Providing a quality field service platform that sustains long-term value and usability is our top priority. This commitment is demonstrated to our clients through Oneserve Ltd maintaining the following accreditations: ISO 27001:2013 Security Management standard, ISO 9001:2015 Quality Management System, and to our wider stakeholder network through our ISO 14001:2015 Environmental Management System and 45001:2018 Occupational Health and Safety.
In order to achieve these standards, we continually review and refine our processes to ensure they meet or exceed them. This is regularly verified by an independent external auditor, QMS International Ltd. This would not be possible without maintaining a flexible approach that enables us to deliver continuous improvement where and whenever needed.
We’re proud to achieve these internationally recognised standards, which serve as a mark of our dedication to the quality of our organisation.
Our ISO 9001 Accreditation
Providing service companies with a quality software solution that sustains real long-term value, is our primary objective. In order to achieve this, Oneserve implements a quality management system which is ISO 9001 certified.
What is a quality management system?
The ISO 9001 quality management system (or QMS) is an internationally recognised standard, awarded to organisations that demonstrate a serious commitment to quality. The key objectives of this certification is to ensure organisations operate and continually improve their processes, to deliver the most value to their customers and stakeholders.
What this means for you
Choosing a software provider that is ISO 9001 certified, means you are partnering with an internationally recognised quality service provider.
Our ISO 27001 Security Management accreditation
This international security standard specifies that Oneserve do the following:
We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
We design and implement a comprehensive suite of information security controls and other forms of risk management to security risks.
We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
Our ISO 14001 Environmental Management System accreditation
As a SaaS provider, it’s not just the vast efficiency gains our intuitive software delivers, that makes us happy. We’re also proud of the huge impact our cloud based platform has on the environment by reducing the amount of paperwork used by thousands of service engineers and back office staff. But that’s not all…
For us, smarter business practices include incentives to work greener. We take our own environmental responsibilities very seriously and practice an environmental management system that is 14001 certified.
This accreditation demonstrates our fulfilment of compliance obligations and sets clear environmental objectives for sustainable processes followed by everyone in our organisation.
As long-term value adding partners, we believe it is of critical importance to contribute to a cleaner, greener environment that sustains business longevity.
45001 Occupational Health and Safety
The 45001 standard that Oneserve is accredited for is an occupational health and safety (OH&S) management system. This standard enables Oneserve to provide a safe and healthy workplace by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
Oneserve operates business-critical services for our clients; as such, we handle vast amounts of commercial and personal sensitive data and information daily. Protecting this information from unauthorised access or malicious behaviour is of utmost importance to us, as is ensuring the services we provision and manage are secured to appropriate standards using rigorous controls and methods.
We adopt several operational principles and practices regarding information security:
The Oneserve platform is secure and privately housed in a world-class data centre in the cloud. Oneserve runs on a high-performing, highly available, and secure architecture, with users accessing its critical capabilities over secure SSL browsers and native mobile applications.
Our Development and CloudOps teams work closely with leading security firms, our cloud providers and the security community to ensure that the platform is constantly monitored, updated, and secure.
Multiple threat categories are monitored, from physical to internet attack vectors. Advanced techniques and technology limit the breadth of access to our architecture at any point in time, as well as spoofing and man-in-the-middle attacks.
Oneserve ‘data’ is more than just data, it is people’s private and valuable information, and we need to ensure that we are fully compliant with the current GDPR. All our personnel are trained In GDPR, with additional training given to specific job roles where required.
Fully controlled environments are deployed to create a ‘separation of concerns’ between production, test and development solutions. Such separations are both physically and logically achieved. All development activities include full peer review and code check-in validation routines and extensive application and build verification and validation measures.
The use of customer data for testing is prohibited, and control methods are adopted to verify test data usage at all times, including disposal.
All change requests are handled via a dedicated ticketing system with appropriate approval processes, which offers a complete audit trail, and includes processing security validations and change risk assessments.
Development, Administration, CloudOps teams are on and off-boarded to ensure that we provide appropriate access to the code repositories, development, staging and production environments for their role.
Datacentre access to the cloud environment is heavily controlled and physically restricted.
Proactive application componentry and tooling upgrades, scanning, testing and implementation are undertaken to ensure protection from ever-evolving threats on this front. All third-party components are researched and analysed to ensure no unexpected behaviour occurs from any of the elements of the system.
For components our Cloud partner does not manage, the CloudOps team performs regular, planned upgrades to the nodes and underlying hardware, meaning we are always in touch with and part of any maintenance activity on the system.
Multi-step authentication is applied across the platform, where a new account is required to perform additional validation steps via email.
Access to the Oneserve application is provisioned by encrypted communication between end-users and the hosted applications. No unauthorised access is permitted to the environment. All users are allocated relevant access rights within the Oneserve application to control their access levels to information and the actions they may undertake.
Credentials are tied to individuals, and permissions are granted at a granular level. The involvement of multiple personnel is practised when access to core security features of the application is required.
All Oneserve systems employ audit/logging functionality, ensuring normal and unexpected operation activities have audit trails kept for pre-defined periods in a controlled and secure manner. This includes all critical operational information relating to system activity. Additionally, security violations are recorded, including (but not limited to) logging of any DDoS and brute-force login attempts.
Secure Data Transport
All data in transit is SSL SHA2 512bit encrypted and certified with GeoTrust RSA CA certificates, an intermediate root in the GeoTrust public key infrastructure (PKI) required to complete a certificate chain during the SSL handshake.
Oneserve is accredited to the Cyber Essentials Scheme standard and is certified to ISO/IEC 27001:2013 standard, including maintaining all relevant information security and assurance operational policies, standards and risk assessments.
Our organisation has an appointed Information Data Controller who assumes accountability and responsibility for all security matters on behalf of Oneserve. All information assets are identified, recorded and managed under strict change control processes.
All security exceptions are reported to the Data Controller, and a formal security incident handling process is operated at all times. Oneserve business, and thus all operational and technical aspects, adhere to the Data Protection Act 2018 and the General Data Protection Regulation 2016.
Oneserve undertakes regular (at least annually) security penetration, web application threat and vulnerability tests and formal risk assessments. Such activities are completed using the services of CREST and CHECK accredited partners. Any risks and vulnerabilities identified are assessed and will be remediated if required, and learning is recycled into development and operational activities as part of our standard operating procedures. All security threat and vulnerability activities are undertaken against standards-based check methods, including international OWASP security standards.
Our software development lifecycle adopts the OWASP system and application security principles and framework.
Monitoring and Alerting
To be constantly informed about the status of our service, we combine proactive scanning of maintenance schedules and security threat alerts. Our CloudOps team use leading tooling both in the cloud datacentre and externally to monitor the pulse of our service and receive automated alerts should anything move outside of tight expectation thresholds.
What we deliver
Oneserve has been trusted for over a decade to support the social housing sector, helping registered providers and contractors to deliver the positive repairs and maintenance service tenants deserve.
Who we serve
Switching to Oneserve can help you take control of this key area of your service delivery by boosting your efficiency, increasing productivity and enhancing the quality of your customer service.