HANDD Business Solutions

Fortra's Classifier Suite FCS (Formerly Boldon James) - From HANDD Business Solutions

Fortra's Classifier Suite FCS (Boldon James) allows you to organise and label data according to sensitivity and importance, across platforms and devices. Protect sensitive information by assigning persistent metadata labels like "Confidential" or "Public", alongside rich context labels. FCS aids in enforcing data security policies and ensures compliance with regulations.

Features

• Data Classification and identification on all file types
• Add manual or automated Persistent Metadata
• End User assistance for data classification and identification
• Email security with automated classification and Marking
• Flexible policy engine
• Right Click classify
• Visual Identification including: shortcuts /watermarks /headers
• Sharepoint Classifier
• Notes Classifier
• Mac Classifier

Benefits

• Ability to classify all files a user can right click
• Maximum file coverage for improved security and file identification
• Persistent metadata allows downstream services (firewall/DLP) to improve security posture
• Reduce staff workload by implementing automated file classification
• improve staff security awareness with assisted/guided classification
• Classify emails (including attachments) with outlook plugins improving efficiency
• Multi-level classification allows complex data schema/policy writing/automation

£12 to £42 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.parkinson@handd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

131659431140340

Contact

Matthew Parkinson
07779150169
matt.parkinson@handd.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Standard system upgrades are required periodically but upgrades are unlikely to reduce service uptime
• System requirements: Server can be deployed on premise or in the cloud

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on severity on average between 30mins and 24 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: There is a bot available on the website
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: HANDD Business Solution provide a range of wrap around services depending on customer requirements. This can be purchased as time and materials or against scope of works with guaranteed deliverables to ensure pricing consistency. Standard vendor support is included and upgraded support or managed services can be provided at additional cost bespoke to customer requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Data Classification is often born out of a compliance requirement and organisations have relatively old (outdated) classification policies. We work with organisations to help them understand how to automate and guide users adding classification (metadata) and how this will impact the business. We understand users workflows must not be unduly impacted and through our pre-sales process, onboarding, Delivery, management and training processes give all relevant stakeholders confidence that the solution will deliver expected business outcomes. Those outcomes are not just "classify a file" but improve efficiency, or reduce risk and improve security posture. Working with downstream devices like gateways or DLP is often a crucial business requirement and discussing these at an early stage can help business benefits after deployment is completed. Thinking about the whole journey and delivering against business outcomes not just a product is critical to success. HANDD understand these business and security challenges in detail and help towards achieving these goals from inception to delivery.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Bespoke to customer requirements including
  • Training videos
  • Word documents
• End-of-contract data extraction: HANDD do not require access to customer data and servers are owned by the customer. HANDD only hold data of the contacts required to deliver the product for example technical onboarding staff and relevant commercial contacts to enable operation of the contract. These contacts have right to be forgotten as applicable under existing GDPR regulations as applicable under law
• End-of-contract process: Licences are generally bought as subscription licences and as such access is removed at the end of the contract. Any perpetual licences bought are subject to annual support and maintenance, where this is not continued access to support/ updates and other services is removed at the end of the contract. Customers are still able to use any existing software but no updates/ upgrades will be provided. Where services, managed services or as-a-Service is purchased, access to these services are are terminated if the contract is not extended. Services and licences are not dependent on each other being renewed. Additional costs can apply for services outside of those contracted, these could include:; additional training; configuration services (via professional services); classification policy writing ; A clear breakdown of professional services based on individual requirements is suggested

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The server console sits on a central server
• Accessibility standards: None or don’t know
• Description of accessibility: User devices will have a configuration downloaded from a central server and allow them to classify important documents and based on organisational requirement automatically add required persistent metadata, visual file marking, header/footer information or watermarking. This can also be done by right clicking any file. The ability to override marking can be allowed based on customer policy. Hints and tips can be written bespoke to the organisation. This can also be delivered as a service. Classification-as-a-Service
• Accessibility testing: N/A
• API: No
• Customisation available: Yes
• Description of customisation: Extensive customisation is available broad topics include:; Data Classification, metadata tags and visual pop-ups can all be customised. Customisation will be done to comply with organisational and relevant stakeholder requirements to ensure maximum usability with minimum user impact. This could be automated classification, tool tips and guides and many other variables. This can be done by the customer, via support teams or by request when delivered as a managed service. Full details available on request.

Scaling

• Independence of resources: Users install an application and download policy from a central policy and their own device remains as a standalone device. With regards to our services we have an international footprint and our professional services team are tasked appropriately.

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting is provided within the application based on individual customer requirements
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: HANDD Business Solutions services to support FCS Fortra Classifier Suite

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is held by the customer on their servers, any user data held by HANDD or the vendor will be removed at the end of the contract as appropriate
• Data export formats: CSV
• Data import formats: Other
• Other data import formats:
  • Integration with Active Directory
  • TXT
  • LOG
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: SLA's can be agreed on a per customer basis. Service is delivered against specific outcomes to ensure delivery against business objectives. Normal operational uptime is expected to be 99.4%+
• Approach to resilience: Resiliency designed against RTO and RPO objectives and built in as appropriate
• Outage reporting: Via service logs

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access control is granted on the principle of least privilege. Users are only provided access to the information they require to perform their tasks and role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 08/03/2023
• What the ISO/IEC 27001 doesn’t cover: 9.4.5 Access control to program source code 12.1.4 Separation of development, testing and operational environments 14.2.1 Secure development policy 14.2.4 Restrictions on changes to software packages - HANDD does not develop systems. HANDD uses SaaS solutions only. 14.2.5 Secure system engineering principles - HANDD does not develop software or code. We are a licensed reseller of software only 14.2.6 Secure development environment 14.2.7 Outsourced development 14.2.8 System security testing 14.3.1 Protection of test data HANDD does not develop software or code. We are a licensed reseller of software only
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The following is available on request only; ; HANDD Business Solutions operate under all relevant legal, regulatory and; contractual compliance requirements as documented in the Legal and Contractual Requirements Register. The register is maintained through the continual improvement process and the audit plan. Legal and Contractual Requirements Register contains details of the applicable information security standards. As a minimum the following apply; • ISO 27001; • Cyber Essentials; ; Role Responsibility; General Manager- Endorse the Information Security Management System.; Senior Management Team- Owns the information security management system, the information security management objectives and agrees risk mitigation.; Management Review Team- Is responsible for ensuring the effective delivery of the information security management system and its continual improvement. ; ; Further details under NDA

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Detail available on request -HANDD internal change control brief summary:; Changes must be submitted to the HANDD CAB within timescales listed below for approval. All changes summited will be aligned with the customer CAB to ensure that there is adequate time to be presented for initial review at the weekly review meetings.; Changes must be submitted using the RFC form by providing as much detail as possible before submitting to the customer CAB for approval.; Any change submitted with less than two business day’s notification is considered an emergency request and must follow the Emergency process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HANDD detailed vulnerability management available on demand and subject to NDA
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on demand and subject to NDA
• Incident management type: Supplier-defined controls
• Incident management approach: HANDD policy available on demand and subject to NDA

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  HANDD’s Equal Opportunities Policy; ; The aim of this policy is to communicate the commitment of the Board and management to the promotion of equality of opportunity in HANDD Business Solutions. It is our policy to provide equality of staff membership to all, irrespective of:; ; gender, including gender reassignment; marital or civil partnership status; having or not having dependents; religious belief or political opinion; race (including colour, nationality, ethnic or national origins, being an Irish traveller); disability; sexual orientation; age; We are opposed to all forms of unlawful and unfair discrimination. All members of the organisation will be treated fairly and will not be discriminated against on any of the above grounds. Decisions on membership, selection for office, training or any other benefit will be made objectively, without unlawful discrimination, and based on aptitude and ability. To request a copy of this policy please email careers@handd.co.uk

Pricing

• Price: £12 to £42 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.parkinson@handd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.