Pro2col Ltd

HelpSystems GoAnywhere MFTaaS

GoAnywhere is a secure managed file transfer solution that automates, encrypts and streamlines data transfers using a centralised enterprise-level approach. Whether files reside in the cloud or a hybrid environment, GoAnywhere delivers the security and control you need to move data safely between systems, locations, users and trading partners.

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS
• AES 256-bit encryption of files both in-transit and at-rest
• Cryptographic tamper-evident database logs all activities
• Unlimited Simultaneous Local/Remote Users across all protocols
• Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
• Granular permissions for access to files and folders
• Secure Folder Sharing for simple, secure, controlled collaboration
• 99.9% uptime with high availability
• Out of the box integration with extensive range of applications
• Transfer or transform files using application workflows

Benefits

• Share files with internal and external users easily and securely
• Single platform for one-off file sharing and collaboration
• Secure access to files with authentication and granular permissions
• Automate workflows between any combination of systems and people
• Meet information security compliance requirements with visibility and control
• Reduce the risks of non-documented scripts and manual processes
• No patching and up-to-date security ciphers and software versions
• Reduce IT operational costs including hardware, software maintenance, and support
• Reduce the risks of downtime for this critical business system
• Reduce IT load for system management and partner onboarding

£4,500 a server a year

• Free trial available

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)

Framework

G-Cloud 12

Service ID

788660949753088

Contact

Pro2col Ltd

G-Cloud Team

​0333 123 1240

gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Service availability is calculated with a monthly uptime percentage of at least 99.9%.; HelpSystems will perform regularly scheduled upgrades, enhancements and general maintenance. During this time the service may have limited or no availability. HelpSystems will provide a minimum of 7 days’ notice via email to the primary email address listed on the customer account for any scheduled maintenance event.; Tier 1 does not support clustering. Clustering is mandatory in Tier 2 and 3.
• System requirements:
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. ; Out of hours support is handled by the vendor from the USA. Response times are as follows: One hour response time for critical issues, two for high severity and one business day thereafter.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One hour response SLA during UK office hours (09:00-17:30). Support is included in the GoAnywhere MFTaaS subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. GoAnywhere MFTaaS comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: HelpSystems provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Within the product
• End-of-contract data extraction: User data can be downloaded using either browsers or file transfer clients.; Configuration data can be extracted from the database and saved in a suitable medium (csv/excel/xml/json/database).
• End-of-contract process: Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter.; Upon termination of the service, live customer data is securely deleted via scripted removal of the environment and all such customer data (including backups) are cycled out of the SaaS system and securely deleted after 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile client offers both Secure Mail and GoDrive, a file collaboration and sharing document options.
• Service interface: Yes
• Description of service interface: GoAnywhere MFT is configured and managed from a web-based GUI. GoAnywhere administrators are assigned roles that allow them to access and manage capabilities. Permissions can be set a very granular level.
• Accessibility standards: None or don’t know
• Description of accessibility: There are no Audio/Video aspects to the application, nor images or animations.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The REST API is available for all aspects of administration, workflow management and file transfers.; Users must be authenticated and authorised to use the HTTPS service.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Administrators can customise:; • Administration dashboard; • End User branding; • End User logo; • Available End User functions; • Password policy; • Archive policy; • Security settings.; ; Most customisation is performed through administration web GUI.; ; Workflows and notification emails generated are bespoke.

Scaling

• Independence of resources: The system is scalable and resources can be added if required without impacting existing service.

Analytics

• Service usage metrics: Yes
• Metrics types: HelpSystems track storage and bandwidth metrics and can set up alerts to make sure customers are aware if they are approaching usage thresholds. Dashboard access is planned for a later release.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: HelpSystems

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Proprietary encryption of user data
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data can be exported using a browser or any desktop file transfer client
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Configuration data: xml, json, DB etc
  • User data in same format as it is being stored
• Data import formats:
  • CSV
  • Other
• Other data import formats: Data can be uploaded in any format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Any data transferred between the networks will be protected by either TLS 1.2 or SSH. Additionally, files may be encrypted using PGP.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AES256 encryption of user data at rest.

Availability and resilience

• Guaranteed availability: 99.9% availability.; In the event of not meeting this target, service credits are awarded. SLA (Monthly Uptime Percentage) Service Credit are as follows:; • Less than 99.9% but equal to or greater than 99.0% Five (5) days; • Less than 99.0% but equal to or greater than 95.0% Fifteen (15) days; • Less than 95.00% Thirty (30) days.
• Approach to resilience: GoAnywhere MFTaaS is installed in AWS. Resilience of the highly available infrastructure and load balancing is backed up by SLAs from AWS. Customers also have the option to cluster GoAnywhere for further resilience on Tier 2 and Tier 3.
• Outage reporting: Email alerts issued in the unlikely event of an outage.; The HelpSystems and Pro2col Support teams will triage the problem to either find a solution (if it is in GoAnywhere MFTaaS) or work with AWS support to find a solution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to varying system resources are divided into roles and different administrators are awarded one or more roles.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Pro2col is IS0 27001 certified, covering provision of additional services

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Helpsystems' business leadership (or other accountable business role or function) shall review the information security policy at planned intervals or as a result of changes to the organisation to ensure its continuing alignment with the security strategy, effectiveness, accuracy, relevance, and applicability to legal, statutory, or regulatory compliance obligations.; All staff are regularly trained on information security and Helpsystems sell a range of information security solutions. ; Further information is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: HelpSystems operate a full and detailed software development methodology, with clear phases for planning, design, development, testing and deployment. ; ; Baseline security requirements shall be established for developed or acquired, organisationally-owned or managed, physical or virtual, applications and infrastructure system, and network components that comply with applicable legal, statutory, and regulatory compliance obligations. Deviations from standard baseline configurations must be authorised following change management policies and procedures prior to deployment, provisioning, or use; Further details of this policy are available under NDA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HelpSystems is always focused on the security of their suite of products . They employ a variety of procedures and tools to identify vulnerabilities and remediate them as soon as possible. ; ; A number of sources are used to identify security vulnerabilities including:; ; • Internal security scans ; • Manual penetration testing; • External reports from security researchers ; • Reports from customers ; ; See https://www.goanywhere.com/support/release-notes/mft for details of recent releases. Customers are notified of all updates and fixes by email, on the website and within the software.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Each system shall be hardened to provide only necessary ports, protocols, and services to meet business needs and have in place supporting technical controls such as: antivirus, file integrity monitoring, and logging as part of their baseline operating build standard or template. ; ; GoAnywhere MFTaaS is closely monitored, leveraging the capabilities of AWS to meet the SLAs for customers.; Further details available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Helpsystems will monitor that AWS plaftform. The customer can configure GoAnywhere to send notifications on failure through syslog access, email, SMS and other custom solutions as required. For example, integration with ServiceNow is available.; Helpsystems will provide reports on Service Credits should the platform be unavailable.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £4,500 a server a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full featured trial is available for 30 days

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)