Pro2col Ltd

Globalscape EFT Arcus

EFT Arcus is a SaaS MFT solution for organisations needing the agility, elasticity and cost savings the cloud provides. Reduce the complexity of your file transfer infrastructure, increase operational efficiency and protect your most important data using our secure managed file transfer cloud service. EFT Arcus has SOC 2 certification.

Features

• Support for FTP/SFTP/FTPS/ASx/HTTPS
• AES 256-bit encryption of files both in-transit and at-rest
• Unlimited Simultaneous Local/Remote Users across all protocols
• Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
• Granular permissions for access to files and folders
• Workspaces for simple, secure, controlled collaboration
• 99.9% uptime available
• Transfer or transform files using application workflows
• Agent to agent transfers
• Single-tenant deployment in Azure

Benefits

• Share files with internal and external users easily and securely
• Single platform for one-off file sharing and collaboration
• Secure access to files with authentication and granular permissions
• Automate workflows between any combination of systems and people
• Meet information security compliance requirements with visibility and control
• Reduce the risks of non-documented scripts and manual processes
• No patching and up-to-date security ciphers and software versions
• Reduce IT operational costs including hardware, software maintenance, and support
• Reduce the risks of downtime for this critical business system
• Reduce IT load for system management and partner onboarding

£5,000.00 to £30,000.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

795969564985376

Contact

G-Cloud Team
​0333 123 1240
gcloud@pro2colgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Arcus Basic comes with a 99% uptime SLA, Arcus Custom is 99.9 and Premium 99.95% . There are different functional constraints in each package including the number of event rules, log file storage, scaling and authentication. Remote agents are windows only.; Customers can choose from a selection of pre-determined maintenance windows.
• System requirements:
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is available on Custom and Premium. Globalscape commit to a response time of two hours on production affecting issues.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One hour response SLA during UK office hours (09:00-17:30). Support is included in the Globalscape Arcus subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. Globalscape Arcus comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Comprehensive documentation is available for Arcus and all customers receive an on-boarding call with Globalscape. Pro2col provide a range of services to support administrators, helpdesk teams and end users at point of on-boarding. These are customised to meet your particular requirements. For further details of these services, please see Globalscape EFT Server Professional Services. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Either the customer or Globalscape can provide an extract of the information at the end of the contract period. Globalscape will retain User Data for 30 days post the end of the contract and then it will be destroyed.
• End-of-contract process: Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Globalscape will extract the User Data and will not have system access from the date of contract expiration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Free mobile apps for Android and iOS are available. Depending on the permissions defined for the account in EFT, users can upload, download, preview, open in an external viewer, add to vault, share, rename or delete files, and create folders. The mobile app also encrypts files in a storage vault for users who need to work offline.; The web interface can also be accessed via a mobile device.
• Service interface: Yes
• Description of service interface: The service interface is accessed via a remote desktop web client.; Administrators are able to manage users, workflows, folder structures and reports from there.
• Accessibility standards: None or don’t know
• Description of accessibility: There are no Audio/Video aspects to the application, nor images or animations.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Any administrative action can also be performed via the API.; The API is COMbased and is called by script or program
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: EFT Arcus is installed as "single-tenant"; each customer has their private deployment.

Analytics

• Service usage metrics: Yes
• Metrics types: The Auditing and Reporting Module (ARM) captures the transactions passing through Arcus and provides an administration interface where users can access preconfigured reports or create custom reports to query, filter and view transaction data. Data is stored in a relational database and can be analysed in real time.; ; The ARM comes with a number of preconfigured reports designed to respond to the most common data analysis requests.; Globalscape will provide usage reports on uptime, bandwidth, event rules and storage use.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Globalscape

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption; one of the strongest block ciphers available. It is FIPS 140-2 compliant. - https://docs.microsoft.com/enus/azure/storage/common/storage-service-encryption ; EFT Arcus supports the option of PGP.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Files can be downloaded using any of the file transfer protocols supported by Arcus including SFTP/FTPS/HTTPS. Reports can be extracted from the auditing and reporting module in XML.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML for reports
  • Files will be exported in their native format
• Data import formats:
  • CSV
  • Other
• Other data import formats: Files can be uploaded in their native format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: SSH/SFTP encryption and file hashing. The minimum strength of the encryption used during web transport is configurable.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: SLAs are governed by the tier chosen (Basic, Custom or Premium). ; A detailed snapshot of uptime is maintained for all customers. If an outage occurs, the process of credit accumulation starts in the month of the outage. For example, if an outage occurs in August, the credit will reflect in the September invoice. Credits are pre-determined percentages against SLA failure up to 20%.
• Approach to resilience: EFT Arcus is installed in the Microsoft Azure region of your choice, and data is replicated to another region in case of outages. Additionally on the Premium or Custom tier, servers are scaled to two HA nodes.; The Azure Backup retention structure allows you to have full flexibility in defining the retention policy as per your requirements. Data is copied by Azure GRS storage. The customer is geographically replicated. Archiving is the responsibility of the customer. Info can be found here: https://docs.microsoft.com/enus/azure/storage/common/storage-redundancy; Further information is available on request.
• Outage reporting: If the Azure region hosting your EFT Arcus site becomes unavailable, Azure will automatically switch to its paired region. This process is invisible to the end user. The Globalscape and Pro2col Support teams will triage the problem to either find a solution (if it is in EFT Arcus) or work with Microsoft Azure support to find a solution. (AzureGeography described at https://docs.microsoft.com/en-us/azure/bestpractices-availability-paired-regions).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to administration accounts can be restricted by an IP address mask and accessing protocol. An agreed list of administrators is provided during on-boarding. Admin permissions are granular, allowing role-based access. Arcus can be configured to block accounts and IP addresses which fail to authenticate successfully after a number of attempts.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • Microsoft publish CAIQ and CCM reports for CSA STAR assessment
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • Azure has a PCI Compliance Certification
  • Arcus can be configured to be PCI compliant
  • Azure complies with: SOC1, SOC2, SOC3, ISO 27001:2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Globalscape are currently working towards SOC 2 and ISO 27001 compliance for Arcus.; The Globalscape Privacy Policy is available on request. All staff are trained on information security and data protection.; Access to information is controlled based on role.
• Information security policies and processes: Globalscape have a Data Protection Officer (DPO) and a copy of their policies is available on request. ; Globalscape have implemented measures to secure customer data from accidental loss, unauthorised access, alteration or disclosure.; Pro2col are ISO 27001 and Cyber Essentials certified. Information security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Globalscape run a comprehensive system for tracking EFT development. All versions of EFT are thoroughly tested before being uploaded into the Arcus environment. Globalscape take a security first approach to product development with a focus on GDPR reporting for example added to the latest release.; ; Further information available on request
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The underlying infrastructure of Arcus is Azure. Microsoft publish a range of reports on how they mange threats and vulnerabilities within their environment from the physical security of the datacentres through to patching and beyond.; Globalscape monitor the application layer and will deploy urgent patches if required to Arcus. A full list of recent releases and patches is available at https://help.globalscape.com/help/arcus/#t=WhatsNewinArcus.htm&rhsearch=credit&rhsyns=%20
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: EFT Arcus installed on the Microsoft Azure network and is located in the Azure region specified by the customer. Microsoft adheres to stringent policies and procedures when it comes to accessing customer data. Microsoft has taken steps to ensure that there are no back doors and no direct or unfettered access to customer data.; https://go.microsoft.com/fwlink/p/?linkid=2052349.; Further information available on request
• Incident management type: Supplier-defined controls
• Incident management approach: Microsoft Azure retains audit records to provide support for after-the-fact investigations of security incidents and to meet regulatory and organisational information retention requirements. Upon notification of a breach:; • Suspend the EFT Arcus environment, if necessary; • Attempt to find the attack vector; • Follow local laws related to forensics. ; Alerting mechanisms are in place to notify appropriate individuals that security events have occurred.; Any user can report an incident via support.; Reports will be shared with agreed customer contacts.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £5,000.00 to £30,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: As standard, there is 15 day free Proof of Concept of Arcus. This will be set at the tier selected and will include access to the support team for assistance with onboarding and configuration.
• Link to free trial: Please contact sales@pro2colgroup.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@pro2colgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.