Pro2col Ltd

Globalscape EFT Arcus

EFT Arcus is a SaaS MFT solution for organisations needing the agility, elasticity and cost savings the cloud provides. Reduce the complexity of your file transfer infrastructure, increase operational efficiency and protect your most important data using our secure managed file transfer cloud service. EFT Arcus has SOC 2 certification.


  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • AES 256-bit encryption of files both in-transit and at-rest
  • Unlimited Simultaneous Local/Remote Users across all protocols
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • Granular permissions for access to files and folders
  • Workspaces for simple, secure, controlled collaboration
  • 99.9% uptime available
  • Transfer or transform files using application workflows
  • Agent to agent transfers
  • Single-tenant deployment in Azure


  • Share files with internal and external users easily and securely
  • Single platform for one-off file sharing and collaboration
  • Secure access to files with authentication and granular permissions
  • Automate workflows between any combination of systems and people
  • Meet information security compliance requirements with visibility and control
  • Reduce the risks of non-documented scripts and manual processes
  • No patching and up-to-date security ciphers and software versions
  • Reduce IT operational costs including hardware, software maintenance, and support
  • Reduce the risks of downtime for this critical business system
  • Reduce IT load for system management and partner onboarding


£6,000.00 to £30,000.00 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 6 1 8 4 7 0 4 3 0 1 7 7 5 6


Pro2col Ltd G-Cloud Team
Telephone: ​0333 123 1240

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Arcus Basic comes with a 99% uptime SLA, Arcus Custom is 99.9 and Premium 99.95% . There are different functional constraints in each package including the number of event rules, log file storage, scaling and authentication. Remote agents are windows only.
Customers can choose from a selection of pre-determined maintenance windows.
System requirements
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is available on Custom and Premium. Globalscape commit to a response time of two hours on production affecting issues.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
One hour response SLA during UK office hours (09:00-17:30). Support is included in the Globalscape Arcus subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. Globalscape Arcus comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
Support available to third parties

Onboarding and offboarding

Getting started
Comprehensive documentation is available for Arcus and all customers receive an on-boarding call with Globalscape. Pro2col provide a range of services to support administrators, helpdesk teams and end users at point of on-boarding. These are customised to meet your particular requirements. For further details of these services, please see Globalscape EFT Server Professional Services. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Either the customer or Globalscape can provide an extract of the information at the end of the contract period. Globalscape will retain User Data for 30 days post the end of the contract and then it will be destroyed.
End-of-contract process
Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Globalscape will extract the User Data and will not have system access from the date of contract expiration.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Free mobile apps for Android and iOS are available. Depending on the permissions defined for the account in EFT, users can upload, download, preview, open in an external viewer, add to vault, share, rename or delete files, and create folders. The mobile app also encrypts files in a storage vault for users who need to work offline.
The web interface can also be accessed via a mobile device.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface is accessed via a remote desktop web client.
Administrators are able to manage users, workflows, folder structures and reports from there.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
What users can and can't do using the API
Any administrative action can also be performed via the API.
The API is COMbased and is called by script or program
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
EFT Arcus is installed as "single-tenant"; each customer has their private deployment.


Service usage metrics
Metrics types
The Auditing and Reporting Module (ARM) captures the transactions passing through Arcus and provides an administration interface where users can access preconfigured reports or create custom reports to query, filter and view transaction data. Data is stored in a relational database and can be analysed in real time.

The ARM comes with a number of preconfigured reports designed to respond to the most common data analysis requests.
Globalscape will provide usage reports on uptime, bandwidth, event rules and storage use.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption; one of the strongest block ciphers available. It is FIPS 140-2 compliant. -
EFT Arcus supports the option of PGP.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Files can be downloaded using any of the file transfer protocols supported by Arcus including SFTP/FTPS/HTTPS. Reports can be extracted from the auditing and reporting module in XML.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML for reports
  • Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats
Files can be uploaded in their native format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH/SFTP encryption and file hashing. The minimum strength of the encryption used during web transport is configurable.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs are governed by the tier chosen (Basic, Custom or Premium).
A detailed snapshot of uptime is maintained for all customers. If an outage occurs, the process of credit accumulation starts in the month of the outage. For example, if an outage occurs in August, the credit will reflect in the September invoice. Credits are pre-determined percentages against SLA failure up to 20%.
Approach to resilience
EFT Arcus is installed in the Microsoft Azure region of your choice, and data is replicated to another region in case of outages. Additionally on the Premium or Custom tier, servers are scaled to two HA nodes.
The Azure Backup retention structure allows you to have full flexibility in defining the retention policy as per your requirements. Data is copied by Azure GRS storage. The customer is geographically replicated. Archiving is the responsibility of the customer. Info can be found here:
Further information is available on request.
Outage reporting
If the Azure region hosting your EFT Arcus site becomes unavailable, Azure will automatically switch to its paired region. This process is invisible to the end user. The Globalscape and Pro2col Support teams will triage the problem to either find a solution (if it is in EFT Arcus) or work with Microsoft Azure support to find a solution. (AzureGeography described at

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to administration accounts can be restricted by an IP address mask and accessing protocol. An agreed list of administrators is provided during on-boarding. Admin permissions are granular, allowing role-based access. Arcus can be configured to block accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Microsoft publish CAIQ and CCM reports for CSA STAR assessment
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • Azure has a PCI Compliance Certification
  • Arcus can be configured to be PCI compliant
  • Azure complies with: SOC1, SOC2, SOC3, ISO 27001:2013

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Globalscape are currently working towards SOC 2 and ISO 27001 compliance for Arcus.
The Globalscape Privacy Policy is available on request. All staff are trained on information security and data protection.
Access to information is controlled based on role.
Information security policies and processes
Globalscape have a Data Protection Officer (DPO) and a copy of their policies is available on request.
Globalscape have implemented measures to secure customer data from accidental loss, unauthorised access, alteration or disclosure.
Pro2col are ISO 27001 and Cyber Essentials certified. Information security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Globalscape run a comprehensive system for tracking EFT development. All versions of EFT are thoroughly tested before being uploaded into the Arcus environment. Globalscape take a security first approach to product development with a focus on GDPR reporting for example added to the latest release.

Further information available on request
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The underlying infrastructure of Arcus is Azure. Microsoft publish a range of reports on how they mange threats and vulnerabilities within their environment from the physical security of the datacentres through to patching and beyond.
Globalscape monitor the application layer and will deploy urgent patches if required to Arcus. A full list of recent releases and patches is available at
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
EFT Arcus installed on the Microsoft Azure network and is located in the Azure region specified by the customer. Microsoft adheres to stringent policies and procedures when it comes to accessing customer data. Microsoft has taken steps to ensure that there are no back doors and no direct or unfettered access to customer data.
Further information available on request
Incident management type
Supplier-defined controls
Incident management approach
Microsoft Azure retains audit records to provide support for after-the-fact investigations of security incidents and to meet regulatory and organisational information retention requirements. Upon notification of a breach:
• Suspend the EFT Arcus environment, if necessary
• Attempt to find the attack vector
• Follow local laws related to forensics.
Alerting mechanisms are in place to notify appropriate individuals that security events have occurred.
Any user can report an incident via support.
Reports will be shared with agreed customer contacts.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Doing things right, doing the right thing. That’s the ethos that we live by at Pro2col. That mantra drives our commitment to protecting and preserving the environment. Our environmental policy focuses on three key areas.
1) Reducing emissions: We make environmentally-driven decisions within our office – switching to a green energy provider who delivers 100% renewable energy, using environmentally friendly cleaning products and office supplies, encouraging our team to travel to work by sustainable methods and establishing a cycle to work scheme. Where possible we’ve chosen to reduce work trips and on-site work to deliver our services and support remotely and sustainably. Our hybrid work policy has reduced the number of unnecessary commutes into the office.
2) Reducing waste: We campaign against today’s throwaway culture, recognizing that recycling is good, reusing is better, not buying at all is better still. We encourage our staff to recycle or use reusable materials. Our office acts as a crisp packet recycling point where anyone in the local area can drop off crisp packets and we’ll take them off to be recycled. We even got our local coffee shop to transition to compostable coffee cups and lids…
3) Inspiring the community: We strive to involve our wider community in our environmental efforts. As a company we’re incredibly lucky to be a stone’s throw from the beach and some of the most spectacular countryside in the UK. And we want to protect and support that environment. So, every year we organize a beach clean. The whole Pro2col team gets involved. We bring along our families and friends. We invite our partners and suppliers. We involve local businesses. Last year we collected 16kg of rubbish and covered 300m of beach.
Covid-19 recovery

Covid-19 recovery

Covid-19 Recovery

At Pro2col we’re passionate about our local area – and supporting the businesses in our local area. We’re particularly focused on supporting the brilliant array of independent retail, hospitality and manufacturing operators in the area.
As part of our team culture and benefits we offer every member of the team a voucher to celebrate their birthday and their work anniversary with Pro2col. Following the Covid-19 outbreak we decided that we were going to ensure these vouchers were only spent with local retailers. Similarly, when we were forced to cancel our Christmas parties, we decided to allocate funds to our employees for them to spend at local delivery and takeaway outlets to help support our local hospitality industry.
Finally, throughout the Covid-19 pandemic, we offered up free access to our Certified File Transfer Professional (CFTP) qualification. Across the last 18 months that has seen over $40,000 worth of training and certification given away for free. We’ve used CFTP to enable hundreds of professionals to retrain, add new knowledge to their CVs and develop skills and learnings that will support them and make them more employable.
We continue to prioritize buying locally wherever possible – be that getting our milk and cleaning products from a local sustainable supplier or using local venues for conferences, meetings or events.
Tackling economic inequality

Tackling economic inequality

Pro2col have partnered up with The Friends of Dorset Care Leavers (, a charity organization that supports young people aged 18-25 as they leave the care system. The charity aims to reduce isolation, loneliness and supports care leavers with their aims for the future.
With our technical expertise we have decided that rather than just supporting the charity financially, we could make a dramatic difference by supporting them with the re-launch of their website. Together with the charity we have begun rebuilding their website and their online shop. Using our technical experience, web development skills and marketing insights to build an online platform that will increase the web presence of the charity and build a secure, visible platform that they can use to increase interest in, and donations to the charity.
Alongside our support building their website, we are also making our Certified File Transfer Professional course (CFTP) available to any of the young people they are supporting who are interested in pursuing a career in technology.
Two members of the Pro2col team have signed up to mentor and support care leavers, providing a friendly face, someone who can offer advice and support and help young care leavers take their first steps into the workplace.
Equal opportunity

Equal opportunity

Pro2col are committed to being an equal opportunities employer and oppose all forms of unlawful discrimination. Our objective is to have a diverse workforce and our long-term aim is that the composition of our workforce should broadly reflect that of our local community.
We believe that individuals should be treated on their merits and that employment-related decisions should be based on objective job-related criteria such as aptitude and skills. We have developed a Great People Framework to ensure that our team receives the same treatment, skills-based evaluations, training, and opportunities for progression.
We have set out specific policies to ensure our recruitment, pay, benefits, promotion, training, and disciplinary procedures. Pro2col commits to:
- Create an environment in which individual differences and the contributions of all team members are recognized and valued.
- Create a working environment that promotes dignity and respect for every employee
- Not tolerate any form of intimidation, bullying or harassment
- Encourage employees to treat everyone with dignity and respect

We aim to apply these policies to all those working at our workplace, including agency, casual and freelance staff as well as employees.


Pro2col’s goal is for its team to be made up of healthy and happy employees. We strive to do the right thing for our clients and customers, and it is only right that we do the same for our employees. To do this we have adopted a range of policies and strategies to ensure that we are focused on maintaining the health and wellbeing of our teams.
We are particularly conscious about the mental wellbeing of our team as they emerge from the isolation and loneliness of the pandemic and get accustomed to our new hybrid working model. To make sure we are equipped to assist our team, every member of the Pro2col management team is offered mental health first aid training, giving us the knowledge and skills to be able to approach our team and colleagues about their mental state.
Alongside working to improve the mental health of our teams we have recently introduced a cash health plan as a business benefit to give our staff access to a wide range of medical services, 24-hour access to consultants and GPs and the ability to get specialist treatment for both new and pre-existing conditions.
Our commitment to health and wellbeing extends outside of our direct team. We have a Health and Wellbeing charity team within Pro2col who work with local charities and organisations in the local area. They have been working in conjunction with Christchurch Library to become digital guardians / embedded digital champions to help residents who use the library for access to digital services but lack the technical knowledge or confidence to use online tools. They have also provided technical services and support to local retirement and care facility residents.


£6,000.00 to £30,000.00 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
As standard, there is 15 day free Proof of Concept of Arcus. This will be set at the tier selected and will include access to the support team for assistance with onboarding and configuration.
Link to free trial
Please contact

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.