RMail: Email Security, Privacy and Compliance
RMail® harmoniously integrates into any existing security stack, complementing it with enterprise-grade privacy, security, and compliance functionalities. Our flexible deployment options allow organizations to automate feature combinations at the server level, as well as in the inbox, with out-of-the-box integrations for common business tools like Microsoft Outlook, Salesforce, and more.
Features
- Registered Email™: Tracks and proves communications with a Registered Receipt™.
- Dynamic Encryption™: Automatically encrypts based on content and recipient capabilities.
- eSign: Legal document signoff.
- File Share: Share large files securely up to 1 GB.
- Eavesdropping AI™: Detects sophisticated cyber-threats, alerts sender, and locks content.
- Lookalike Domain™ Detector: AI-Infused human-error prevention, identifies email domain trickery.
- Reply Hijack™ Alerts: Warns against attempts to hijack email replies.
- RMail Recommends™: AI-infused-DLP suggests RMail features based on message content.
Benefits
- Security: Enterprise-grade encryption and AI detection ensure robust email protection.
- Privacy: Dynamic encryption ensures 100% compliance with privacy regulations.
- Compliance: Court-admissible proof of delivery and content meets legal standards.
- Efficiency: Streamline workflows with server-level automation and user-friendly features.
- Protection: Defend against sophisticated cyber threats and human error.
- Automation: Automate feature deployment at server and inbox levels.
- Human-Error Prevention: AI-driven email spoofing and reply hijacking risks reduction
- Ease of Use: Intuitive interface for enhanced productivity and satisfaction.
- Versatility: Multiple deployment options and flexible feature combinations.
- Integration: Compatible with popular business tools for seamless integration.
Pricing
£144 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 3 5 5 0 6 4 1 4 4 6 1 6 5 9
Contact
RPOST UK LIMITED
Kevin Love-Hughes
Telephone: 0203 078 7620
Email: rpost-uk@rpost.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Email and other digital business services like CRM
- Cloud deployment model
- Public cloud
- Service constraints
- The features Lookalike Domain Detector, Reply Hijack Alerts and RMail Recommends, are exclusive to the Microsoft Outlook application.
- System requirements
-
- Works with Gmail
- Works with SalesForce
- Works with any Outlook and Office 365 versions
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Various support plans are available.
On basic plan response times are different at weekends but can be tailored to suit. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
- (1) Plan pricing is a percent of the service order with minimums: a) *Premium: The greater of (a) 10% of total service order or (b) 25/month or 250/year if pre-paid b) *Platinum: The greater of (a) 15% of total service order or (b) 50/month or 500/year if pre-paid c) *Enterprise: The greater of (a) 20% of total service order or (b) 250/month or 2500/year if pre-paid (2) Included Live Phone/Live Remote Access aggregate instances per month: Premium: 2, Platinum: 3, Enterprise 3. (3) Eligible for enhancement, each enhancement has an additional cost. (4) Included Registered Receipt™ E-Delivery Investigative Support instances per month: Platinum: 2, Enterprise: 3. Full Support plan information available on request.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- By providing training and documentation on the Onboarding Portal.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- RPost does not permanently store user data
- End-of-contract process
- RPost can terminate the service as requested and as we dont store user data there are normally no further activities required.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- MacOS
- Windows
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- User friendly UI that allows access to features
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- None but meets standards
- API
- Yes
- What users can and can't do using the API
-
All features available by API except
Licence allocation
Usage Reporting - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Features can be selected as desired, and other services can be added such as branding. Mixture of user enable customisation and supplier only customisation. Organizations can deploy in the inbox with plug-and-play apps for common business tools (Salesforce, Outlook, Gmail, and more), integrate into their custom workflows, automate with RMail Cloud Security Gateway, and more deployment options.
Scaling
- Independence of resources
- Use of a scaleable and highly redundant failover architecture on AWS.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Through the RPortal users and administrators can monitor their usage and pull reports including historical.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data is not permanently stored.
- Data export formats
- Other
- Data import formats
- Other
- Other data import formats
- Not Applicable
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- https://rpost.com/legal-notices/service-level-agreement
- Approach to resilience
-
https://rpost.com/legal-notices/service-level-agreement.
Information available on request - Outage reporting
- Email Alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
- Via Email Suffix
- Access restrictions in management interfaces and support channels
- Registered Users
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO9001, ISO27001, ISO27017 ISO27018 via AWS
- RPost systems conform to the NIST 800-171
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- RPost has policies, procedures, and infrastructure to protect the physical security of its business offices and development lab. RPost infrastructure that operates the RMail services is an Amazon AWS infrastructure that carries an ISO 27001 Certificate and SOC2 Report. AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. Access to any of these reports can be provided if required.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- RPost maintains a change management process to ensure that all changes made to the production environment are applied in a deliberate manner. Changes to information systems, network devices, and other system components, and physical and environment changes are monitored and controlled through a formal change control process. Changes are reviewed, approved, tested and monitored post-implementation to ensure that the expected changes are operating as intended.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Security assessments shall be undertaken on a regular basis to identify vulnerabilities and to determine the effectiveness of patch management programs.
The CTO will remain up to date with announced system security issues as they are made public. Each vulnerability will be reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Please refer to sections (II)(3) to (II)(7) of RPost SLA (https://RPost.com/legal-notices/service-level-agreement) for details about incident reporting, support, incident severity levels and escalation.
RPost handles threat management as part of the SDLC process and every change introduced to the system. Please refer to RPost SDLC threat handling.pdf for more information.
Infrastructure monitoring – as stated in the document “RPost Incident Response Plan - Confidential.pdf” , AWS servers are continuously monitored with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html) which transmits alarms and alerts to members of the Performance Monitoring Team. The performance monitor system determines the responsivity of each of these services every 5-10 minutes. - Incident management type
- Supplier-defined controls
- Incident management approach
- Please refer to sections (II)(3) to (II)(7) of RPost SLA (https://RPost.com/legal-notices/service-level-agreement) for details about incident reporting, support, incident severity levels and escalation. For more information about RPost incident management processes, refer to the document “RPost Incident Response Plan - Confidential.pdf”.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
RPost are challenging the world of employment to move to a 'paperless office'. We understand the need to fight climate change globally and our products support this mission. Our products encourage people to transact digitally rather than by physical mail. RMail and RSign both include a Registered Receipt that can act as legal proof of delivery omitting the requirement to use post.Covid-19 recovery
RPost offers flexible Work from Home Policy to all employees globally in order to combat Covid-19 recovery.Tackling economic inequality
RPost have preferential price points for startup business' and organisations within the public sectorEqual opportunity
RPost is a global equal opportunities employer. We aim to meet and welcome diversity, inclusion and equality best practices wherever possible at a global levelWellbeing
RPost advocates wellbeing in the workplace. We encourage regular in person and online meetings where employees can get together both in a team or individual setting
Pricing
- Price
- £144 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Up to 5 units per month for all Rmail features ongoing
- Link to free trial
- Www.rmail.com