Foldr connects many different types of storage all to one central location – whether on-premise or an existing Cloud Service (such as Dropbox, Google Drive, Office365 OneDrive & Sharepoint, Box and Amazon S3). Foldr presents a unified place for access, Cloud, Hybrid or on-premise.
- Remote access
- GDPR Compliance
- Data sharing
- Single Sign on SSO
- Sharing documents
- Live editing of documents
- Single Sign on SSO
- Document gathering and management
£1198 per licence per year
- Education pricing available
- Free trial available
Minnow IT LTD
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Azure, GSuite, Dropbox, other cloud based infrastructure.|
|Cloud deployment model||
|Service constraints||Minimum operating specifications are listed in the guidance document for hosted and on-premise usage.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 1 hour|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Support levels||One level of support with named technical response support operative.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||User documentation, remote installation services and online demonstrations are all available if required.|
|End-of-contract data extraction||User data is held in the buyers' preferred storage medium, not transferred to supplier so no extraction is required.|
|End-of-contract process||A licence to use the software for the length of the licence purchased. After expiry the software becomes inert but does not prevent access by other means.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Interface / visual|
|Description of service interface||Web based|
|Accessibility standards||None or don’t know|
|Description of accessibility||N/A|
|Accessibility testing||Native operating system accessibility features - voice over etc.|
|Description of customisation||Colour / branding adjustments are available controlled by administrators.|
|Independence of resources||Each appliance is hosted by the end customer, be that on premise or in a hosted environment. Therefore each appliance is separate from the resources used by others.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||
Data is encrypted by OpenSSL using AES-256
encryption. All encrypted data is signed using a message authentication code (MAC) so that the underlying value can not be modified once encrypted.
The encryption key is unique for each instance and can be
changed by the administrator if required.
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Data is self hosted either in a cloud environment or on-premise and so subject to their existing export approaches.|
|Data export formats||Other|
|Other data export formats||Data is self hosted and so subject to existing approaches.|
|Data import formats||Other|
|Other data import formats||Data is self hosted and so subject to existing approaches.|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Availability is entirely under the control of the entity administrating the appliance and therefore subject to their own SLA.|
|Approach to resilience||Our service is self-hosted, be that in a hosted environment or on-premise.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management interfaces are not externally available. Remote support access is off by default (and reboot), initiated by the appliance administrator only and requires an administrator supplied random key (valid for 30 seconds, reset at reboot) to connect.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Internally, board level control via development processes. The installation security governance is controlled via the hosting provider and business policies applied by the end user.|
|Information security policies and processes||
Internally, board level control via development process.
Industry accepted standards are maintained as per our white paper, covering all aspects of encryption methods and operational uses.
Direct development control is undertaken by board level directors to ensure compliance.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Regular updates are communicated via the internal update mechanism however they are not mandated; the individual requirements of the hosting entity or business are adhered to.
Version number records are kept through the entire development line to ensure threat management is available and threat mitigation is undertaken in a timely fashion.
Change monitoring is undertaken and versioning is effective in mitigating emerging threats.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Software components included are monitored for live threat emergence; these are mitigated often prior to official threat reduction.
Software patches are released according to severity. The most severe are typically fix-released within hours.
Threat emergence via CVE is the main source reviewed.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The installation provides all detailed logging information and does not report off-site. The hosting provider or end business control the access and therefore, the information, as to incident prevention. Direct access to assistance is provided for additional mitigation.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Users or end user business controllers are able to report directly to the board and development team via our support channel. This is usually via email however telephone support is available.
All incidents are recorded in our CMS for future reference and evidence.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£1198 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Fully functional appliance with support included, initial trial period is for 30 days but can be expanded for those who have more complex deployment requirements.|