Welcome to a world of secure, reliable technology.
At OneAdvanced, we know how important security is to your business. That’s why we put trust and protection at the heart of everything we do. From safeguarding data to keeping your operations running smoothly, we’ve got you covered.
OneAdvanced takes the security of our software very seriously. We use the OWASP model and Software Assurance Maturity Model (SAMM) to define the security principles within our software development lifecycle. A secure build process thoroughly scans the code base and compiled code to check for expected security outcomes before it is released.
OneAdvanced’s policy dictates that all OneAdvanced applications and infrastructure be tested at least annually or on any significant reconfiguration or change. We used industry scoring standards to prioritise any vulnerabilities that may be identified through penetration tests.
Key security measures include firewall, network segmentation and remote access control. Networks and network services are monitored for potentially adverse events.
Endpoint Detection and Response (EDR) software is deployed across the enterprise and kept up to date with real-time protection features enabled. All endpoints are closely monitored to detect and respond to potential threats.
Vendor security patches are applied as soon as possible based on a risk-driven approach.
To identify issues within OneAdvanced's infrastructure, a combination of automated scanning tools, threat intelligence feeds, manual assessments, and agent-based vulnerability management solutions is used.
The potential severity, impact, and likelihood of exploitation for identified vulnerabilities are assessed using standardised risk scoring methodologies and remediation activities are prioritised accordingly in line with our internal standards.
Access to OneAdvanced’s internal resources is granted based on the least privilege principle. These access requirements are based on legitimate business requirements and strong authentication mechanisms.
Customer identities are managed by a segregated identity platform and are guided by the same principles.
All relevant system events are logged and monitored to detect suspicious activity, security incidents, and policy violations. A dedicated Security Operations Centre monitors logs and event data 24/7.
Measures are in place to protect logs and ensure redundancy and resilience of log data.
OneAdvanced has a robust Cybersecurity Incident Management plan in place which establishes how we handle cybersecurity incidents at OneAdvanced. A process for reporting security incidents has been established and our employees are routinely made aware of these reporting mechanisms.
Reported incidents are promptly investigated, contained, and mitigated following a severity rating system that prioritises response based on the impact. Communication channels have been established to notify relevant stakeholders about cybersecurity incidents and their potential impact.
All personnel, including those employed on fixed-term contracts, are subject to background checks prior to employment. These include identity, right to work, credit check, aptitude, experience, education, and security checks equal to their role and responsibilities. As necessary, enhanced security checks are completed when they are required.
All of OneAdvanced’s workforce are required to abide by our information security expectations per the established policies and procedures. These responsibilities are clearly defined and communicated.
OneAdvanced adheres to stringent physical security controls in compliance with ISO/IEC 27001 standards, ensuring that our physical access, equipment, and facilities are rigorously protected against unauthorised access and potential security breaches.
OneAdvanced has developed a risk management policy and framework that addresses cybersecurity risks in every stage of a product's lifecycle. Management continuously reviews and tracks all risks.
OneAdvanced maintains an information classification schema. This schema determines what classification level and associated controls should be applied.
The effectiveness of security of technology, people, and processes is routinely evaluated against established standards. OneAdvanced’s information security management approach and its implementation are independently reviewed at planned intervals or when significant changes occur.
A security training and awareness programme is in place to ensure all users receive appropriate information security awareness, education, and training. Our programme focuses on relevant information risks.
Expected security behaviour is highlighted and encouraged, while inappropriate security behaviour is identified and addressed.
OneAdvanced has implemented a third-party risk management framework to assess, monitor, and control security risks posed by subcontractors and other authorised external parties.
Third parties and subcontractors must meet the security criteria defined by OneAdvanced. All subcontractors undergo a risk assessment before gaining access to OneAdvanced systems. Only authorised subcontractors with signed agreements and adequate security measures are permitted access, which is regularly reviewed to ensure compliance.
At OneAdvanced, we don’t just offer software solutions. We stand as your strategic partner in building a secure digital future. By integrating rigorous security measures, we ensure the reliability and scalability of our solutions for businesses like yours. Security isn’t just about mitigating risks—it’s about fostering long-lasting trust and partnership.