Pro2col Ltd

Progress MOVEit Cloud

Progress MOVEit Cloud provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting. Encryption and activity tracking enable compliance with regulations including PCI and GDPR. Extend file transfer capabilities to all users whilst retaining control and visibility.

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS
• AES 256-bit encryption of files both in-transit and at-rest
• Cryptographic tamper-evident database logs all activities
• Unlimited Simultaneous Local/Remote Users across all protocols
• Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
• Granular permissions for access to files and folders
• Secure Folder Sharing for simple, secure, controlled collaboration
• 99.9% uptime with high availability and SOC 2 approved
• Automated workflows with conditional logic
• Desktop client for drag-and-drop file downloads and uploads

Benefits

• Share files with internal and external users easily and securely
• Single platform for one-off file sharing and collaboration
• Secure access to files with authentication and granular permissions
• Automate workflows between any combination of systems and people
• Meet information security compliance requirements with visibility and control
• Reduce the risks of non-documented scripts and manual processes
• No patching and up-to-date security ciphers and software versions
• Reduce IT operational costs including hardware, software maintenance and support
• Reduce the risks of downtime for this critical business system
• Reduce IT load for system management and partner onboarding

£135.00 a user

• Free trial available

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)

Framework

G-Cloud 12

Service ID

779638428038279

Contact

Pro2col Ltd

G-Cloud Team

​0333 123 1240

gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.; Automation in the cloud is only available on dedicated infrastructure.; Minimum of 25 users on MOVEitCloud Professional or Premium
• System requirements:
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is handled by the vendor from Galway Ireland and Boston USA. Progress commit to a one hour response time for production affecting issues / restricted operations.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One hour response SLA during UK office hours (09:00-17:30). Support is included in the MOVEitCloud subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability.; MOVEit Cloud comes with 24/7 support as standard for Severity 1 tickets.; Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Progress provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col are certified training partners for Progress and also offer vendor agnostic FTP training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Either the customer or Progress can provide an extract of the information at the end of the contract period. Progress will retain User Data for 30 days post the end of the contract and then it will be destroyed.
• End-of-contract process: Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Progress will extract the User Data and will not have system access from the date of contract expiration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface for MOVEit Cloud can be accessed via a mobile device. In addition there are free native Android and iOS applications available for MOVEit.; Both mobile and desktop services support person to person use cases like:; •Uploading and downloading of files; •Uploading videos and pictures; •Sending Secure Mail and attachments; •Performing file and and folder editing tasks and; •Shared Folders with other users; ; The mobile app does allow for taking photos or videos and then uploading these to securely transfer and share them.
• Service interface: Yes
• Description of service interface: The service interface is browser based. In addition, you can monitor the availability of the service at any time by; visiting http://status.moveitcloud.com
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: None, however MOVEit has been certified as compliant with the Americans with Disabilities Act (ADA) standards for web and windows application design.; ; The MOVEit Transfer complete compliance statement can be found at:; https://docs.ipswitch.com/MOVEit/Transfer2020/Help/Admin/en/index.htm#23583.htm
• API: Yes
• What users can and can't do using the API: MOVEit provides a REST, Java and .NET API.; The REST API enables you to develop, integrate and deploy secure file transfer and management applications that leverage your organisation or system-wide MOVEit Transfer solution.; Using the Transfer REST API, you can connect systems and clients to MOVEit Transfer using simple HTTP calls. In general, REST APIs are language and platform independent and can be the best choice to converge information systems, circumvent the unending need for client-server dependency maintenance, and span any combination of environments (including IoT, mobile, and much more).; For the REST API: https://docs.ipswitch.com/MOVEit/Transfer2019_2/API/Rest/; For The Java API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/Java/index.html; For the .NET API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/dotNet/html/2627398e-357a-6af8-3283-d7bf66e0ff05.htm
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: MOVEit Cloud provides a vanilla, best practice security configuration, but can be configured to meet bespoke requirements. Customisation includes areas such as branding, email templates, password policy, user group permissions, archive policy, user management, package settings for one off transfers. In MOVEit Automation, all workflows are customised based on source, host and logic.

Scaling

• Independence of resources: For a complete guarantee, MOVEit Cloud offers a dedicated platform. MOVEit Cloud incorporates business continuity and disaster recovery assurances and leverages a highly available load-balanced web-farm environment to minimise downtime and prevent data loss. MOVEit Cloud is hosted in a geographically dispersed server infrastructure complete with continuous data center replication to ensure strict up-time and SLAs are met.

Analytics

• Service usage metrics: Yes
• Metrics types: MOVEit Cloud provides active dashboards of file and package transfer statuses. Interactive mode allows selectable and sortable status reports in addition to the full view.; You can use Live View to:; • Track volume of transfers (outgoing and incoming) at a glance; • Track latency of ongoing or recent transfers; • Track large and important transfers; • Quickly troubleshoot any incidents that could occur during daily operations.; MOVEit provides a range of pre-built reports plus the option to build customised report templates.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Progress

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Files will be exported in their native format
• Data import formats:
  • CSV
  • Other
• Other data import formats: Files can be uploaded in their native format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: SSH/SFTP encryption and file hashing.; The minimum strength of the encryption used during web transport is configurable.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: MOVEit Cloud has an uptime of 99.9% and a support response SLA of two hours, inside of support hours. Should this SLA not be met, the user is entitled to service credits as outlined below. ; ; Monthly Uptime Performance Target Service Credit; 99.0 to 99.9% three (3) days; 95.0 to 98.9% ten (10) days; Less than 95.00% thirty (30) days; A service credit will represent the right to extend the agreement; at no cost to you for the length of time shown.
• Approach to resilience: MOVEit Cloud leverage the resilience of Azure. Further information available on request.
• Outage reporting: You can monitor the availability of the service at any time by; visiting http://status.moveitcloud.com (“Status Site”). Progress use the Status Site to make announcements about all service availability-impacting work including scheduled maintenance and emergency maintenance. It will include details about the nature of the work being performed and offer guidance on the expected maintenance completion. You can sign up for proactive alerts available. ; In addition, you can set up email notifications within the system around specific triggers including workflows.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit Cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 360 Advanced
• PCI DSS accreditation date: March 2020
• What the PCI DSS doesn’t cover: Customer bespoke configuration changes
• Other security certifications: Yes
• Any other security certifications:
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • FIPS 140-2 certified cryptography

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Progress Software operates an Executive Security Committee which has directed that a security program and supporting policy framework be operated to protect the security interests of company infrastructure, the software it produces, and customer solutions it operates. The company information security program is responsible for protecting the confidentiality, integrity, and availability of information handled by company technology systems and outwardly facing technology products. It is established that this function will identify, assess, monitor, and remediate security issues in a manner that keeps risks under control and within company and customer appetite. The program is operated according to applicable laws, regulations, and industry best practices. The function shall leverage colleagues from across the company to effectively manage risk, and efforts remain transparent to leadership. The following program components underpin the Progress’ Information Security Program.; In addition, Pro2col are ISO27001 and Cyber Essentials certified. Information Security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Progress has a dedicated MOVEit Cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Progress public product security policy statement can be read at:; https://community.progress.com/s/article/Product-Security-Policy-Statement
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Progress leverage AlertLogic for IDS, CiscoAMP for anti-virus, NewRelic and GrayLog to monitor application performance, and security-related tools within Azure. Further details are available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Progress has a multi-phase incident response plan:; • Phase 1: Detection, Assessment and Triage; • Phase 2: Containment, Evidence Collection, Analysis and Investigation and Mitigation; • Phase 3: Remediation, Recovery, and Post-Mortem.; Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit Cloud operations teams. MOVEit Cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £135.00 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Evaluations can be provided either as a BYOL model for hosting in your own cloud infrastructure or in our hosted test environment. These run for 30 days and will include the modules requested. MOVEit Cloud evaluations also run for 30 days.
• Link to free trial: Please contact sales@pro2colgroup.com

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)