Pro2col Ltd

HelpSystems GoAnywhere MFTaaS

GoAnywhere is a secure managed file transfer solution that automates, encrypts and streamlines data transfers using a centralised enterprise-level approach. Whether files reside in the cloud or a hybrid environment, GoAnywhere delivers the security and control you need to move data safely between systems, locations, users and trading partners.

Features

  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • AES 256-bit encryption of files both in-transit and at-rest
  • Cryptographic tamper-evident database logs all activities
  • Unlimited Simultaneous Local/Remote Users across all protocols
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • Granular permissions for access to files and folders
  • Secure Folder Sharing for simple, secure, controlled collaboration
  • 99.9% uptime with high availability
  • Out of the box integration with extensive range of applications
  • Transfer or transform files using application workflows

Benefits

  • Share files with internal and external users easily and securely
  • Single platform for one-off file sharing and collaboration
  • Secure access to files with authentication and granular permissions
  • Automate workflows between any combination of systems and people
  • Meet information security compliance requirements with visibility and control
  • Reduce the risks of non-documented scripts and manual processes
  • No patching and up-to-date security ciphers and software versions
  • Reduce IT operational costs including hardware, software maintenance, and support
  • Reduce the risks of downtime for this critical business system
  • Reduce IT load for system management and partner onboarding

Pricing

£4,500 a server a year

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

7 8 8 6 6 0 9 4 9 7 5 3 0 8 8

Contact

Pro2col Ltd

G-Cloud Team

​0333 123 1240

gcloud@pro2colgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Service availability is calculated with a monthly uptime percentage of at least 99.9%.
HelpSystems will perform regularly scheduled upgrades, enhancements and general maintenance. During this time the service may have limited or no availability. HelpSystems will provide a minimum of 7 days’ notice via email to the primary email address listed on the customer account for any scheduled maintenance event.
Tier 1 does not support clustering. Clustering is mandatory in Tier 2 and 3.
System requirements
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour.
Out of hours support is handled by the vendor from the USA. Response times are as follows: One hour response time for critical issues, two for high severity and one business day thereafter.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
One hour response SLA during UK office hours (09:00-17:30). Support is included in the GoAnywhere MFTaaS subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. GoAnywhere MFTaaS comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
HelpSystems provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Within the product
End-of-contract data extraction
User data can be downloaded using either browsers or file transfer clients.
Configuration data can be extracted from the database and saved in a suitable medium (csv/excel/xml/json/database).
End-of-contract process
Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter.
Upon termination of the service, live customer data is securely deleted via scripted removal of the environment and all such customer data (including backups) are cycled out of the SaaS system and securely deleted after 30 days.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile client offers both Secure Mail and GoDrive, a file collaboration and sharing document options.
Service interface
Yes
Description of service interface
GoAnywhere MFT is configured and managed from a web-based GUI. GoAnywhere administrators are assigned roles that allow them to access and manage capabilities. Permissions can be set a very granular level.
Accessibility standards
None or don’t know
Description of accessibility
There are no Audio/Video aspects to the application, nor images or animations.
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
The REST API is available for all aspects of administration, workflow management and file transfers.
Users must be authenticated and authorised to use the HTTPS service.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Administrators can customise:
• Administration dashboard
• End User branding
• End User logo
• Available End User functions
• Password policy
• Archive policy
• Security settings.

Most customisation is performed through administration web GUI.

Workflows and notification emails generated are bespoke.

Scaling

Independence of resources
The system is scalable and resources can be added if required without impacting existing service.

Analytics

Service usage metrics
Yes
Metrics types
HelpSystems track storage and bandwidth metrics and can set up alerts to make sure customers are aware if they are approaching usage thresholds. Dashboard access is planned for a later release.
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
HelpSystems

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Proprietary encryption of user data
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
User data can be exported using a browser or any desktop file transfer client
Data export formats
  • CSV
  • Other
Other data export formats
  • Configuration data: xml, json, DB etc
  • User data in same format as it is being stored
Data import formats
  • CSV
  • Other
Other data import formats
Data can be uploaded in any format

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Any data transferred between the networks will be protected by either TLS 1.2 or SSH. Additionally, files may be encrypted using PGP.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
AES256 encryption of user data at rest.

Availability and resilience

Guaranteed availability
99.9% availability.
In the event of not meeting this target, service credits are awarded. SLA (Monthly Uptime Percentage) Service Credit are as follows:
• Less than 99.9% but equal to or greater than 99.0% Five (5) days
• Less than 99.0% but equal to or greater than 95.0% Fifteen (15) days
• Less than 95.00% Thirty (30) days.
Approach to resilience
GoAnywhere MFTaaS is installed in AWS. Resilience of the highly available infrastructure and load balancing is backed up by SLAs from AWS. Customers also have the option to cluster GoAnywhere for further resilience on Tier 2 and Tier 3.
Outage reporting
Email alerts issued in the unlikely event of an outage.
The HelpSystems and Pro2col Support teams will triage the problem to either find a solution (if it is in GoAnywhere MFTaaS) or work with AWS support to find a solution.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to varying system resources are divided into roles and different administrators are awarded one or more roles.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Pro2col is IS0 27001 certified, covering provision of additional services

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Helpsystems' business leadership (or other accountable business role or function) shall review the information security policy at planned intervals or as a result of changes to the organisation to ensure its continuing alignment with the security strategy, effectiveness, accuracy, relevance, and applicability to legal, statutory, or regulatory compliance obligations.
All staff are regularly trained on information security and Helpsystems sell a range of information security solutions.
Further information is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
HelpSystems operate a full and detailed software development methodology, with clear phases for planning, design, development, testing and deployment.

Baseline security requirements shall be established for developed or acquired, organisationally-owned or managed, physical or virtual, applications and infrastructure system, and network components that comply with applicable legal, statutory, and regulatory compliance obligations. Deviations from standard baseline configurations must be authorised following change management policies and procedures prior to deployment, provisioning, or use
Further details of this policy are available under NDA.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
HelpSystems is always focused on the security of their suite of products . They employ a variety of procedures and tools to identify vulnerabilities and remediate them as soon as possible.

A number of sources are used to identify security vulnerabilities including:

• Internal security scans
• Manual penetration testing
• External reports from security researchers
• Reports from customers

See https://www.goanywhere.com/support/release-notes/mft for details of recent releases. Customers are notified of all updates and fixes by email, on the website and within the software.
Protective monitoring type
Undisclosed
Protective monitoring approach
Each system shall be hardened to provide only necessary ports, protocols, and services to meet business needs and have in place supporting technical controls such as: antivirus, file integrity monitoring, and logging as part of their baseline operating build standard or template.

GoAnywhere MFTaaS is closely monitored, leveraging the capabilities of AWS to meet the SLAs for customers.
Further details available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Helpsystems will monitor that AWS plaftform. The customer can configure GoAnywhere to send notifications on failure through syslog access, email, SMS and other custom solutions as required. For example, integration with ServiceNow is available.
Helpsystems will provide reports on Service Credits should the platform be unavailable.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£4,500 a server a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Full featured trial is available for 30 days

Service documents

Return to top ↑