Pro2col Ltd

Thru Secure Enterprise-Class Managed File Transfer

Leading provider of cloud-native, enterprise grade, secure managed file transfer solutions. Designed as no-code, easy to use and built for iPaaS. Market-first technologies designed to tackle the most demanding and complex file transfer challenges. Event-driven architecture and asynchronous parallel processing improve performance, reliability and scalability.

Features

• Subscription-based licence model
• API-centric, native MFT extension of iPaaS
• No code needed for configuration or management
• Simple and fast partner onboarding
• Guaranteed delivery of large file data and metadata sets
• Publish-subscribe design
• Detailed logging and reporting
• Self-service web portal

Benefits

• Cloud native, no provisioning software, hardware, no maintenance
• Integration with leading iPaaS platforms using Thru native connectors
• Onboard partners within minutes allowing faster decision making
• Persistent delivery and secure file storage, checkpoint restart
• Flexible and simple connections of file transfer flows
• Single pane of glass management
• Drill into file transfer and system activity, view granular details
• Manage file transfers via self-service portal
• Simplify partner organisations' onboarding and protocol endpoints
• Web based configuration and management. Developer skill set not required

£21,250.00 a server a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

586449860771627

Contact

G-Cloud Team
​0333 123 1240
gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Planned maintenance to service will be communicated to users with notice period as specified in service terms and conditions.
• System requirements: Thru provided as a managed service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Four hour response from Level 1 support team.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Link from support page.
• Web chat accessibility testing: NA
• Onsite support: Yes, at extra cost
• Support levels: Level 1-3; Technical Account Manager available
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding and training session provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers have manual or automated processes for extracting their data. Upon service termination data is held for 30-days for customers to extract.
• End-of-contract process: Upon notification of end of contract and reaching end of contract date, platform/site is disabled and data is retained for 30-days before being purged.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference
• Service interface: Yes
• Description of service interface: Administration dashboard
• Accessibility standards: None or don’t know
• Description of accessibility: Don't know
• Accessibility testing: Don't know
• API: Yes
• What users can and can't do using the API: Refer to API documentation; ; https://www.thruinc.com/integration-api/
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Vanity URL, branding, basic web customisation

Scaling

• Independence of resources: Platform is built to scale automatically

Analytics

• Service usage metrics: Yes
• Metrics types: Thru provides user, storage, files and transaction metrics.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Thru Inc.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via web browser (HTTPS), FTPS/SFTP or API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Native file format
  • Database audit records in CSV
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.99% uptime
• Approach to resilience: Service is built in a highly available design with multiple instances of each component. More information upon request.
• Outage reporting: A status page is provided - https://status.thruinc.com

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Via group mechanisms
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NA
• Information security policies and processes: NA

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration and changes are logged
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Firewall access is limited to security level personnel and change records are tracked and approved.; (WAF) filters HTTP traffic managed by Network Security team.; Inspection of web traffic and dynamically learning from flows to regulate legitimate and potentially malicious traffic.; Network security team performs weekly reviews of WAF reports to eliminate any false positive events.; IDS is deployed and configured to further protect Thru’s customer for all non-http traffic.; Configured to take automatic detect attack signatures and take preventative action.; Intrusion detection signatures are updated within 72 hours of release.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: • Alert logics 24x7 global monitoring and threat management; • IMPERVA web application firewall security platform; • Qualys used for web application vulnerability and infrastructure scanning; • Fortify used for application security testing; • NTA Monitor Comprehensive security testing, external hacking, encryption and secure handling of client data.
• Incident management type: Undisclosed
• Incident management approach: • Thru has pre-defined processes for common events; • Users can report incidents via the usual channels; • Incident reports are provided when requested.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £21,250.00 a server a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: All functionality is included for up to 30-days. Extensions can be requested on a case by case basis.
• Link to free trial: https://www.thruinc.com/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.