Skip to main content
20 years of Onefile: Innovation. Collaboration. Celebration. Learn more →
Contact
Log In

Information security policy

We are committed to protecting all our information against any loss of confidentiality, integrity and availability. As part of this commitment, we will implement, maintain and continually improve an ISO 27001 compliant information management system.

It is our policy to:-

  • To protect all our information assets against loss of confidentiality, integrity or availability.
  • Mitigate the risks associated with the theft, loss, misuse, damage or abuse of these assets.
  • Ensure that information users are aware of and comply with all current and relevant information security regulations and legislation.
  • Provide a safe and secure information system working environment for staff and any other authorised users.
  • Make certain that all authorised users understand and comply with this policy and supporting policies and procedures
  • Protect the organisation from liability or damage through the misuse of its information.
  • Ensure that all users understand their own responsibilities for protecting the confidentiality and integrity of the information they handle.

We will assess and regularly review all information security risks through our risk assessment process and we will define the necessary controls to mitigate these risks.

We will define information security objectives and improvement actions that are related to this policy and to our information security risks. We will regularly evaluate progress against these objectives through our ‘Management Review’ process.

We will monitor access to and use of our information in order to establish the effectiveness of our information management system and to identify potential improvements.

Any staff or other authorised user that suspects there has been or is likely to be a breach of information security has a duty to immediately inform a member of management. In the event of a suspected or actual security breach, we may disable or remove any users, data or anything else necessary to secure our information systems.

This policy applies to all employees, visitors, contractors and any other parties accessing our information. This policy relates to the use of all our information assets, to all privately owned systems when connected directly or indirectly to our information systems and to all owned and/or licensed software/data.

Any failure to comply with this policy may lead to disciplinary action, including dismissal, or prosecution. In the case of a contractor failing to comply with this policy, their contract may be cancelled the contractor reported to the relevant authorities, including the police.

Version 3

Last reviewed: 7th August 2024

Browser support policy

This policy defines the web browsers which we support for our online systems and services.

  1. Statistics for browser support are based on information collected from Google Analytics on the login pages used by all our products.
  2. The list of supported browsers is reviewed on a calendar-monthly basis.
  3. Only the latest stable version of browsers which adopt a rapid release cycle will be supported. This is due to the nature of rapid-release, meaning browser support could change on a weekly basis. When a new version of a browser is released, we will endeavour to ensure that our software is operable as soon as reasonably possible. From time to time, browser updates may reduce functionality of live sites.
  4. On Jun 15th 2022, Microsoft ended support for Internet Explorer 11, and therefore, we no longer provide browser support for this or any version of Internet Explorer.

Browser support termination policy

When a browser falls below 2% user base coverage, it will no longer be supported.

Currently supported browsers

BROWSER VERSION SUPPORT STATUS
Chrome (latest stable) Supported
Chrome (previous releases) Unsupported
Edge (latest stable) Supported
Edge (previous releases) Unsupported
Safari (latest stable) Supported
Safari (previous releases) Unsupported
Internet Explorer 11 or older Unsupported
Firefox (latest stable) Unsupported
Firefox (previous releases) Unsupported

 

Changes to this browser policy

We review this browser policy regularly and update it accordingly.

Version 3
Last reviewed: 27 September 2022

Customer data backup policy - Effective 19th August 2017

1. Description

This backup policy describes the conditions and archiving procedures in which Onefile Ltd (“we”) backup and archive the data that you upload and store in our online software applications (“Customer Data”).

2. Scope

This policy is only applicable to customers with an active contract supported by a written agreement (the “Agreement”).

3. Definitions

Item Definition
Backup Means any copy of the Customer Data that is taken on a regular basis and stored in a secure location and is further defined in section 5;
Backup Retention Period Means the amount of time in days that we hold Backups for in the event of DR;
DR Means disaster recovery and is the approach taken to recover services in the event of an Incident;
Incident" Means an event that affects either the availability, confidentiality or integrity of the Customer Data;
RPO Means the recovery point objective as defined in section 4 which is the targeted maximum age of Customer Data that may be unrecoverable following an incident;
RTO Means the recovery time objective as defined in section 4 which is the targeted maximum duration of time for the Services to be fully restored following any incident;
Services Shall have its meaning as defined in the Agreement

4. Backup Objectives

4.1 The RPO is 30 minutes. 4.2 The RTO is 30 minutes. 4.3 The Backup Retention Period is 45 days.

5. Tracker ILR Back up Objectives

5.1 The RPO is 1 day. 5.2 The RTO is 7 days. 5.3 The Backup Retention Period is 45 days.

6. Policy Principles

6.1 Backups are used by Onefile for recovering data in the event of an Incident. 6.2 Backups are stored in UK data centres certified to ISO27001 standard and will never be moved outside the UK or a location that does not meet this standard, unless otherwise explicitly stated in your agreement. 6.3 Backups consist of: 6.3.1 Database Backups which are taken throughout the day at intervals no less than the RPO and copied to a DR data centre located within the UK 6.3.2 File backup copies which are taken throughout the day, and stored at a DR data centre 6.4 Backups from the previous day are tested each day to ensure they are valid. 6.5 Only named employees of Onefile Ltd have access to Backups. 6.6 Files are stored in an encrypted form when saved to the storage system. 6.7 The DR site data centre is maintained with equivalent capabilities as the production data centre to ensure the continuation of service performance in the event of a serious incident.

7. Updates

Any amendments to this policy will be notified to customers with 30 days’ notice. Version 6 Last reviewed: 27 October 2023 Also see: Information Security Policy.

Fair use policy

This Fair Use policy sets out the terms between you and us under which you may access any of our websites under the onefile.co.uk domain name ("our site"). This policy applies to all users of our site.

Your use of our site means that you accept, and agree to abide by, all the policies in this Fair Use policy, which supplement our terms of website use at http://www.onefile.co.uk/policies/terms.

Our site operated by Onefile Ltd ("we" or "us").  We are registered in England and Wales under company number 04404879 and we have our registered office and main trading address at 6th Floor, Cornerblock, Quay Street, Manchester M3 3HN. Our VAT number is 7920825685.

A small number of users are responsible for generating large volumes of traffic on our network, which can impact the service we offer to our other customers. Our fair use policy is designed to ensure that all of our customers receive a fast and reliable service.

Service Fair Use Policy
Eportfolio An individual eportfolio should not exceed 4.7GB in size (the same capacity as a DVD). Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
RPL Funding Calculator An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
Enrol An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
ILR An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.

The data volumes include both downloaded and uploaded data.  A gigabyte is 1024 megabytes (MB).  The majority of our customers will not be impacted by the fair use policy.

If in, our reasonable opinion, you are abusing the service in any way, such as exceeding the fair use policy, we may ask you to moderate your behaviour – and in extreme cases, we may limit the speed of, or block your access to, data services, or we may disconnect you. 

Version 2.4
Last reviewed: 13th September 2023

Standard support services policy

Scope

This policy describes the standard support services that are provided to all customers using the Onefile software and services.

It does not apply to:

  • Customers with enhanced support packages

Definitions

In this policy:
Agreement” means the separate documented agreement that has been signed by Onefile Ltd and the customer;

“Authorised Users” means the persons who have authorised to use the software as defined in the Agreement;

Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business;

Normal Business Hours” means 9.00 am to 5.30 pm local UK time, each business day.

Policy

Telephone Support

  • Telephone support will be provided during normal business hours as specified in the agreement
  • During busy periods, a message will be taken if a support advisor is unable to take the call and the call will be returned within 12 Normal Business Hours
  • All telephone calls will be logged in our helpdesk software and issued with a unique ticket reference

Email Support

  • Email support will be provided during normal business hours to all authorised users
  • All support enquiries will be responded to within 12 normal business hours
  • All email enquiries will be logged in our helpdesk software and issued with a unique ticket reference

Qualifications

  • Qualifications provided by the awarding body will be input by Onefile Ltd and a timescale will be provided for completion within 12 normal business hours

Online Support

  • Access to user guides and help pages

Version 1
Last reviewed: 2nd October 2023

Quality Policy

Specific quality objectives will be set and reviewed through our management review process. To help achieve these, we will maintain a quality system that meets BS EN ISO9001- “Quality Management Systems - Requirements”.

We will strive to continually improve our performance by regularly evaluating our products and services and identifying actions that our objectives are achieve and that problems are prevented.

Actions

In order for the policy to be implemented the following actions must be undertaken:

  1. Quality objectives and related measures to be set by the company and monitored throughout the year.
  2. Quality measures to be reviewed at least once per year at the management review meeting to ensure that they are still relevant
  3. A management review will take place on an annual basis to review all of the points relevant to the maintenance of a quality system in compliance with BS EN ISO9001, these being:-
    1. Review of the organisaitonal context of the business and updating of the risk and opportunities log
    2. Evaluation of the effectiveness of the quality management system
    3. Performance and conformity of our products and systems
    4. Review of non conformity and corrective actions resulting from external and  internal audit
    5. Approval of Quality measures for the coming year
    6. Review of the adequacy of resources
    7. Opportunities for improvement
    8. Review of training and development needs of the company
    9. Review of the organizational knowledge of the company
  4. Successful maintenance of the ISO9001 accreditation

Version 2
Last reviewed: 5th September 2024

Onefile is the leading learner management platform that streamlines workflows, unlocks funding and enables education and training providers to achieve higher learner success rates, at pace and at scale.

Proud to be part of Harris Computer,
powering positive change.

 

Company
Platform
Support
Terms

Newsletter Sign Up

Sign up
Cyber essentials
Onefile iso
Cyber essentials

© 2025 Onefile Ltd is registered in England with company number 4404879. The registered office is: 6th Floor, Cornerblock, Quay Street, Manchester, M3 3HN. VAT Number 792825685 © Onefile Ltd, 2005-2024. All Rights Reserved.

© 2025 Onefile Ltd is registered in England with company number 4404879. The registered office is: 6th Floor, Cornerblock, Quay Street, Manchester, M3 3HN. VAT Number 792825685 © Onefile Ltd, 2005-2024. All Rights Reserved.

Privacy Notice    Terms of Use