UNIFIEDPOST LIMITED

Unifiedpost Group Hybrid Mail Solution

Unifiedpost Group is a global FinTech providing digital and printed transactional communication and document solutions. Hybrid mail is a cost-efficient alternative to in-house print and post. Accessible anywhere at the touch of a button. Our hybrid mail solution supports the transition to e-documents, multichannel document delivery and remote working practices.

Features

• Instant cost savings via bulk printing and mail consolidation
• Multi-channel delivery options via email, SMS, print and post
• Create a library of templates such as letterheads, attachments, inserts
• Same day document dispatch
• Choice of print and document configuration
• User and group access controls
• Optional approval process before each document is sent
• Full document audit trail and reporting suite available
• Dedicated project team and account managers
• Remote set-up and installation

Benefits

• No monthly subscription, only pay for what you mail
• No user limits or volume commitment
• Reduced mailing and printing costs such as paper, envelopes, ink
• Eliminates the need for in-house print and mail equipment
• Supports remote working and hybrid working businesses
• Consolidated branding using fixed templates such as letterheads
• ISO 9001, 14001, 27001 and 22301 certified
• Cyber Essentials Plus certification
• Regular service review meetings to support continuous improvement
• Digital capability reduces environmental impact and improves sustainability

£0.60 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@unifiedpost.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

754390883243262

Contact

Rob Patrick
0161 766 5544
tenders@unifiedpost.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The platform will work with all commonly used hardware and software platforms.
• System requirements:
  • Buyers/Users can access the system using a web browser
  • A virtual print driver can be installed locally

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a standard SLA to respond to customer queries within 2 hours when they do not impact the service. However, our Customer Service Team typically respond in a matter of minutes. Support is provided during normal working hours between 08.30-17.00 Monday to Friday and does not include Weekends or Bank Holidays. Weekend cover can be made available on request and is subject to agreed timings and costs with individual buyer organisations.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: First line support is provided by the UPG Customer Service Team and your dedicated Account Manager.; ; Second line support is provided by the UPG in-house Development Team, who have extensive knowledge of each customer's solution and the ability to resolve most issues promptly.; ; Third line support is provided by the Infrastructure Team that manage and maintain the data centres.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: UPG works closely with each customer through a workshop model to understand their individual requirements. UPG then develops a statement of work with each customer to define the system configuration that meets the customer's specific requirements. Nominated customer users "Super Users" will receive training during a video call or on-site sessions to show them how to create documents to be printed and the document management platform. Trainers confirm understanding and user guides are also provided. Further Train the Trainer sessions are completed to give the buyer’s staff the capability to provide new user and refresher training when required. Full support is provided by UPG throughout the onboarding process and life-cycle of the contract.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: UPG will create an export file(s) containing the agreed data. This can be encrypted if required and is typically in csv or xml format.
• End-of-contract process: Typically our contracts include an Exit Strategy Schedule which will be followed at the end of a contract. In the absence of a contracted Exit Strategy Schedule we will work with each client to mutually agree an end of contract exit plan, which we will execute in a professional and orderly manner. In all instances client data is either securely destroyed (certificated) or extracted in the agreed client format and submitted back to the client using an agreed data transfer methodology.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Currently the service is the same on both mobile and desktop devices. A specific mobile interface may be developed later.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can submit documents to print via the API and users can retrieve documents from our document management system to view in their own systems via the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The core application behind the service is a workflow engine that manages automated rule-based processes. UPG will configure the workflow against the agreed requirement and this can include customer selectable options and customer branding.

Scaling

• Independence of resources: Appropriate resources are defined in line with our Business Continuity Strategy and outlined in the Project Plan that is created on a contract basis. This sets out the minimum resources and skill sets required to deliver each individual contract. It also includes contingency requirements to maintain suitably skilled staffing levels in the event that scheduled staff are unable to complete their duties due to sickness or authorised/unauthorised leave is taken.

Analytics

• Service usage metrics: Yes
• Metrics types: UPG has a comprehensive reporting suite to provide detailed Management Information. This allows the buyer to have visibility of all work commissioned at each stage of the processing lifecycle, providing assurance SLAs are being met and the services are running as expected. Information backed up by a comprehensive monthly MI pack and gives clear sight of UPG performance against agreed SLAs. It also includes an issues management log and key volumes analysis to ensure buyer's are using the most cost effective service.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Files can be downloaded directly from the web portal either individually or in bulk.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Word
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Our SFTP software is hosted in an off-site, secure cloud environment delivering the strongest levels of encryption of any file transfer client on the market: industry-leading 256-bit AES encryption and FIPS 140-2 validated cryptography secures files during transfers over SSL/FTPS and SSH/SFTP protocols.
• Data protection within supplier network: Other
• Other protection within supplier network: UPGs internal network is physically separate from the system. Customer data on this LAN is not accessible from the Internet.

Availability and resilience

• Guaranteed availability: The availability of our system is 99.95% and includes a full DR capability. Based on this, we agree individual SLAs and service credits with each customer.
• Approach to resilience: The system resides in two geographically separate data centres, one providing Disaster Recovery (DR). All data is copied to the DR site before processing and the two systems are synchronised multiple times each day.
• Outage reporting: We will notify users of planned outages via the web portal and email, together with the reason and impact. Unplanned outages will be notified via email with details of the failure, corrective action and impact.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Each user, or group of users, has a comprehensive set of access controls which limits what can be viewed down to individual documents, and what functions are made available. For example, if a user does not have authority to email a document, then this function is completely missing from their portal screen.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification Limited
• ISO/IEC 27001 accreditation date: 24/10/2023
• What the ISO/IEC 27001 doesn’t cover: N/a - ISO 27001 covers all of UPG's data security activities
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 22301 - Business Continuity Management

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: UPG is accredited to ISO 27001 and is Cyber Essentials Plus certified. We have instigated policies and procedures to comply with these standards. Regular audits and non-conformance reviews are carried out and reported to the Managing Director.; ; UPG approach security governance in the strongest of manners. We have a Data Protection Officer to ensure we are always up to date with the latest requirements for GDPR and all aspects of data security in our business. We also have a Quality & Compliance Manager to monitor that all processes are being followed, and in line with the ISO accreditations we hold. Internal refresher training is provided and any non-conformances logged and addressed immediately.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are documented and signed off by all stake holders prior to any work being started. ; ; The change is then developed in UPG's separate development/test environment and subject to User Acceptance Testing (UAT) before being submitted to the change board for approval to promote to production. ; ; Version control is applied to the production environment with all changes logged and records kept.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: UPG will apply patches via the change control process promptly. The IT Manager is responsible for the patch process and monitoring potential threats. He achieves the latter in conjunction with the data centre hosting providers who manage IG Soc and N3 secure services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: • Our internet facing servers sit within a DMZ and are behind firewalls.; • The DZM UTM firewalls automatically perform advanced security ; filtering across multiple attack vectors (URL, Application, IPS, Zero ; Day).; • If an issue is flagged a ticket is automatically raised; • This service runs 24\7\365; • Any issue raised is assigned the relevant priority.; • As monitoring is automated, any issues detected immediately raises a ; ticket.; • Based on the priority that has been assigned the response time\update ; times would vary in line with the contractually agreed incident ; management SLA’s.
• Incident management type: Supplier-defined controls
• Incident management approach: The system is managed in accordance with ITIL V3, including the incident management process.; ; Quarterly reviews between UPG and the data centre hosting services provider review the incident log and verify corrective action.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  UPG has revised its corporate Environment Policy to strengthen its environmental commitments and taken steps to improve the Environmental Management Systems by obtaining ISO 14001. We have also just been audited and successfully re-accredited with ISO 14001, achieve zero non-conformances.; ; We also acknowledge the Climate Emergency and the importance of reaching Carbon Net Zero as a business. With that in mind it is the businesses aim to be Carbon Net Zero by 2030 and we are currently finalising our Net Zero Carbon Reduction, which will be published on our website shortly.; ; We are increasingly determined to have a positive effect on the environment and to avoid any unintended consequences through its actions and is committed to accelerate and support the wider UK Government in its ambition to become the world’s first Net Zero country.; ; UPG adopt the UN Climate Neutral Now definition of Net Zero as “the state where a balance between anthropogenic greenhouse gas (GHG) emissions and removals is achieved”, by taking the following actions:; ; ● Measure 100% of the organisation’s GHG emissions; ● Reduce GHG emissions as far as possible; and; ● Offset remaining emissions through projects that remove carbon ; from the atmosphere in the long term

  Tackling economic inequality

  At UPG we are constantly looking at ways to do more as a business and, along with the currently climate emergency, we understand the importance in supporting communities all over the UK to balance our inequalities in everyday life. That is why we have implemented a number of initiatives that span outside of our own locality and have a reach that can support the needs of any area. This includes, but is not limited to, supporting/mentoring those out of work or young people looking to gain employment, providing tech to the children that need it most to support their education, funding community projects and/or using suppliers from your area.

  Equal opportunity

  The Company is an equal opportunities employer and is committed to opposing all forms of discrimination in the workplace. We will not tolerate discrimination based upon age, disability, marital status, race, colour, nationality, ethnic origin, religion, sex or sexual orientation and gender. The Company will make decisions without reference to discriminatory criteria.

Pricing

• Price: £0.60 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@unifiedpost.com. Tell them what format you need. It will help if you say what assistive technology you use.