Secure Automated File Exchange


The California Department of Technology (CDT) provides industry-standard security, performance, and enhanced file transfer features through the next generation of the Secure Automated File Exchange (SAFE) service. The SAFE service allows for the secure transfer of files over public and private networks using encrypted file transfer protocols (FTPS, SFTP/SSH, and HTTPS) and supports detection and handling of failed file transfers. Built within the AWS GovCloud, the SAFE service provides a cost-effective shared solution for automated or manual file transfer and exchange processes between trading partners.


  • End-to-end encryption in transport and at rest
  • Standard client agnostic encrypted transfer protocols
  • Store files for up to 30 days with an automatic file retention policy
  • AWS Gov Cloud redundancies and regional failover
  • User-friendly web interface
  • Real-time dashboard to monitor your usage
  • Notifications for failures/successful transfers
  • Onboard your customers as needed
  • Automation capabilities
  • Connect to AWS S3 Bucket

Business Use Cases

Person to Person File Exchange


Person to Person File Exchange


Person to Multiple Person File Delivery

Safe Case.

A user transfers a file into the SAFE service for later retrieval


A user transfers a file into the SAFE service where another user is provided access to download and upload a response

A user transfers a file into the SAFE service where a group is provided access to download the file

Person to Multiple Person File Exchange

Safe Case 2.

A user transfers a file into the SAFE service where a group is provided access to download and upload a response

Person to Server File Exchange

Safe Case3.

A user transfers a file into the SAFE service where an external server picks up, processes and sends back a response for the users to download

Server to Server File Exchange

Safe Case 4.

Full client/server based file transfer automation using certificate authentication

What is Safe?

Secure – Protocol independent industry-standard encryption at transfer and at rest.

Automated –All processes can be automated both in and out of the system.

File – It’s what we are about, providing file transfer gateway services.

Exchange – Provide files for your partner to pick up or pushes the files to their destination.


  • CDT manages contracts for the SAFE service and serves as the liaison between the Customer and Platform Vendor. 
  • CDT will maintain vendor support and will be responsible for communication to Customers regarding vendor support and patching activities.
  • Customer business units and accounts are implemented in accordance with CDT naming standards.
  • Upon initial implementation, the CDT will provide customer Delegated Administrators with procedures and training.
  • CDT will provide technical assistance and standard troubleshooting to Delegated Administrators.
  • Troubleshooting of the SAFE service performance is included in the service; however, all other troubleshooting activities may incur additional fees.

Roles & Responsibilities

RoleCDTCustomer Delegated Administrator
Delegated Administrator (DA) supportX
Reset DA passwordsX
Second-level support for DA questionsX
Consult on business case designX
Create, delete or modify DA accountsX
Application and template creationX
Vendor support escalation contactX
Customer’s first line of user supportX
Owner of business case designX
Unlock user accountsX
Create, delete or modify user accounts. Customer created accounts will be implemented in accordance with CDT naming standards.X
Import SSH keys and requesting x.509 certificatesX
Request higher-level support from the CDT SAFE staffX
Customized file retention settingsX


The rate schedule represents standard CDT services. If a Customer requires technology solutions that are not part of the standard, CDT will review the Customer’s request and provide customized pricing as necessary.

Service DescriptionService IdentifierProduct NameUnit of MeasurementRateService CodeNotes
Secure Automated File Exchange Service (includes 10GB data transfer)SAFEMonthly/Per Named User Account$12.30 I116
Secure Automated File Exchange Additional Data TransferSAFEPer Gigabyte$10.00 I117
Secure Automated File Exchange - Axway Secure Client SoftwareSAFEOne-Time$300.00 I118

Subscriptions to this service are available.

Request Service

Service Request NameLink
Existing SAFE Customers: Please have your Delegated Administrator submit all General Inquiries or requests to Add, Modify, or Delete SAFE services.Order SAFE Services
New SAFE Customers: Please contact your Account Lead for details on the onboarding process.Account Lead


When is Scheduled Maintenance performed on the SAFE service?

Scheduled Maintenance is performed begins at 8:00 pm on the date indicated below and is completed by 2:00 am the following morning. The SAFE service will be unavailable during the scheduled maintenance timeframe.


Does CDT reset passwords?

CDT provides password resets for Delegated Administrator accounts ONLY. Users are instructed to contact their Delegated Administrator for assistance with resetting passwords for User Accounts.

Does SAFE allow for certificate-based authentication?

Yes. SAFE allows for certificate-based authentication. Details will be provided during the individualized design meeting.

Does SAFE support 3rd-party FTP client-side access, such as FileZilla or WinSCP?

Yes, both SFTP and FTPS protocols are supported for 3rd party FTP client access.

Is there a ServiceNow template for requests or reporting SAFE service issues?

Yes, there is a template in ServiceNow to request or report SAFE service issues. 

What browsers are supported by the SAFE service?

Supported Browsers:

  • Microsoft Internet Explorer 11 (Compatibility View is not supported)
  • Microsoft Edge – latest version
  • Mozilla Firefox – latest version
  • Apple Safari – latest version (not supported for Administration Tool)
  • Google Chrome – latest version (not supported for Administration Tool)

Are any specific browser plugins needed?