Accreditations and Security
Oneserve operates business critical services on behalf of our clients, as such we handle vast amounts of commercial and personal sensitive data and information on a daily basis. Protecting this information from unauthorised access or malicious behaviour is of utmost importance to us, as is ensuring the services we provision and manage are secured to appropriate standards using rigorous controls and methods.
We adopt a number of operational principles and practices in regard to information security:
- Oneserve is fully hosted within secure, resilient (tier 3) commercial hosting facilities, provided by our cloud hosting partners Rackspace. Our data centres are fully hosted within the UK and all data repositories and services fully reside within the UK.
- We operate two physically separated data centres, with fully replicated services across both locations. We deliver robust business continuity capabilities on behalf of our clients and can invoke a disaster recovery service if needed. We operate failover, clustering and load balancing capabilities at all levels of our systems and applications. This ensures clients will not lose service or data should a failure occur.
- Access to our data centre facilities is restricted to Rackspace and Oneserve skilled engineers and facilitate via multiple levels of secure access controls with continual monitoring and tracking.
- We use a best-of-breed monitoring and intrusion detection service, supported by Rackspace and one of our security partners; Alert Logic. Our security monitoring services operates 24/7 to ensure we monitor all tiers of the application as well as end user experience alongside real-time awareness and action, should a security event occur.
- Access to the Oneserve application is achieved by encrypted communication between end users and the hosted applications. Personally sensitive data at rest is encrypted where required.
- Service access is restricted by both customer tenancy, user rights, function rights. Access is controlled via industry standard access controls, including encrypted token methodologies.
- All change activities are managed via a strict change control process, aligned to ITIL standards, audited and exceptions managed via executive action.
- Oneserve business and thus all operational and technical aspects, adhere to the UK Data Protection Act 1998 (being replaced by the GDPR during 2017).
- Our data centre facilities, operated by our hosting partner Rackspace are accredited to ISO 27001:2013 and independently audited by the BSI on a bi-annual basis.
- Oneserve is certified to Cyber Essentials, the Government-endorsed standard.
- We carry out annual pen testing which determines any system vulnerabilities and whether our defences remain sufficient. This is supported by one of our Information Security partners, Pen Test Partners who are CREST and CHECK accredited.
- Our software development lifecycle adopts the OWASP system and application security principles and framework.
Latest security changes
We are continually invested in protecting our services against information security threats and vulnerabilities, thus ensuring our client’s data and information assets are always protected. As an example of our continual investment, below are the most recent changes we have enforced:
- Deprecation use of TLS 1.0. We no longer support the use of HTTPS TLS 1.0 encryption cyphers. Transport Layer Security (TLS) 1.1 or higher is now a minimum requirement for service interconnectivity, thus ensuring we are protected against potential vulnerabilities exposed through customer adoption of old and unsupported connection/browser ciphers.
- Enforcement of HSTS. We now enforce the use of HTTP Strict Transport Security (HSTS) for all data communications. This ensures we remain compliant to the OWASP principles and protect our data assets from potential ‘man in the middle’ attacks.
- Enforcement of a number of browser cookies to adopt ‘Secure’ and ‘HTTPonly’ flags, again ensuring we remain compliant to the OWASP principles and protect our data assets from potential ‘man in the middle’ attacks.
- Enforced use of ‘authentication tokens’ in all API calls. We have deprecated the use of simple authentication for our API services and thus no longer permit the use of username/password combinations for our API services. We now support the use of authentication tokens for all API interconnectivity, enforced to a 1024bit encryption level. This ensures machine-to-machine data services are secured using stronger authentication methods that cannot easily be intercepted or replicated.
Providing a quality field service platform that sustains long-term value and usability is our top priority. This commitment is demonstrated to our clients through our ISO 9001 accredited Quality Management System, and to our wider stakeholder network through our ISO 14001 Environmental Management System.
We’re proud to achieve these internationally recognised standards, which serve as a mark of our dedication to quality and environmental responsibilities.
Our ISO 9001 Accreditation
Providing service companies with a quality software solution that sustains real long-term value, is our primary objective. In order to achieve this, Oneserve implement a stringent quality management system which is ISO 9001 certified.
What is a quality management system?
The ISO 9001 quality management system (or QMS) is an internationally recognised standard, awarded to organisations that demonstrate a serious commitment to quality. The key objectives of this certification is to ensure organisations operate and continually improve their processes, to deliver the most value to their customers and stakeholders.
In order to achieve this standard, we continually review and refine our processes to ensure they meet the strict regulatory requirements. This would not be possible without maintaining a flexible approach that enables us to deliver continuous improvement where and whenever needed.
Importantly, we recognise this flexibility is a core component of our success. What’s more, we understand that this flexibility is required in many other business, especially in those that offer a service.
What this mean for you
Choosing a software provider that is ISO 9001 certified, means you have an internationally recognised quality product that will sustain its value in the long-term. This means you only need to buy once and your system will continue to evolve alongside you, enabling you to achieve your business objectives on time and in budget.
What this means for your customers
If you provide a service, you need a reliable system that enables you to meet your customers’ needs better than any competitors. Our service management software continues to provide a single solution for improving workforce productivity, cutting costs and reducing wasted resources. As we continue to evolve our SaaS offering, you can continue to develop innovative ways to deliver outstanding customer service.
Our ISO 14001 accreditation
As a SaaS provider, it’s not just the vast efficiency gains our intuitive software delivers, that makes us happy. We’re also proud of the huge impact our cloud based platform has on the environment by reducing the amount of paperwork used by thousands of service engineers and back office staff. But that’s not all…
For us, smarter business practices include incentives to work greener. We take our own environmental responsibilities very seriously and practice an environmental management system that is 14001 certified.
This accreditation demonstrates our fulfilment of compliance obligations and sets clear environmental objectives for sustainable processes followed by everyone in our organisation.
As long-term value adding partners, we believe is it of critical importance to contribute to a cleaner, greener environment that sustains business longevity.