Thru Secure Enterprise-Class Managed File Transfer
Leading provider of cloud-native, enterprise grade, secure managed file transfer solutions. Designed as no-code, easy to use and built for iPaaS. Market-first technologies designed to tackle the most demanding and complex file transfer challenges. Event-driven architecture and asynchronous parallel processing improve performance, reliability and scalability.
Features
- Subscription-based licence model
- API-centric, native MFT extension of iPaaS
- No code needed for configuration or management
- Simple and fast partner onboarding
- Guaranteed delivery of large file data and metadata sets
- Publish-subscribe design
- Detailed logging and reporting
- Self-service web portal
Benefits
- Cloud native, no provisioning software, hardware, no maintenance
- Integration with leading iPaaS platforms using Thru native connectors
- Onboard partners within minutes allowing faster decision making
- Persistent delivery and secure file storage, checkpoint restart
- Flexible and simple connections of file transfer flows
- Single pane of glass management
- Drill into file transfer and system activity, view granular details
- Manage file transfers via self-service portal
- Simplify partner organisations' onboarding and protocol endpoints
- Web based configuration and management. Developer skill set not required
Pricing
£21,250.00 a server a year
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
5 8 6 4 4 9 8 6 0 7 7 1 6 2 7
Contact
Pro2col Ltd
G-Cloud Team
Telephone: 0333 123 1240
Email: gcloud@pro2colgroup.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Planned maintenance to service will be communicated to users with notice period as specified in service terms and conditions.
- System requirements
- Thru provided as a managed service
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Four hour response from Level 1 support team.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Link from support page.
- Web chat accessibility testing
- NA
- Onsite support
- Yes, at extra cost
- Support levels
-
Level 1-3
Technical Account Manager available - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onboarding and training session provided.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customers have manual or automated processes for extracting their data. Upon service termination data is held for 30-days for customers to extract.
- End-of-contract process
- Upon notification of end of contract and reaching end of contract date, platform/site is disabled and data is retained for 30-days before being purged.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference
- Service interface
- Yes
- Description of service interface
- Administration dashboard
- Accessibility standards
- None or don’t know
- Description of accessibility
- Don't know
- Accessibility testing
- Don't know
- API
- Yes
- What users can and can't do using the API
-
Refer to API documentation
https://www.thruinc.com/integration-api/ - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Vanity URL, branding, basic web customisation
Scaling
- Independence of resources
- Platform is built to scale automatically
Analytics
- Service usage metrics
- Yes
- Metrics types
- Thru provides user, storage, files and transaction metrics.
- Reporting types
-
- API access
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Thru Inc.
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Via web browser (HTTPS), FTPS/SFTP or API
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Native file format
- Database audit records in CSV
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.99% uptime
- Approach to resilience
- Service is built in a highly available design with multiple instances of each component. More information upon request.
- Outage reporting
- A status page is provided - https://status.thruinc.com
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Via group mechanisms
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- NA
- Information security policies and processes
- NA
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All configuration and changes are logged
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Firewall access is limited to security level personnel and change records are tracked and approved.
(WAF) filters HTTP traffic managed by Network Security team.
Inspection of web traffic and dynamically learning from flows to regulate legitimate and potentially malicious traffic.
Network security team performs weekly reviews of WAF reports to eliminate any false positive events.
IDS is deployed and configured to further protect Thru’s customer for all non-http traffic.
Configured to take automatic detect attack signatures and take preventative action.
Intrusion detection signatures are updated within 72 hours of release. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
-
• Alert logics 24x7 global monitoring and threat management
• IMPERVA web application firewall security platform
• Qualys used for web application vulnerability and infrastructure scanning
• Fortify used for application security testing
• NTA Monitor Comprehensive security testing, external hacking, encryption and secure handling of client data. - Incident management type
- Undisclosed
- Incident management approach
-
• Thru has pre-defined processes for common events
• Users can report incidents via the usual channels
• Incident reports are provided when requested.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £21,250.00 a server a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- All functionality is included for up to 30-days. Extensions can be requested on a case by case basis.
- Link to free trial
- https://www.thruinc.com/