File Analysis Suite (Data Discovery) via SaaS - from Micro Focus

Micro Focus File Analysis solutions protect and secure data, reduce
information risk associated with data privacy, and provides secure access to critical data; to know where their data is stored,
who has access to it, and can passively or actively act on it, remediate
it, move it or delete it.


  • Data Privacy & Discovery
  • Sensitive Data Management & Compliance addressing PI/ PII, PCI, PHI
  • Governance of high-value assets, contracts, intellectual property & patents
  • Data lifecycle management
  • Content Analysis
  • Data Mapping
  • Actionable Analytics
  • Data Quality Tools
  • Rights bases Identity and access governance
  • Security and governance across business-critical lead applications and repositories


  • Governance and Compliance: Deep data discovery, data classification
  • Sensitive Data Analytics
  • Risk mitigation
  • Research Workspaces
  • Data Subject Analysis
  • Data Management: Remediation actions to be applied to selected files
  • Data Subject Access Request (DSAR) processing
  • Data Optimization - cleanup of legacy data


£0.13 to £0.72 a gigabyte a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukgovteam@microfocus.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 7 6 3 0 8 2 9 3 2 3 6 7 4 6


MICRO FOCUS Micro Focus Government Team
Telephone: 01635 565330
Email: ukgovteam@microfocus.com

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints
System requirements
  • Internet Access
  • Web Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hours turn-a-round for standard support queries. Better times available at request.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Standard Support: Self Service & Outreach. Free.

Enterprise Support: Customer Success Manager & Solutions Expert Team. Upgrade review meetings. Yearly Service Reviews. Focus on Adoption. £20000 Annually.

Premier Support: Named Customer Success Manager. Named Solutions Expert. Managed upgrades with choice of date & project manager. Comprehensive upgrade planning. Quarterly service reviews. Relationship-based services. Incident and crisis management. £75000 annually.
Support available to third parties

Onboarding and offboarding

Getting started
Training & education available through separate Micro Focus G Cloud offering. Provides live virtual and/or onsite classrooms at cost. Extensive user documentation and help website. https://www.microfocus.com/documentation/file-analysis-suite/
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Run export via standard UI.
End-of-contract process
Service Decommissioning
Customer may cancel Micro Focus SaaS by providing Micro Focus with sixty (60) days written notice
prior to the expiration of the SaaS Order Term ("Cancellation”). Such Cancellation shall be effective
upon the last day of the then current SaaS Order Term. Upon Cancellation, expiration, or termination of
the SaaS Order Term, Micro Focus may disable all Customer access to Micro Focus SaaS solution, and
Customer shall promptly return to Micro Focus (or at Micro Focus’s request destroy) any Micro Focus
Micro Focus will make available to Customer such data in the format generally provided by Micro Focus.
The target timeframe is set forth below in Termination Data Retrieval Period SLO. After such time,
Micro Focus shall have no obligation to maintain or provide any such data, which will be deleted in the
ordinary course.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
MyAccount, allows high level service dashboard. User & admin controls plus ticketing system.
Accessibility standards
None or don’t know
Description of accessibility
The service is generally WCAG 2.0 compliant but due to range of services and types of graphical data the service is constrained.
Accessibility testing
What users can and can't do using the API
Data Discovery has a Rest based APIs (Gateway Service) which represents many of the features that are shown in the standard web user interface.
All Gateway APIs are documented through the following URL. You can use this resource to research possible calls. Most of the methods are self-explanatory and relate to the UI interactions. However some of the names relate to the original functions e.g. for repositories use the “Job“ method.
https://www.demo.microfocusfileanalysis.com:9310/swagger/?TENANT=<tenant name>
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Each tenant is provisioned with standard grammars for PII detection but custom grammars can be configured using the UI using regex syntax
Each tenant is provisioned with default weighting labels to identify the level of risks associated with files. Label colours and scores can be editing and new ones created.
Each tenant is provisioned with default tag search criteria. New tags can be created with any keyword elastic search syntax, metadata and grammar entity criteria.
Term lists can be added from any text based source.
Workspaces templates can be created and edited to provide business processes based on analytical processing. Data Subject Access Request processing is provided but others can be created.


Independence of resources
Load balancing. Redundant architecture. 24/7 monitoring team.


Service usage metrics
Metrics types
Utilisation, users
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Object and volume storage containing non-ephemeral data is encrypted using the industry standard AES-256 algorithm (Encryption at Rest).
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Run exports using standard UI
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • API
Data import formats
Other data import formats
Agents are provided to index data

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We provide Customer access to the Software-as-a-Service production application on a twenty-four hour, seven days a week (24x7) basis at a rate of 99.9 % (“SaaS Service Uptime Metric”).
Approach to resilience
"To ensure that infrastructures such as: Remote access, Active directory, DNS services, mail services, DB services, and mission critical customer facing applications such as: the Customer Authentication systems, and the Ticketing system are fully disaster recoverable, using Business Impact Analysis (BIA) MFI SaaS identified and prioritized system components and mission/business processes, and established the backup strategies required to enable both employees and customers to keep a communication channel open in case of any disruption.
In the standard Recovery Point Objective (RPO), MFI SaaS performs both on-site and off-site backups as follows: (Unless there is a special customer contractual requirement)
 On-site backup occurs daily and includes a local copy of production data followed by an offsite backup of the same production data to a remote site.
 Backup process takes place out of working hours per region.
When there is a service disruption, customers are notified in accordance with the MFI SaaS customer notification Service Level Objective (SLO) statements."
Outage reporting
We use a centralized notification system to deliver proactive communications about application changes, outages and scheduled maintenance.

Identity and authentication

User authentication needed
User authentication
Other user authentication
Access restrictions in management interfaces and support channels
Industry standard Principle of least privilege (PoLP) is consistently applied. This is applied within the application, as well as within the back office (governing access to infrastructure resources, limiting intra-back office communications ,and so on).
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Standards Institute of Israel
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
2013 wholly compliant
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Corporate policies are designed after ISO 27001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All non routine changes go through change control requiring approval and verification post implementation
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Monthly Qualys scans, risk assesment based on findings for remediation
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Sitescope plus other monitoring services. Respond in real time via 24/7 monitoring team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Follows industries standards and complies with all contractual terms. Users report incidents by phone or raising a support ticket. Incident reports are mailed out to user base.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.13 to £0.72 a gigabyte a month
Discount for educational organisations
Free trial available
Description of free trial
Proof of concept tenants are available on request free of charge.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukgovteam@microfocus.com. Tell them what format you need. It will help if you say what assistive technology you use.