Pro2col Ltd

Globalscape EFT Arcus

EFT Arcus is a SaaS MFT solution for organisations needing the agility, elasticity and cost savings the cloud provides. Reduce the complexity of your file transfer infrastructure, increase operational efficiency and protect your most important data using our secure managed file transfer cloud service. EFT Arcus has SOC 2 certification.


  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • AES 256-bit encryption of files both in-transit and at-rest
  • Unlimited Simultaneous Local/Remote Users across all protocols
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • Granular permissions for access to files and folders
  • Workspaces for simple, secure, controlled collaboration
  • 99.9% uptime available
  • Transfer or transform files using application workflows
  • Agent to agent transfers
  • Single-tenant deployment in Azure


  • Share files with internal and external users easily and securely
  • Single platform for one-off file sharing and collaboration
  • Secure access to files with authentication and granular permissions
  • Automate workflows between any combination of systems and people
  • Meet information security compliance requirements with visibility and control
  • Reduce the risks of non-documented scripts and manual processes
  • No patching and up-to-date security ciphers and software versions
  • Reduce IT operational costs including hardware, software maintenance, and support
  • Reduce the risks of downtime for this critical business system
  • Reduce IT load for system management and partner onboarding


£5,000.00 to £30,000.00 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 9 5 9 6 9 5 6 4 9 8 5 3 7 6


Pro2col Ltd G-Cloud Team
Telephone: ​0333 123 1240

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Arcus Basic comes with a 99% uptime SLA, Arcus Custom is 99.9 and Premium 99.95% . There are different functional constraints in each package including the number of event rules, log file storage, scaling and authentication. Remote agents are windows only.
Customers can choose from a selection of pre-determined maintenance windows.
System requirements
  • Internet browsers with HTML5 capability for clients
  • File transfer clients supporting secure protocols

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is available on Custom and Premium. Globalscape commit to a response time of two hours on production affecting issues.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
One hour response SLA during UK office hours (09:00-17:30). Support is included in the Globalscape Arcus subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability. Globalscape Arcus comes with 24/7 support as standard for Severity 1 tickets. Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
Support available to third parties

Onboarding and offboarding

Getting started
Comprehensive documentation is available for Arcus and all customers receive an on-boarding call with Globalscape. Pro2col provide a range of services to support administrators, helpdesk teams and end users at point of on-boarding. These are customised to meet your particular requirements. For further details of these services, please see Globalscape EFT Server Professional Services. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col also offer vendor agnostic FTP training.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Either the customer or Globalscape can provide an extract of the information at the end of the contract period. Globalscape will retain User Data for 30 days post the end of the contract and then it will be destroyed.
End-of-contract process
Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Globalscape will extract the User Data and will not have system access from the date of contract expiration.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Free mobile apps for Android and iOS are available. Depending on the permissions defined for the account in EFT, users can upload, download, preview, open in an external viewer, add to vault, share, rename or delete files, and create folders. The mobile app also encrypts files in a storage vault for users who need to work offline.
The web interface can also be accessed via a mobile device.
Service interface
Description of service interface
The service interface is accessed via a remote desktop web client.
Administrators are able to manage users, workflows, folder structures and reports from there.
Accessibility standards
None or don’t know
Description of accessibility
There are no Audio/Video aspects to the application, nor images or animations.
Accessibility testing
What users can and can't do using the API
Any administrative action can also be performed via the API.
The API is COMbased and is called by script or program
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available


Independence of resources
EFT Arcus is installed as "single-tenant"; each customer has their private deployment.


Service usage metrics
Metrics types
The Auditing and Reporting Module (ARM) captures the transactions passing through Arcus and provides an administration interface where users can access preconfigured reports or create custom reports to query, filter and view transaction data. Data is stored in a relational database and can be analysed in real time.

The ARM comes with a number of preconfigured reports designed to respond to the most common data analysis requests.
Globalscape will provide usage reports on uptime, bandwidth, event rules and storage use.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption; one of the strongest block ciphers available. It is FIPS 140-2 compliant. -
EFT Arcus supports the option of PGP.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Files can be downloaded using any of the file transfer protocols supported by Arcus including SFTP/FTPS/HTTPS. Reports can be extracted from the auditing and reporting module in XML.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML for reports
  • Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats
Files can be uploaded in their native format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH/SFTP encryption and file hashing. The minimum strength of the encryption used during web transport is configurable.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs are governed by the tier chosen (Basic, Custom or Premium).
A detailed snapshot of uptime is maintained for all customers. If an outage occurs, the process of credit accumulation starts in the month of the outage. For example, if an outage occurs in August, the credit will reflect in the September invoice. Credits are pre-determined percentages against SLA failure up to 20%.
Approach to resilience
EFT Arcus is installed in the Microsoft Azure region of your choice, and data is replicated to another region in case of outages. Additionally on the Premium or Custom tier, servers are scaled to two HA nodes.
The Azure Backup retention structure allows you to have full flexibility in defining the retention policy as per your requirements. Data is copied by Azure GRS storage. The customer is geographically replicated. Archiving is the responsibility of the customer. Info can be found here:
Further information is available on request.
Outage reporting
If the Azure region hosting your EFT Arcus site becomes unavailable, Azure will automatically switch to its paired region. This process is invisible to the end user. The Globalscape and Pro2col Support teams will triage the problem to either find a solution (if it is in EFT Arcus) or work with Microsoft Azure support to find a solution. (AzureGeography described at

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to administration accounts can be restricted by an IP address mask and accessing protocol. An agreed list of administrators is provided during on-boarding. Admin permissions are granular, allowing role-based access. Arcus can be configured to block accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Microsoft publish CAIQ and CCM reports for CSA STAR assessment
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • Azure has a PCI Compliance Certification
  • Arcus can be configured to be PCI compliant
  • Azure complies with: SOC1, SOC2, SOC3, ISO 27001:2013

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Globalscape are currently working towards SOC 2 and ISO 27001 compliance for Arcus.
The Globalscape Privacy Policy is available on request. All staff are trained on information security and data protection.
Access to information is controlled based on role.
Information security policies and processes
Globalscape have a Data Protection Officer (DPO) and a copy of their policies is available on request.
Globalscape have implemented measures to secure customer data from accidental loss, unauthorised access, alteration or disclosure.
Pro2col are ISO 27001 and Cyber Essentials certified. Information security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Globalscape run a comprehensive system for tracking EFT development. All versions of EFT are thoroughly tested before being uploaded into the Arcus environment. Globalscape take a security first approach to product development with a focus on GDPR reporting for example added to the latest release.

Further information available on request
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The underlying infrastructure of Arcus is Azure. Microsoft publish a range of reports on how they mange threats and vulnerabilities within their environment from the physical security of the datacentres through to patching and beyond.
Globalscape monitor the application layer and will deploy urgent patches if required to Arcus. A full list of recent releases and patches is available at
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
EFT Arcus installed on the Microsoft Azure network and is located in the Azure region specified by the customer. Microsoft adheres to stringent policies and procedures when it comes to accessing customer data. Microsoft has taken steps to ensure that there are no back doors and no direct or unfettered access to customer data.
Further information available on request
Incident management type
Supplier-defined controls
Incident management approach
Microsoft Azure retains audit records to provide support for after-the-fact investigations of security incidents and to meet regulatory and organisational information retention requirements. Upon notification of a breach:
• Suspend the EFT Arcus environment, if necessary
• Attempt to find the attack vector
• Follow local laws related to forensics.
Alerting mechanisms are in place to notify appropriate individuals that security events have occurred.
Any user can report an incident via support.
Reports will be shared with agreed customer contacts.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£5,000.00 to £30,000.00 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
As standard, there is 15 day free Proof of Concept of Arcus. This will be set at the tier selected and will include access to the support team for assistance with onboarding and configuration.
Link to free trial
Please contact

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.