ZiAAS Ltd

Progress (Ipswitch) Secure File Transfer

Moveit Secure File Transfer and Automation Software for the Enterprise
Guarantee Managed File Transfer.

Moveit Automation. Moveit Transfer, Moveit Gateway, FTP, SFTP, Web Connectivity. Encryption, Enterprise customized, Brand-able, Multi Tenanted. Progress formerly Ipswitch. File Transfer

Secure, Auditable, Automated, and Compliant File Transfer — Self Host or Hosted. Secure File Transfer

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS - Protocols
• File encryption with FIPS 140-2 validated AES265bit
• Multi-factor authentication
• Authentication with Azure AD, LDAP, SAML, ODBC, Local Accounts
• MOVEit Audit logging, advanced native audit logging
• Secure Folder sharing with external parties, traceable folder sharing
• Self Host or Hosted, Managed Self Host, On Premise
• Access via web, Desktop and mobile client or Outlook add-in
• Ad-Hoc file sharing by email invitation, outlook add in, moveit
• Full REST API, Azure blob, Azure SQL, MuleSoft

Benefits

• Share files securely internally and externally, custom links
• Secure publically files using file encryption
• Access controls including MFA and Azure AD conditional access
• Consolidate all of your FTP/SFTP servers
• Full automation and unlimited work flows
• Simple to use, intuitive and reliable
• Advanced logging for administrators and users with notifications
• Easy Management than other File Transfer solutions
• On-Premise or self host IaaS or SaaS in the Cloud
• Secure and compliant sharing of sensitive data

£124 to £156 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ziaas.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

105403488646153

Contact

Ash Ahluwalia
02030263720
sales@ziaas.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.
• System requirements:
  • Microsoft Windows, Mac OS X or Linux operating system.
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari.
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA of 2 hours; UK office hours (09:00 - 17:30); Monday-Friday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Client dependent
• Web chat accessibility testing: Client dependent
• Onsite support: Onsite support
• Support levels: 2 Hour response SLA during UK office hours (09:00-17:30) - Monday to Friday; Level of support varies, from free to professional services depending on customer requirments
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Every purchase of MOVEit Cloud includes a 2-hour web-based training class, where we will take the administration team through the customisation options and answer any questions they may have.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Either the client or Progress (Ipswitch) can provide an extract of information at the end of a contract period
• End-of-contract process: Customers are offered subscription renewal three months before the expiration of their current subscription period. If the renewal is not accepted and the service is to be cancelled, the customer is provided with a date upon which the service will become unavailable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Full REST API available
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Multiple options for customers - can create bespoke experience

Scaling

• Independence of resources: MOVEit Cloud has licensed restrictions on user accounts and usage of the service, which allow us to ensure that the service is scalable and efficient for all our customers. Customer accounts are split over multiple hosted tenants.

Analytics

• Service usage metrics: Yes
• Metrics types: MOVEit Cloud contains reporting capabilities which can list number of files uploaded/downloaded, cumulative size, user activity and more.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Progress (Ipswitch)

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Files will be exported in their native format
• Data import formats:
  • CSV
  • Other
• Other data import formats: Files will be exported in their native format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: SSH/SFTP encryption and file hashing.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: MOVEit Cloud has an uptime of 99.9% and a support response SLA of 2 hours, inside of support hours.; ; Compensation for downtime is at the discretion of the service provided and evaluated on a case-by-case basis.
• Approach to resilience: Available on request.
• Outage reporting: Public status website and email for planned outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Local user accounts, LDAP, ODBC.
• Access restrictions in management interfaces and support channels: Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Local Accounts, LDAP, ODBC.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Available on Request
• PCI DSS accreditation date: Available on Request
• What the PCI DSS doesn’t cover: Available on Request
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: MOVEit cloud is certified for PCI-DSS and has a yearly audit to ensure compliance with the GDPR. Data centres are SOC2 compliant.
• Information security policies and processes: N/A

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Progress (Ipswitch) has a dedicated MOVEit cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: MOVEit Cloud and the wider MOVEit software is assessed regularly against SANS and by a third-party. The results are not publicly disclosed, however any vulnerabilities are placed into the development queue for repair in the next release.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The MOVEit cloud operations team are responsible for the ongoing monitoring of the solution, using a variety of tools. They have strict processes for reporting breaches and containing them.
• Incident management type: Undisclosed
• Incident management approach: Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit cloud operations teams and the choices of management. MOVEit cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As a company, we recognise that our operations have an effect on the environment in which we live and work and therefore environmental regulations, laws and codes of practice will be regarded as setting the minimum standards of environmental performance. Our Environmental Policy affirms our commitment to operating in an environmentally responsible manner. Emphasis is placed on continuously improving our performance, by reducing the environmental impact of our operations, and compliance with all relevant environment legislation. In accordance with the above Policy commitments, ZiAAS will: ; •Ensure our operations are safe for our employees, consumers, and the environment. ; •Minimise the production of waste ; •Minimise material wastage ; •Promote the use of recyclable and renewable materials ; •Ensure that our staff, contractors and partner organisations are aware of our Environmental Policy and encourage them to incorporate the same principles ; •Comply with all relevant environmental legislation, regulations and applicable codes of practice.
• Covid-19 recovery:

  Covid-19 recovery

  n/a
• Tackling economic inequality:

  Tackling economic inequality

  n/a
• Equal opportunity:

  Equal opportunity

  ZiAAS is fully committed to the principle of equal opportunities in recruitment and employment and opposes all forms of unlawful or unfair discrimination as stated in the Equality Act 2010. No employee or potential employee will receive less favourable treatment or consideration on the grounds of age, disability, race, colour, nationality, ethnic origin, sex, sexual orientation, marital status, religion or belief or will be disadvantaged by any conditions of employment or requirements that cannot be justified as necessary on operational grounds. ZiAAS aims to treat all employees with dignity and respect and provide a working environment free from all discrimination. It will conduct its affairs at all times in a manner that is consistent with this aim.
• Wellbeing:

  Wellbeing

  n/a

Pricing

• Price: £124 to £156 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to MOVEit cloud for 30-days.
• Link to free trial: Please get in touch - sales@ziaas.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ziaas.com. Tell them what format you need. It will help if you say what assistive technology you use.