. This is a ‘hardened’ build that has undergone penetration testing and security review.
• Default passwords for system accounts are changed
• Default system accounts are disabled where possible
Default passwords for all hardware such as routers, firewalls and switches are changed. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
- Datagraphic operate a centralised Active Directory based authentication controls. System Administration is based on unique user accounts representing a small subset of users.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus ISOQUAR (UKAS accredited)
- ISO/IEC 27001 accreditation date
- 11/05/2006
- What the ISO/IEC 27001 doesn’t cover
-
Datagraphic is certified to the latest ISO 27001:2013 standard. An ISO 27001 certification has been held by Datagraphic every year since 2006.
The entire business is within the scope of the certification. The certificate is awarded by a UKAS approved accreditation body.
Datagraphic’s ISO 27001 reference number is: 2992.
At the heart of ISO 27001 lies the requirement for holistic Risk Assessment.
Based on Risk Assessments, controls have been implemented to reduce and mitigate risks associated with threats to the Confidentiality, Integrity and Availability of Information processing facilities.
• Confidentiality - ensuring that access to information is appropriately authorised
• Integrity - safeguarding the accuracy and completeness of information and processing methods
• Availability - ensuring that authorised users have access to information when they need it - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials
- Cheque & Credit Clearing Company - C&CCC Standard 55
- ISO 9001:2015
- ISO 14001:2015
- Xerox Premier Partner
- NHS IG Toolkit
- ISO 50001:2018
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Our sites are developed to banking standards with all document data being processed, printed and hosted at secure UK ISO27001 accredited facilities. The minute-critical documents we send include sensitive personal and financial data, requiring robust and secure processes and infrastructure.
The information security policies and processes we follow include ISO 27001 audited security policies including (but not limited to): Information Security Policy, Physical Security & Asset Management Policy, Information Security Training and Awareness Policy, GDPR & Data Protection Policy, Compliance Statement, Business Continuity and Disaster Recovery Policy, Secure Systems Engineering Principals Policy, Recruitment and Screening Policies and organisational structure.
All Datagraphic employees are required to annually sign non-disclosure and confidentially agreements along with the Information Security Policy. This is done alongside Information Security Training to acquaint staff with company policies, their responsibilities relative to them and any security procedures relevant to their work. Employees are trained on our detailed incident management process and told to report any potential or suspected security events or suspected security weaknesses to the CISO or their line manager.
Clients are also given a copy of our reporting structure as part of the standard onboarding process with descriptions of event classification, escalation protocol and contact details.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
All change requests are recorded and reviewed by the relevant expert authorities and Business Process owners before, if appropriate being implemented. Risk Management, Back Out or Change Reversal plans are always considered before implementation of significant change requests.
We carefully choose when to implement change and how to then test that change has been successful. Our aim is to minimise disruption to our services when implementing change.
Change and version control mechanisms are in place and provided by a concurrent versioning system or “source safe”. This enables branching and concurrent development to occur in an efficient and safe manner. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
CST (Continuous Security Testing) is performed against Datagraphic’s entire internet facing digital estate. As opposed to a one-off assessment, CST is a continuous assessment of Datagraphic’s online assets. Regular vulnerability scanning is essential to maintaining a strong security posture.
Results are collated, and fixes prioritised by our Information Security function, prior to implementation by development teams. We then retest to ensure remediation.
Patches applied ASAP during set operational hours, with appropriate technical staff available to support implementation.
Datagraphic are informed of High vulnerabilities as a priority by our dedicated security experts. Lower impact vulnerabilities are supplied through a monthly report. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
To identify potential compromises, CST (Continuous Security Testing) is performed against Datagraphic’s entire internet facing digital estate. As opposed to a one-off assessment, CST is a continuous assessment of Datagraphic’s online assets, which is essential to maintaining a strong security posture.
When responding, results are collated, and fixes prioritised by our Information Security function, prior to implementation by development teams. We then retest to ensure remediation.
Patches are applied ASAP to vulnerabilities during set operational hours, with appropriate technical staff available to support implementation.
User account activity is monitored, abnormal activity is flagged and reviewed by our Information Security team. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have pre-defined processes for common events, and our Incident Management process includes:
• Contact Data-Controller: Communicate incident details to customer without delay.
• Breach Remediation: Implement suitable protective controls.
• Residual Risk Evaluation: Review controls implemented for potential residual risk.
• Contact 3rd Party Specialist: Depending on nature of breach, it may be necessary to involve 3rd Party Specialist Information Security consultants (in consultation with affected parties).
Users can contact their Account Manager, to report a potential or suspected breach, our CISO will be made aware.
An incident report will be completed and made available to the affected parties.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
The climate crisis we’re all facing is so dire that being carbon-neutral doesn’t go far enough. We believe, that if you aren’t solving the problem, you still have a problem.
Environmental considerations and energy management sit at the heart of our organisation. Certification to the Environmental Management System ISO 14001 and the Energy Management System ISO 50001 show our commitment is more than just words.
Being sustainable is paramount to us. All paper used in production is FSC sustainably sourced. Offsetting our carbon footprint, using carbon credits and planting trees in the community are also steps in the right direction, but only the start.
We’ve developed a robust science-based carbon reduction strategy with a target of being net-zero by 2040 (Scope 1 & 2 in our operations by 2035) and carbon-negative after that. Using the Green House Gas (GHG) Protocol we are measuring Scope 1, Scope 2 and Scope 3 emissions. Only by doing this and working closely with our supply chain partners, can we find effective solutions for reducing the impact of CO2 emissions connected to our work.
By working with us, you can be assured you’re partnering with a Climate Aware company that is committed to being carbon-neutral well before the Government target of 2050. We welcome you to join us in realising this commitment. And know you will share our passion for showing the positive contribution organisations can make to work more sustainably for the benefit of people and our planet.
Pricing
- Price
- £0.02 to £0.54 a unit
- Discount for educational organisations
- No
- Free trial available
- No