GoAnywhere MFTaaS (Fortra) - from HANDD (MFT)
GoAnywhere MFTaaS (Managed File Transfer as a Service) is a cloud-based solution for secure file transfers. It offers encryption, automation, and centralised management, enabling businesses to securely exchange data across systems, partners, and platforms. It simplifies file transfer processes while ensuring compliance with data security regulations.
Features
- Utilises AES, SSH, SSL/TLS to secure data transfers.
- Automate workflows for seamless, efficient file transfer processes.
- Control and monitor transfers from a single interface.
- Ensures continuous operation with failover and load balancing.
- Facilitates adherence to HIPAA, GDPR, PCI DSS regulations.
- Instantly share files securely with authorised recipients.
- Seamlessly integrate with existing applications and systems.
- Tracks all file transfer activities for compliance and accountability.
- Distribute workloads across multiple servers for scalability and reliability.
- Supports SFTP, FTPS, HTTPS, AS2 for secure data exchange.
Benefits
- Eliminate hardware costs and reduce operational expenses significantly.
- Ensure data integrity with robust encryption and authentication measures.
- Simplify file transfers with automated workflows and centralised management.
- Access and transfer files securely from anywhere, anytime.
- Easily scale up or down to accommodate changing business needs.
- Stay compliant with industry regulations like HIPAA, GDPR effortlessly.
- Save time with automated processes and improved workflow orchestration.
- Ensure high availability and reliability with built-in failover and clustering.
- Facilitate secure file sharing with partners and clients.
- Tailor workflows and configurations to suit specific business requirements precisely.
Pricing
£6,000 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 4 7 4 2 7 4 8 0 5 9 1 1 3 0
Contact
HANDD Business Solutions
Matthew Parkinson
Telephone: 07779150169
Email: matt.parkinson@handd.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Standard system upgrades are required periodically but upgrades are unlikely to reduce service uptime. Customers can choose from a selection of pre-determined maintenance windows.
- System requirements
- Please ask for up-to-date minimum system requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- HANDD provide first and second line support during UK business hours Monday to Friday from 8:00am to 6:00pm with response times varying from as little as 30 minutes depending on severity. Out of hours support is available with our premium support plan.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- There is a web chat functionality available via our website.
- Web chat accessibility testing
- N/A
- Onsite support
- Yes, at extra cost
- Support levels
- HANDD Business Solutions provide a range of wrap around services depending on customer requirements. This can be purchased as time and materials or against scope of works with guaranteed deliverables to ensure pricing consistency. Standard vendor support is included and upgraded support or managed services can be provided at additional cost bespoke to customer requirements.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- All customers are provided with GoAnywhere user guides and supporting documentation. We understand users workflows must not be unduly impacted and through our pre-sales process, onboarding, Delivery, management and training processes give all relevant stakeholders confidence that the solution will deliver expected business outcomes. Thinking about the whole journey and delivering against business outcome not just a product is critical to success. HANDD understand these business and security challenges in detail and help towards achieving these goals from inception through to delivery and beyond.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Bespoke to customer requirements
- Training videos
- Word Documents
- End-of-contract data extraction
- HANDD do not require access to customer data. HANDD only hold data of the contacts required to deliver the product for example technical onboarding staff and relevant commercial contacts to enable operation of the contract. These contacts have the right to be forgotten as applicable under existing GDPR regulations as applicable under law
- End-of-contract process
- Licences are bought as subscription licences and as such access is removed at the end of the contract. Where services, managed services or as-a-Service is purchased, access to these services are terminated if the contract is not extended. Additional costs can apply for services outside of those contracted, these could include: additional training configuration services (via professional services)
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Free mobile apps for Android and iOS are available. Depending on the permissions defined for the account in EFT, users can upload, download, preview, open in an external viewer, add to vault, share, rename or delete files, and create folders. The mobile app also encrypts files in a storage vault for users who need to work offline.
The web interface can also be accessed via a mobile device. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- This is accessed via a remote desktop web client. Administrators have the ability to manage users, workflows, folder structures and reports from there.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
- Any administrative action can also be performed via the API. The API is COMbased and is called by either a script or program.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- GoAnywhere MFTaaS is installed as "single-tenant" each customer has their own private deployment.
Analytics
- Service usage metrics
- Yes
- Metrics types
- The Advanced Reporting Module (ARM) captures transactions passing through GoAnywhere and provides an administration interface where users can access preconfigured reports or create custom reports. Data is stored in a relational database and can be analysed in real time. The advanced reporting module comes with a number of pre-configured reports designed to respond to the most common data analysis requests. GoAnywhere will provide usage reports on uptime, bandwidth, event rules and storage use.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Fortra (Previously Helpsystems)
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Any user data held by HANDD or the vendor will be removed at the end of the contract as appropriate.
- Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
- Native formats
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- SLA's can be agreed on a per customer basis. Service is delivered against specific outcomes to ensure delivery against business objectives. Normal operational uptime is expected to be 99%+.
- Approach to resilience
- Services are provided with inherent cloud resiliency but additional resiliency can be provided with High availability configuration or across cloud availability zones depending on requirements
- Outage reporting
- Via service logs
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access control is granted on the principle of least privilege. Users are only provided access to the information they require to perform their tasks and role.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 08/03/2023
- What the ISO/IEC 27001 doesn’t cover
- 9.4.5 Access control to program source code 12.1.4 Separation of development, testing and operational environments 14.2.1 Secure development policy 14.2.4 Restrictions on changes to software packages - HANDD does not develop systems. HANDD uses SaaS solutions only. 14.2.5 Secure system engineering principles - HANDD does not develop software or code. We are a licensed reseller of software only 14.2.6 Secure development environment 14.2.7 Outsourced development 14.2.8 System security testing 14.3.1 Protection of test data HANDD does not develop software or code. We are a licensed reseller of software only
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- The following is available on request only HANDD Business Solutions operate under all relevant legal, regulatory and contractual compliance requirements as documented in the Legal and Contractual Requirements Register. The register is maintained through the continual improvement process and the audit plan. Legal and Contractual Requirements Register contains details of the applicable information security standards. As a minimum the following apply • ISO 27001 • Cyber Essentials Role Responsibility General Manager- Endorse the Information Security Management System. Senior Management Team- Owns the information security management system, the information security management objectives and agrees risk mitigation. Management Review Team- Is responsible for ensuring the effective delivery of the information security management system and its continual improvement. The Management Review Team meets at least quarterly and follows the agenda as laid out in the ISO 27001 standard. Head of IT Operations- Responsible for the day-to-day management and running of the information security management system including risk management and continual improvement. Specific Roles- A RASCI table is in place that shows who is accountable, who is responsible, who is consulted and who is informed.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Detail available on request -HANDD internal change control brief summary:
Changes must be submitted to the HANDD CAB within timescales listed below for approval. All changes summited will be aligned with the customer CAB to ensure that there is adequate time to be presented for initial review at the weekly review meetings.
Changes must be submitted using the RFC form by providing as much detail as possible before submitting to the customer CAB for approval.
Any change submitted with less than two business day’s notification is considered an emergency request and must follow the Emergency process - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- HANDD detailed vulnerability management available on demand and subject to NDA
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Available on demand and subject to NDA
- Incident management type
- Supplier-defined controls
- Incident management approach
- HANDD policy available on demand and subject to NDA
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Equal opportunityEqual opportunity
HANDD’s Equal Opportunities Policy The aim of this policy is to communicate the commitment of the Board and management to the promotion of equality of opportunity in HANDD Business Solutions. It is our policy to provide equality of staff membership to all, irrespective of: gender, including gender reassignment marital or civil partnership status having or not having dependents religious belief or political opinion race (including colour, nationality, ethnic or national origins, being an Irish traveller) disability sexual orientation age We are opposed to all forms of unlawful and unfair discrimination. All members of the organisation will be treated fairly and will not be discriminated against on any of the above grounds. Decisions on membership, selection for office, training or any other benefit will be made objectively, without unlawful discrimination, and based on aptitude and ability. To request a copy of this policy please email careers@handd.co.uk
Pricing
- Price
- £6,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- There is a 15 day proof of concept trial license of GoAnywhere MFTaaS available. This will include access to the support team for assistance in getting this deployed.
- Link to free trial
- Please contact tenders@handd.co.uk