BrightCloud Technologies Limited

BrightCloud - Citrix Delivered ShareFile as a Service

Meet the mobility and collaboration needs of your employees and the data security requirements of the organisation with this secure file sync and sharing service. BrightCloud will help you setup and configure Citrix ShareFile and provide ongoing technical support and advice.


  • DLP (Data Loss Prevention) integration
  • IRM (Information Rights Management)
  • KMS (Key Management Services)
  • Document and approval workflows
  • Connect to multiple data sources including legacy/on-prem
  • Integrated with Citrix XenApp and XenDesktop
  • Secure destruction of ShareFile-stored data on compromised devices
  • Comprehensive reports on user file access, sync and sharing activity
  • Request and execute electronic signatures (RightSignature)
  • Integrated mobile editing and Office 365 support


  • Connect to any data, from anywhere, on any device
  • Eliminate the threat posed by consumer file sharing services
  • Mobilize existing content without migration or duplication
  • Automate your document workflows
  • Increase user productivity and efficiency
  • Single pane of glass for multiple data repositories
  • An IT partner that goes the extra mile every time


£4.38 per user per month

  • Free trial available

Service documents

G-Cloud 11


BrightCloud Technologies Limited

Duncan Little

0370 770 9722

Service scope

Service scope
Service constraints None
System requirements Network connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times P1 response is 15 minutes 8:00 to 18:00 weekdays
Response is 1 hour outside of normal working hours and weekends
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Ad hoc support is provided on a time and materials basis, customers buy a bank of support calls upfront and these are called off during a 12 month period. Reactive support is provided to our contract customers on an agreed basis and discharged on a retainer with no limit to the amount of support. Proactive support and managed services are provided with monitoring technology automatically escalating incidents to the helpdesk. Only proactive support customers receive strategic advice and technical account management.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Yes we provide an online knowledge transfer
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Simply download using the tool itself.
End-of-contract process We will delete the accounts and data once the users have confirmed that they have everything they need.

Using the service

Using the service
Web browser interface Yes
Using the web interface Full functionality is provided by the web interface, view, upload, download and send documents.
Web interface accessibility standard None or don’t know
How the web interface is accessible ShareFile Web app has been tested for accessibility - results here
Web interface accessibility testing None
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Capacity management by Citrix Cloud
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types Other
Other metrics User details and storage volumes
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Citrix

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Availability of platform assured by using Azure availability zones, User data can be stored in the cloud or on premises, so if on premises this is customer responsibility.
Approach to resilience Uses Azure availability zones
Outage reporting E-mail alerts and public dashboard

Identity and authentication

Identity and authentication
User authentication Identity federation with existing provider (for example Google apps)
Access restrictions in management interfaces and support channels Restricted by user account
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institution
ISO/IEC 27001 accreditation date 12/02/2016
What the ISO/IEC 27001 doesn’t cover The Policy Applies to all physical and electronic assets, processes, policies and procedures employed internally and for the benefit of customers managed services. All employees and contractors are expected to comply with this policy and the information security management system (ISMS) that implements this policy
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We run a Business Management systems which incorporates both ISO27001 and ISO9001, we use regular internal auditing and external auditing by BSI to assure and ensure we are following our policies.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow and ITIL based change control
Vulnerability management type Supplier-defined controls
Vulnerability management approach We subscribe to numerous sources of threat information including all of the suppliers we use - and patch on a monthly cycle with urgent critical security patches being installed within 2 -3 days
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a CHECK accredited external party to regularly assess our systems.
Incident management type Supplier-defined controls
Incident management approach We follow ITIL Incident management and ISO27001 for security incidents

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used Azure
How shared infrastructure is kept separate Firewalling and encryption

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Our DC partners are members of Green Grid and follow EU directives


Price £4.38 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day trial, up to 20 users and 10GB storage

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑