Advanced Software (return to the homepage)
Menu
Close
Advanced Software (return to the homepage)

Security

Security

Application Security

Secure Software Development

OneAdvanced takes the security of our software very seriously. We use the OWASP model and Software Assurance Maturity Model (SAMM) to define the security principles within our software development lifecycle. A secure build process thoroughly scans the code base and compiled code to check for expected security outcomes before it is released.

Security Testing

OneAdvanced’s policy dictates that all OneAdvanced applications and infrastructure be tested at least annually or on any significant reconfiguration or change. We used industry scoring standards to prioritise any vulnerabilities that may be identified through penetration tests.

Infrastructure

Network Security

Key security measures include firewall, network segmentation and remote access control. Networks and network services are monitored for potentially adverse events.

Endpoint Security

Endpoint Detection and Response (EDR) software is deployed across the enterprise and kept up to date with real-time protection features enabled.  All endpoints are closely monitored to detect and respond to potential threats.

Vendor security patches are applied as soon as possible based on a risk-driven approach.

Vulnerability Management

To identify issues within OneAdvanced's infrastructure, a combination of automated scanning tools, threat intelligence feeds, manual assessments, and agent-based vulnerability management solutions is used.

The potential severity, impact, and likelihood of exploitation for identified vulnerabilities are assessed using standardised risk scoring methodologies and remediation activities are prioritised accordingly in line with our internal standards.

Identity and Access Management

Access to OneAdvanced’s internal resources is granted based on the least privilege principle. These access requirements are based on legitimate business requirements and strong authentication mechanisms.

Customer identities are managed by a segregated identity platform and are guided by the same principles.

Operational Security

Security Logging and Monitoring

All relevant system events are logged and monitored to detect suspicious activity, security incidents, and policy violations. A dedicated Security Operations Centre monitors logs and event data 24/7.

Measures are in place to protect logs and ensure redundancy and resilience of log data.

Incident Management

OneAdvanced has a robust Cybersecurity Incident Management plan in place which establishes how we handle cybersecurity incidents at OneAdvanced.  A process for reporting security incidents has been established and our employees are routinely made aware of these reporting mechanisms. 

Reported incidents are promptly investigated, contained, and mitigated following a severity rating system that prioritises response based on the impact.  Communication channels have been established to notify relevant stakeholders about cybersecurity incidents and their potential impact.

Corporate Security

Personnel Security

All personnel, including those employed on fixed-term contracts, are subject to background checks prior to employment. These include identity, right to work, credit check, aptitude, experience, education, and security checks equal to their role and responsibilities. As necessary, enhanced security checks are completed when they are required.

All of OneAdvanced’s workforce are required to abide by our information security expectations per the established policies and procedures.  These responsibilities are clearly defined and communicated. 

Physical Security

OneAdvanced adheres to stringent physical security controls in compliance with ISO/IEC 27001 standards, ensuring that our physical access, equipment, and facilities are rigorously protected against unauthorised access and potential security breaches.

Risk Framework

Risk Management

OneAdvanced has developed a risk management policy and framework that addresses cybersecurity risks in every stage of a product's lifecycle. Management continuously reviews and tracks all risks.

Information Classification and Handling

OneAdvanced maintains an information classification schema. This schema determines what classification level and associated controls should be applied.

Security Assessment

The effectiveness of security of technology, people, and processes is routinely evaluated against established standards. OneAdvanced’s information security management approach and its implementation are independently reviewed at planned intervals or when significant changes occur.

Security Training and Awareness

A security training and awareness programme is in place to ensure all users receive appropriate information security awareness, education, and training. Our programme focuses on relevant information risks.

Expected security behaviour is highlighted and encouraged, while inappropriate security behaviour is identified and addressed.

Third-Party Risk Management

OneAdvanced has implemented a third-party risk management framework to assess, monitor, and control security risks posed by subcontractors and other authorised external parties.

Third parties and subcontractors must meet the security criteria defined by OneAdvanced. All subcontractors undergo a risk assessment before gaining access to OneAdvanced systems. Only authorised subcontractors with signed agreements and adequate security measures are permitted access, which is regularly reviewed to ensure compliance.