Data security measures
We are ISO27001, ISO14001 and ISO9001 accredited along side Cyber essentials. This ensures our systems for information security, environmental and quality are managed to a high certified standard.
In addition to our processing and operational measures we have in place our Hybrid Mail system has gone through a rigorous technical due diligence process completed by Cloud Origin.
Architecture and development process
Our hybrid mail solution utilises an AWS system for hardware requirements which includes:
Our SSL secures all file transfers. We support our AWS security standards by leveraging with their compliance mechanisms.
By design account data is logically compartmentalised. Ensuring end users can only see data from their own account. Even PDF’s are never directly exposed but alternatively they see a temporary file image instead.
As part of our systems standard testing fortnightly develop cycles with pre-deployment vulnerability is in place.
Cloud applications and Servers are patched weekly where required.
Routine pen testing is conducted.
User access control
Industry standard user access controls are implemented with PostboxNow
User password complexity
All user passwords require 1 number and 8 characters which Kaspersky has reported that it would take around 12 days to be bruteforced with a home computer.
Data retention periods
Our data retention periods can be altered to varied account requirements. Client uploads are held for a maximum of 365 days before being securely wiped using a DoD 5220.22-M algorithm.
When data is transferred between end-users and PostboxNow our SSL certificates; that use RSA4096 and 2048 but keys, ensure all communication is encrypted.
All returns will be sent directly to Eight Days a Week Print Solutions / PostboxNow c/o Reliance Worldwide by Royal Mail.
The 2D barcode on the front of every mailing will be scanned into the system. Any returned mail you have sent can be seen in your returned mail folder.
Once mail has been flagged at returned, the physical mail piece will be securely destroyed in line with ISO 2700.