Pro2col Ltd

Progress MOVEit Cloud

Progress MOVEit Cloud provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting. Encryption and activity tracking enable compliance with regulations including PCI and GDPR. Extend file transfer capabilities to all users whilst retaining control and visibility. UK hosting available.

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS
• AES 256-bit encryption of files both in-transit and at-rest
• Cryptographic tamper-evident database logs all activities
• Unlimited Simultaneous Local/Remote Users across all protocols
• Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
• Granular permissions for access to files and folders
• Secure Folder Sharing for simple, secure, controlled collaboration
• 99.9% uptime with high availability and SOC 2 approved
• Automated workflows with conditional logic
• Desktop client for drag-and-drop file downloads and uploads

Benefits

• Share files with internal and external users easily and securely
• UK hosted, single platform for one-off file sharing and collaboration
• Secure access to files with authentication and granular permissions
• Automate workflows between any combination of systems and people
• Meet information security compliance requirements with visibility and control
• Reduce the risks of non-documented scripts and manual processes
• No patching and up-to-date security ciphers and software versions
• Reduce IT operational costs including hardware, software maintenance and support
• Reduce the risks of downtime for this critical business system
• Reduce IT load for system management and partner onboarding

£135.00 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

632352605129335

Contact

G-Cloud Team
​0333 123 1240
gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.; Automation in the cloud is only available on dedicated infrastructure.; Minimum of 25 users on MOVEitCloud Professional or Premium
• System requirements:
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is handled by the vendor from Galway Ireland and Boston USA. Progress commit to a one hour response time for production affecting issues / restricted operations.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One hour response SLA during UK office hours (09:00-17:30). Support is included in the MOVEitCloud subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability.; MOVEit Cloud comes with 24/7 support as standard for Severity 1 tickets.; Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Progress provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col are certified training partners for Progress and also offer vendor agnostic FTP training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Either the customer or Progress can provide an extract of the information at the end of the contract period. Progress will retain User Data for 30 days post the end of the contract and then it will be destroyed.
• End-of-contract process: Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Progress will extract the User Data and will not have system access from the date of contract expiration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface for MOVEit Cloud can be accessed via a mobile device. In addition there are free native Android and iOS applications available for MOVEit.; Both mobile and desktop services support person to person use cases like:; •Uploading and downloading of files; •Uploading videos and pictures; •Sending Secure Mail and attachments; •Performing file and and folder editing tasks and; •Shared Folders with other users; ; The mobile app does allow for taking photos or videos and then uploading these to securely transfer and share them.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is browser based. In addition, you can monitor the availability of the service at any time by; visiting http://status.moveitcloud.com
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None, however MOVEit has been certified as compliant with the Americans with Disabilities Act (ADA) standards for web and windows application design.; ; The MOVEit Transfer complete compliance statement can be found at:; https://docs.ipswitch.com/MOVEit/Transfer2020/Help/Admin/en/index.htm#23583.htm
• API: Yes
• What users can and can't do using the API: MOVEit provides a REST, Java and .NET API.; The REST API enables you to develop, integrate and deploy secure file transfer and management applications that leverage your organisation or system-wide MOVEit Transfer solution.; Using the Transfer REST API, you can connect systems and clients to MOVEit Transfer using simple HTTP calls. In general, REST APIs are language and platform independent and can be the best choice to converge information systems, circumvent the unending need for client-server dependency maintenance, and span any combination of environments (including IoT, mobile, and much more).; For the REST API: https://docs.ipswitch.com/MOVEit/Transfer2019_2/API/Rest/; For The Java API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/Java/index.html; For the .NET API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/dotNet/html/2627398e-357a-6af8-3283-d7bf66e0ff05.htm
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: MOVEit Cloud provides a vanilla, best practice security configuration, but can be configured to meet bespoke requirements. Customisation includes areas such as branding, email templates, password policy, user group permissions, archive policy, user management, package settings for one off transfers. In MOVEit Automation, all workflows are customised based on source, host and logic.

Scaling

• Independence of resources: For a complete guarantee, MOVEit Cloud offers a dedicated platform. MOVEit Cloud incorporates business continuity and disaster recovery assurances and leverages a highly available load-balanced web-farm environment to minimise downtime and prevent data loss. MOVEit Cloud is hosted in a geographically dispersed server infrastructure complete with continuous data center replication to ensure strict up-time and SLAs are met.

Analytics

• Service usage metrics: Yes
• Metrics types: MOVEit Cloud provides active dashboards of file and package transfer statuses. Interactive mode allows selectable and sortable status reports in addition to the full view.; You can use Live View to:; • Track volume of transfers (outgoing and incoming) at a glance; • Track latency of ongoing or recent transfers; • Track large and important transfers; • Quickly troubleshoot any incidents that could occur during daily operations.; MOVEit provides a range of pre-built reports plus the option to build customised report templates.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Progress

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Files will be exported in their native format
• Data import formats:
  • CSV
  • Other
• Other data import formats: Files can be uploaded in their native format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: SSH/SFTP encryption and file hashing.; The minimum strength of the encryption used during web transport is configurable.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: MOVEit Cloud has an uptime of 99.9% and a support response SLA of two hours, inside of support hours. Should this SLA not be met, the user is entitled to service credits as outlined below. ; ; Monthly Uptime Performance Target Service Credit; 99.0 to 99.9% three (3) days; 95.0 to 98.9% ten (10) days; Less than 95.00% thirty (30) days; A service credit will represent the right to extend the agreement; at no cost to you for the length of time shown.
• Approach to resilience: MOVEit Cloud leverage the resilience of Azure. Further information available on request.
• Outage reporting: You can monitor the availability of the service at any time by; visiting http://status.moveitcloud.com (“Status Site”). Progress use the Status Site to make announcements about all service availability-impacting work including scheduled maintenance and emergency maintenance. It will include details about the nature of the work being performed and offer guidance on the expected maintenance completion. You can sign up for proactive alerts available. ; In addition, you can set up email notifications within the system around specific triggers including workflows.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit Cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 360 Advanced
• PCI DSS accreditation date: March 2020
• What the PCI DSS doesn’t cover: Customer bespoke configuration changes
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • FIPS 140-2 certified cryptography

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Progress Software operates an Executive Security Committee which has directed that a security program and supporting policy framework be operated to protect the security interests of company infrastructure, the software it produces, and customer solutions it operates. The company information security program is responsible for protecting the confidentiality, integrity, and availability of information handled by company technology systems and outwardly facing technology products. It is established that this function will identify, assess, monitor, and remediate security issues in a manner that keeps risks under control and within company and customer appetite. The program is operated according to applicable laws, regulations, and industry best practices. The function shall leverage colleagues from across the company to effectively manage risk, and efforts remain transparent to leadership. The following program components underpin the Progress’ Information Security Program.; In addition, Pro2col are ISO27001 and Cyber Essentials certified. Information Security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Progress has a dedicated MOVEit Cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Progress public product security policy statement can be read at:; https://community.progress.com/s/article/Product-Security-Policy-Statement
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Progress leverage AlertLogic for IDS, CiscoAMP for anti-virus, NewRelic and GrayLog to monitor application performance, and security-related tools within Azure. Further details are available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Progress has a multi-phase incident response plan:; • Phase 1: Detection, Assessment and Triage; • Phase 2: Containment, Evidence Collection, Analysis and Investigation and Mitigation; • Phase 3: Remediation, Recovery, and Post-Mortem.; Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit Cloud operations teams. MOVEit Cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Doing things right, doing the right thing. That’s the ethos that we live by at Pro2col. That mantra drives our commitment to protecting and preserving the environment. Our environmental policy focuses on three key areas. ; ; 1) Reducing emissions: We make environmentally-driven decisions within our office – switching to a green energy provider who delivers 100% renewable energy, using environmentally friendly cleaning products and office supplies, encouraging our team to travel to work by sustainable methods and establishing a cycle to work scheme. Where possible we’ve chosen to reduce work trips and on-site work to deliver our services and support remotely and sustainably. Our hybrid work policy has reduced the number of unnecessary commutes into the office.; ; 2) Reducing waste: We campaign against today’s throwaway culture, recognizing that recycling is good, reusing is better, not buying at all is better still. We encourage our staff to recycle or use reusable materials. Our office acts as a crisp packet recycling point where anyone in the local area can drop off crisp packets and we’ll take them off to be recycled. We even got our local coffee shop to transition to compostable coffee cups and lids…; ; 3) Inspiring the community: We strive to involve our wider community in our environmental efforts. As a company we’re incredibly lucky to be a stone’s throw from the beach and some of the most spectacular countryside in the UK. And we want to protect and support that environment. So, every year we organize a beach clean. The whole Pro2col team gets involved. We bring along our families and friends. We invite our partners and suppliers. We involve local businesses. Last year we collected 16kg of rubbish and covered 300m of beach.
• Covid-19 recovery:

  Covid-19 recovery

  Covid-19 Recovery; ; At Pro2col we’re passionate about our local area – and supporting the businesses in our local area. We’re particularly focused on supporting the brilliant array of independent retail, hospitality and manufacturing operators in the area.; As part of our team culture and benefits we offer every member of the team a voucher to celebrate their birthday and their work anniversary with Pro2col. Following the Covid-19 outbreak we decided that we were going to ensure these vouchers were only spent with local retailers. Similarly, when we were forced to cancel our Christmas parties, we decided to allocate funds to our employees for them to spend at local delivery and takeaway outlets to help support our local hospitality industry. ; Finally, throughout the Covid-19 pandemic, we offered up free access to our Certified File Transfer Professional (CFTP) qualification. Across the last 18 months that has seen over $40,000 worth of training and certification given away for free. We’ve used CFTP to enable hundreds of professionals to retrain, add new knowledge to their CVs and develop skills and learnings that will support them and make them more employable. ; We continue to prioritize buying locally wherever possible – be that getting our milk and cleaning products from a local sustainable supplier or using local venues for conferences, meetings or events.
• Tackling economic inequality:

  Tackling economic inequality

  Pro2col have partnered up with The Friends of Dorset Care Leavers (https://www.friendsofdorsetcareleavers.org.uk/), a charity organization that supports young people aged 18-25 as they leave the care system. The charity aims to reduce isolation, loneliness and supports care leavers with their aims for the future. ; With our technical expertise we have decided that rather than just supporting the charity financially, we could make a dramatic difference by supporting them with the re-launch of their website. Together with the charity we have begun rebuilding their website and their online shop. Using our technical experience, web development skills and marketing insights to build an online platform that will increase the web presence of the charity and build a secure, visible platform that they can use to increase interest in, and donations to the charity. ; Alongside our support building their website, we are also making our Certified File Transfer Professional course (CFTP) available to any of the young people they are supporting who are interested in pursuing a career in technology. ; Two members of the Pro2col team have signed up to mentor and support care leavers, providing a friendly face, someone who can offer advice and support and help young care leavers take their first steps into the workplace.
• Equal opportunity:

  Equal opportunity

  Pro2col are committed to being an equal opportunities employer and oppose all forms of unlawful discrimination. Our objective is to have a diverse workforce and our long-term aim is that the composition of our workforce should broadly reflect that of our local community.; We believe that individuals should be treated on their merits and that employment-related decisions should be based on objective job-related criteria such as aptitude and skills. We have developed a Great People Framework to ensure that our team receives the same treatment, skills-based evaluations, training, and opportunities for progression.; We have set out specific policies to ensure our recruitment, pay, benefits, promotion, training, and disciplinary procedures. Pro2col commits to:; - Create an environment in which individual differences and the contributions of all team members are recognized and valued.; - Create a working environment that promotes dignity and respect for every employee; - Not tolerate any form of intimidation, bullying or harassment; - Encourage employees to treat everyone with dignity and respect; ; We aim to apply these policies to all those working at our workplace, including agency, casual and freelance staff as well as employees.
• Wellbeing:

  Wellbeing

  Pro2col’s goal is for its team to be made up of healthy and happy employees. We strive to do the right thing for our clients and customers, and it is only right that we do the same for our employees. To do this we have adopted a range of policies and strategies to ensure that we are focused on maintaining the health and wellbeing of our teams. ; We are particularly conscious about the mental wellbeing of our team as they emerge from the isolation and loneliness of the pandemic and get accustomed to our new hybrid working model. To make sure we are equipped to assist our team, every member of the Pro2col management team is offered mental health first aid training, giving us the knowledge and skills to be able to approach our team and colleagues about their mental state. ; Alongside working to improve the mental health of our teams we have recently introduced a cash health plan as a business benefit to give our staff access to a wide range of medical services, 24-hour access to consultants and GPs and the ability to get specialist treatment for both new and pre-existing conditions. ; Our commitment to health and wellbeing extends outside of our direct team. We have a Health and Wellbeing charity team within Pro2col who work with local charities and organisations in the local area. They have been working in conjunction with Christchurch Library to become digital guardians / embedded digital champions to help residents who use the library for access to digital services but lack the technical knowledge or confidence to use online tools. They have also provided technical services and support to local retirement and care facility residents.

Pricing

• Price: £135.00 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Evaluations can be provided either as a BYOL model for hosting in your own cloud infrastructure or in our hosted test environment. These run for 30 days and will include the modules requested. MOVEit Cloud evaluations also run for 30 days.
• Link to free trial: Please contact sales@pro2colgroup.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.