Pro2col Ltd

HelpSystems GoAnywhere MFTaaS

GoAnywhere is a secure managed file transfer solution that automates, encrypts and streamlines data transfers using a centralised enterprise-level approach. Whether files reside in the cloud or a hybrid environment, GoAnywhere delivers the security and control you need to move data safely between systems, locations, users and trading partners.

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS
• AES 256-bit encryption of files both in-transit and at-rest
• Cryptographic tamper-evident database logs all activities
• Unlimited Simultaneous Local/Remote Users across all protocols
• Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
• Granular permissions for access to files and folders
• Secure Folder Sharing for simple, secure, controlled collaboration
• 99.9% uptime with high availability
• Out of the box integration with extensive range of applications
• Transfer or transform files using application workflows

Benefits

• Share files with internal and external users easily and securely
• Single platform for one-off file sharing and collaboration
• Secure access to files with authentication and granular permissions
• Automate workflows between any combination of systems and people
• Meet information security compliance requirements with visibility and control
• Reduce the risks of non-documented scripts and manual processes
• No patching and up-to-date security ciphers and software versions
• Reduce IT operational costs including hardware, software maintenance, and support
• Reduce the risks of downtime for this critical business system
• Reduce IT load for system management and partner onboarding

£6,000 to £30,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

448201296703027

Contact

G-Cloud Team
​0333 123 1240
gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Service availability is calculated with a monthly uptime percentage of at least 99.9%.; HelpSystems will perform regularly scheduled upgrades, enhancements and general maintenance. During this time the service may have limited or no availability. HelpSystems will provide a minimum of 7 days’ notice via email to the primary email address listed on the customer account for any scheduled maintenance event.; Tier 1 does not support clustering. Clustering is mandatory in Tier 2 and 3.
• System requirements:
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. ; Out of hours support is handled by the vendor from the USA. Response times are as follows: One hour response time for critical issues, two for high severity and one business day thereafter.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One hour response SLA during UK office hours (09:00-17:30). Support is included in the GoAnywhere MFTaaS subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. GoAnywhere MFTaaS comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: HelpSystems provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Within the product
• End-of-contract data extraction: User data can be downloaded using either browsers or file transfer clients.; Configuration data can be extracted from the database and saved in a suitable medium (csv/excel/xml/json/database).
• End-of-contract process: Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter.; Upon termination of the service, live customer data is securely deleted via scripted removal of the environment and all such customer data (including backups) are cycled out of the SaaS system and securely deleted after 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile client offers both Secure Mail and GoDrive, a file collaboration and sharing document options.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: GoAnywhere MFT is configured and managed from a web-based GUI. GoAnywhere administrators are assigned roles that allow them to access and manage capabilities. Permissions can be set a very granular level.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The REST API is available for all aspects of administration, workflow management and file transfers.; Users must be authenticated and authorised to use the HTTPS service.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Administrators can customise:; • Administration dashboard; • End User branding; • End User logo; • Available End User functions; • Password policy; • Archive policy; • Security settings.; ; Most customisation is performed through administration web GUI.; ; Workflows and notification emails generated are bespoke.

Scaling

• Independence of resources: The system is scalable and resources can be added if required without impacting existing service.

Analytics

• Service usage metrics: Yes
• Metrics types: HelpSystems track storage and bandwidth metrics and can set up alerts to make sure customers are aware if they are approaching usage thresholds. Dashboard access is planned for a later release.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: HelpSystems

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Proprietary encryption of user data
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data can be exported using a browser or any desktop file transfer client
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Configuration data: xml, json, DB etc
  • User data in same format as it is being stored
• Data import formats:
  • CSV
  • Other
• Other data import formats: Data can be uploaded in any format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Any data transferred between the networks will be protected by either TLS 1.2 or SSH. Additionally, files may be encrypted using PGP.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AES256 encryption of user data at rest.

Availability and resilience

• Guaranteed availability: 99.9% availability.; In the event of not meeting this target, service credits are awarded. SLA (Monthly Uptime Percentage) Service Credit are as follows:; • Less than 99.9% but equal to or greater than 99.0% Five (5) days; • Less than 99.0% but equal to or greater than 95.0% Fifteen (15) days; • Less than 95.00% Thirty (30) days.
• Approach to resilience: GoAnywhere MFTaaS is installed in AWS. Resilience of the highly available infrastructure and load balancing is backed up by SLAs from AWS. Customers also have the option to cluster GoAnywhere for further resilience on Tier 2 and Tier 3.
• Outage reporting: Email alerts issued in the unlikely event of an outage.; The HelpSystems and Pro2col Support teams will triage the problem to either find a solution (if it is in GoAnywhere MFTaaS) or work with AWS support to find a solution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to varying system resources are divided into roles and different administrators are awarded one or more roles.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Pro2col is IS0 27001 certified, covering provision of additional services

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Helpsystems' business leadership (or other accountable business role or function) shall review the information security policy at planned intervals or as a result of changes to the organisation to ensure its continuing alignment with the security strategy, effectiveness, accuracy, relevance, and applicability to legal, statutory, or regulatory compliance obligations.; All staff are regularly trained on information security and Helpsystems sell a range of information security solutions. ; Further information is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: HelpSystems operate a full and detailed software development methodology, with clear phases for planning, design, development, testing and deployment. ; ; Baseline security requirements shall be established for developed or acquired, organisationally-owned or managed, physical or virtual, applications and infrastructure system, and network components that comply with applicable legal, statutory, and regulatory compliance obligations. Deviations from standard baseline configurations must be authorised following change management policies and procedures prior to deployment, provisioning, or use; Further details of this policy are available under NDA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HelpSystems is always focused on the security of their suite of products . They employ a variety of procedures and tools to identify vulnerabilities and remediate them as soon as possible. ; ; A number of sources are used to identify security vulnerabilities including:; ; • Internal security scans ; • Manual penetration testing; • External reports from security researchers ; • Reports from customers ; ; See https://www.goanywhere.com/support/release-notes/mft for details of recent releases. Customers are notified of all updates and fixes by email, on the website and within the software.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Each system shall be hardened to provide only necessary ports, protocols, and services to meet business needs and have in place supporting technical controls such as: antivirus, file integrity monitoring, and logging as part of their baseline operating build standard or template. ; ; GoAnywhere MFTaaS is closely monitored, leveraging the capabilities of AWS to meet the SLAs for customers.; Further details available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Helpsystems will monitor that AWS plaftform. The customer can configure GoAnywhere to send notifications on failure through syslog access, email, SMS and other custom solutions as required. For example, integration with ServiceNow is available.; Helpsystems will provide reports on Service Credits should the platform be unavailable.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Doing things right, doing the right thing. That’s the ethos that we live by at Pro2col. That mantra drives our commitment to protecting and preserving the environment. Our environmental policy focuses on three key areas. ; ; 1) Reducing emissions: We make environmentally-driven decisions within our office – switching to a green energy provider who delivers 100% renewable energy, using environmentally friendly cleaning products and office supplies, encouraging our team to travel to work by sustainable methods and establishing a cycle to work scheme. Where possible we’ve chosen to reduce work trips and on-site work to deliver our services and support remotely and sustainably. Our hybrid work policy has reduced the number of unnecessary commutes into the office.; ; 2) Reducing waste: We campaign against today’s throwaway culture, recognizing that recycling is good, reusing is better, not buying at all is better still. We encourage our staff to recycle or use reusable materials. Our office acts as a crisp packet recycling point where anyone in the local area can drop off crisp packets and we’ll take them off to be recycled. We even got our local coffee shop to transition to compostable coffee cups and lids…; ; 3) Inspiring the community: We strive to involve our wider community in our environmental efforts. As a company we’re incredibly lucky to be a stone’s throw from the beach and some of the most spectacular countryside in the UK. And we want to protect and support that environment. So, every year we organize a beach clean. The whole Pro2col team gets involved. We bring along our families and friends. We invite our partners and suppliers. We involve local businesses. Last year we collected 16kg of rubbish and covered 300m of beach.
• Covid-19 recovery:

  Covid-19 recovery

  Covid-19 Recovery; ; At Pro2col we’re passionate about our local area – and supporting the businesses in our local area. We’re particularly focused on supporting the brilliant array of independent retail, hospitality and manufacturing operators in the area.; As part of our team culture and benefits we offer every member of the team a voucher to celebrate their birthday and their work anniversary with Pro2col. Following the Covid-19 outbreak we decided that we were going to ensure these vouchers were only spent with local retailers. Similarly, when we were forced to cancel our Christmas parties, we decided to allocate funds to our employees for them to spend at local delivery and takeaway outlets to help support our local hospitality industry. ; Finally, throughout the Covid-19 pandemic, we offered up free access to our Certified File Transfer Professional (CFTP) qualification. Across the last 18 months that has seen over $40,000 worth of training and certification given away for free. We’ve used CFTP to enable hundreds of professionals to retrain, add new knowledge to their CVs and develop skills and learnings that will support them and make them more employable. ; We continue to prioritize buying locally wherever possible – be that getting our milk and cleaning products from a local sustainable supplier or using local venues for conferences, meetings or events.
• Tackling economic inequality:

  Tackling economic inequality

  Pro2col have partnered up with The Friends of Dorset Care Leavers (https://www.friendsofdorsetcareleavers.org.uk/), a charity organization that supports young people aged 18-25 as they leave the care system. The charity aims to reduce isolation, loneliness and supports care leavers with their aims for the future. ; With our technical expertise we have decided that rather than just supporting the charity financially, we could make a dramatic difference by supporting them with the re-launch of their website. Together with the charity we have begun rebuilding their website and their online shop. Using our technical experience, web development skills and marketing insights to build an online platform that will increase the web presence of the charity and build a secure, visible platform that they can use to increase interest in, and donations to the charity. ; Alongside our support building their website, we are also making our Certified File Transfer Professional course (CFTP) available to any of the young people they are supporting who are interested in pursuing a career in technology. ; Two members of the Pro2col team have signed up to mentor and support care leavers, providing a friendly face, someone who can offer advice and support and help young care leavers take their first steps into the workplace.
• Equal opportunity:

  Equal opportunity

  Pro2col are committed to being an equal opportunities employer and oppose all forms of unlawful discrimination. Our objective is to have a diverse workforce and our long-term aim is that the composition of our workforce should broadly reflect that of our local community.; We believe that individuals should be treated on their merits and that employment-related decisions should be based on objective job-related criteria such as aptitude and skills. We have developed a Great People Framework to ensure that our team receives the same treatment, skills-based evaluations, training, and opportunities for progression.; We have set out specific policies to ensure our recruitment, pay, benefits, promotion, training, and disciplinary procedures. Pro2col commits to:; - Create an environment in which individual differences and the contributions of all team members are recognized and valued.; - Create a working environment that promotes dignity and respect for every employee; - Not tolerate any form of intimidation, bullying or harassment; - Encourage employees to treat everyone with dignity and respect; ; We aim to apply these policies to all those working at our workplace, including agency, casual and freelance staff as well as employees.
• Wellbeing:

  Wellbeing

  Pro2col’s goal is for its team to be made up of healthy and happy employees. We strive to do the right thing for our clients and customers, and it is only right that we do the same for our employees. To do this we have adopted a range of policies and strategies to ensure that we are focused on maintaining the health and wellbeing of our teams. ; We are particularly conscious about the mental wellbeing of our team as they emerge from the isolation and loneliness of the pandemic and get accustomed to our new hybrid working model. To make sure we are equipped to assist our team, every member of the Pro2col management team is offered mental health first aid training, giving us the knowledge and skills to be able to approach our team and colleagues about their mental state. ; Alongside working to improve the mental health of our teams we have recently introduced a cash health plan as a business benefit to give our staff access to a wide range of medical services, 24-hour access to consultants and GPs and the ability to get specialist treatment for both new and pre-existing conditions. ; Our commitment to health and wellbeing extends outside of our direct team. We have a Health and Wellbeing charity team within Pro2col who work with local charities and organisations in the local area. They have been working in conjunction with Christchurch Library to become digital guardians / embedded digital champions to help residents who use the library for access to digital services but lack the technical knowledge or confidence to use online tools. They have also provided technical services and support to local retirement and care facility residents.

Pricing

• Price: £6,000 to £30,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full featured trial is available for 30 days

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.