Skip to main content
20 years of Onefile: Innovation. Collaboration. Celebration. Learn more →
Contact
Log In

Information security policy

Purpose

The purpose of this document is to demonstrate the management board’s commitment to information security and privacy by providing the over-arching policy statements to which all subordinate polices and control must adhere.
 
Policy
 
The Management of Onefile Limited located 6th Floor Corner Block, Quay Street, Manchester, M3 3HN operates primarily in the business of software as a service (SaaS) for education, training, learning and development records management.
 
We are committed to preserving the confidentiality, integrity, availability and privacy of all the physical and electronic information and information-related assets to meet the purpose and goals of the organisation as summarised in 4 Context of the organisation.
 
Information and information security and privacy requirements will continue to be aligned with the organisation’s business goals and will consider the internal and external issues affecting the organisation and the requirements of interested parties.
 
Our Information Management System (IMS) Objectives are outlined and measured in accordance with the requirements of the ISO/IEC 27001 and ISO/IEC 27701.
 
The IMS is intended as a mechanism for managing information security and privacy related risks and improving the organisation to help deliver its overall purpose and goals.
 
The online platform environment including our approach to risk management provides the context for identifying, assessing, evaluating, and controlling information-related risks through the establishment and maintenance of an IMS.
 
The approach taken towards Risk Assessment and management, the Statement of Applicability and the wider requirements set out for meeting ISO 27001 and ISO 27701 identify how information security and privacy related risks are addressed.
 
The Management Review Board is responsible for the overall management and maintenance of the risk treatment plan with specific risk management activity tasked to the appropriate owner within the organisation. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks, for example during special projects that are completed within the context.
 
Control objectives for each of these areas are supported by specific documented policies and procedures in the online environment and they align with the comprehensive controls listed in Annex A of the ISO 27001 standard and Annex A and B of the ISO 27701 standard.
 
All employees and relevant Interested Parties associated to the IMS have to comply with this policy. Appropriate training and materials to support it are available for those in scope of the IMS and communication forums such as the IMS communications group are available to ensure engagement on an ongoing basis.
 
The IMS is subject to review and improvement by the Management Review Board which is chaired by the Compliance Lead and has ongoing senior representation from appropriate parts of the organisation. Other executives/specialists needed to support the IMS framework and to periodically review the security and privacy policy and broader IMS are invited in the Board meetings and complete relevant work as required, all of which is documented in accordance with the standard.
 
We are committed to achieving and maintaining certification of the IMS to ISO 27001 and ISO 27701 along with other relevant accreditations against which our organisation has sought certification.
 
This policy will be reviewed regularly to respond to any changes in the business, its risk assessment or risk treatment plan, and at least annually.
 
Version 4.1
Last Updated 10th October 2025
 

Browser support policy

This policy defines the web browsers which we support for our online systems and services.

  1. Statistics for browser support are based on information collected from Google Analytics on the login pages used by all our products.
  2. The list of supported browsers is reviewed on a calendar-monthly basis.
  3. Only the latest stable version of browsers which adopt a rapid release cycle will be supported. This is due to the nature of rapid-release, meaning browser support could change on a weekly basis. When a new version of a browser is released, we will endeavour to ensure that our software is operable as soon as reasonably possible. From time to time, browser updates may reduce functionality of live sites.
  4. On Jun 15th 2022, Microsoft ended support for Internet Explorer 11, and therefore, we no longer provide browser support for this or any version of Internet Explorer.

Browser support termination policy

When a browser falls below 2% user base coverage, it will no longer be supported.

Currently supported browsers

BROWSER VERSION SUPPORT STATUS
Chrome (latest stable) Supported
Chrome (previous releases) Unsupported
Edge (latest stable) Supported
Edge (previous releases) Unsupported
Safari (latest stable) Supported
Safari (previous releases) Unsupported
Internet Explorer 11 or older Unsupported
Firefox (latest stable) Unsupported
Firefox (previous releases) Unsupported

 

Changes to this browser policy

We review this browser policy regularly and update it accordingly.

Version 3.1
Last reviewed: 10th October 2025

Customer data backup policy - Effective 19th August 2017

1. Description

This backup policy describes the conditions and archiving procedures in which Onefile Ltd (“we”) backup and archive the data that you upload and store in our online software applications (“Customer Data”).

2. Scope

This policy is only applicable to customers with an active contract supported by a written agreement (the “Agreement”).

3. Definitions

Item Definition
Backup Means any copy of the Customer Data that is taken on a regular basis and stored in a secure location and is further defined in section 5;
Backup Retention Period Means the amount of time in days that we hold Backups for in the event of DR;
DR Means disaster recovery and is the approach taken to recover services in the event of an Incident;
Incident" Means an event that affects either the availability, confidentiality or integrity of the Customer Data;
RPO Means the recovery point objective as defined in section 4 which is the targeted maximum age of Customer Data that may be unrecoverable following an incident;
RTO Means the recovery time objective as defined in section 4 which is the targeted maximum duration of time for the Services to be fully restored following any incident;
Services Shall have its meaning as defined in the Agreement

4. Backup Objectives

4.1 The RPO is 30 minutes. 4.2 The RTO is 30 minutes. 4.3 The Backup Retention Period is 45 days.

5. Tracker ILR Back up Objectives

5.1 The RPO is 1 day. 5.2 The RTO is 7 days. 5.3 The Backup Retention Period is 45 days.

6. Policy Principles

6.1 Backups are used by Onefile for recovering data in the event of an Incident. 6.2 Backups are stored in UK data centres certified to ISO27001 standard and will never be moved outside the UK or a location that does not meet this standard, unless otherwise explicitly stated in your agreement. 6.3 Backups consist of: 6.3.1 Database Backups which are taken throughout the day at intervals no less than the RPO and copied to a DR data centre located within the UK 6.3.2 File backup copies which are taken throughout the day, and stored at a DR data centre 6.4 Backups from the previous day are tested each day to ensure they are valid. 6.5 Only named employees of Onefile Ltd have access to Backups. 6.6 Files are stored in an encrypted form when saved to the storage system. 6.7 The DR site data centre is maintained with equivalent capabilities as the production data centre to ensure the continuation of service performance in the event of a serious incident.

7. Updates

Any amendments to this policy will be notified to customers with 30 days’ notice.

Version 4.1 

Last reviewed: 10th October 2025.

Fair use policy

This Fair Use policy sets out the terms between you and us under which you may access any of our websites under the onefile.co.uk domain name ("our site"). This policy applies to all users of our site.

Your use of our site means that you accept, and agree to abide by, all the policies in this Fair Use policy, which supplement our terms of website use at http://www.onefile.co.uk/policies/terms.

Our site operated by Onefile Ltd ("we" or "us").  We are registered in England and Wales under company number 04404879 and we have our registered office and main trading address at 6th Floor, Cornerblock, Quay Street, Manchester M3 3HN. Our VAT number is 7920825685.

A small number of users are responsible for generating large volumes of traffic on our network, which can impact the service we offer to our other customers. Our fair use policy is designed to ensure that all of our customers receive a fast and reliable service.

Service Fair Use Policy
Eportfolio An individual eportfolio should not exceed 4.7GB in size (the same capacity as a DVD). Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
RPL Funding Calculator An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
Enrol An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.
ILR An individual applicant should not exceed 1GB per application. Combined daily bandwidth usage (uploads and downloads) should not exceed 10GB per user.

The data volumes include both downloaded and uploaded data.  A gigabyte is 1024 megabytes (MB).  The majority of our customers will not be impacted by the fair use policy.

If in, our reasonable opinion, you are abusing the service in any way, such as exceeding the fair use policy, we may ask you to moderate your behaviour – and in extreme cases, we may limit the speed of, or block your access to, data services, or we may disconnect you. 

Version 2.5
Last reviewed: 10 October 2025

Standard support services policy

Scope

This policy describes the standard support services that are provided to all customers using the Onefile software and services.

It does not apply to:

  • Customers with enhanced support packages

Definitions

In this policy:
Agreement” means the separate documented agreement that has been signed by Onefile Ltd and the customer;

“Authorised Users” means the persons who have authorised to use the software as defined in the Agreement;

Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business;

Normal Business Hours” means 9.00 am to 5.30 pm local UK time, each business day.

Policy

Telephone Support

  • Telephone support will be provided during normal business hours as specified in the agreement
  • During busy periods, a message will be taken if a support advisor is unable to take the call and the call will be returned within 12 Normal Business Hours
  • All telephone calls will be logged in our helpdesk software and issued with a unique ticket reference

Email Support

  • Email support will be provided during normal business hours to all authorised users
  • All support enquiries will be responded to within 12 normal business hours
  • All email enquiries will be logged in our helpdesk software and issued with a unique ticket reference

Qualifications

  • Qualifications provided by the awarding body will be input by Onefile Ltd and a timescale will be provided for completion within 12 normal business hours

Online Support

  • Access to user guides and help pages

Version 1
Last reviewed: 10th October 2025

Quality Policy

Purpose

The purpose of this document is to demonstrate the management boards commitment to quality management and to provide the over-arching policy statement to which all subordinate policies and controls must adhere to.
 
Quality policy statement
 
Everyone within scope is committed to:
 
  • Consistently providing products and services that meet customer and applicable statutory and regulatory requirements.
  • Facilitating opportunities to enhance customer satisfaction.
  • Addressing risks and opportunities associated with its context and objectives.
  • Adherence to documented policies and procedures.
  • Continual improvement of the QMS
  • Satisfying applicable requirements from interested parties.
Management hold ultimate responsibility to ensuring quality within its products and services. This is managed through this ISO 9001:2015 Quality Management System (QMS).
 
The QMS continues to be aligned with the organization’s business goals and will consider the internal and external issues affecting the organization and the requirements of interested parties.
 
Our QMS Objectives are outlined and measured in accordance with the requirements of the ISO 9001:2015 standard. The QMS is intended as a mechanism for managing quality towards products and services.
 
The online platform environment including our approach to quality management provides the context for the Plan, Do, Check, Act (PDCA) cycle as described within ISO 9001:2015.
 
The QMS is subject to review and improvement by the QMS board. Other executives/specialists needed to support the QMS framework, or to periodically review the quality management system, are invited by the QMS Board. They complete relevant work as required, all of which is documented in accordance with the standard.
 
This policy will be reviewed regularly, and at least annually, to respond to any changes in the business.
 
Document owner and approval
 
The EVP is the owner of this document and is responsible for ensuring that this policy is reviewed in line with the requirements set out in ISO 9001:2015.
 
Version 3.1
Last Updated 10th October 2025

Onefile is the leading learner management platform that streamlines workflows, unlocks funding and enables education and training providers to achieve higher learner success rates, at pace and at scale.

Proud to be part of Harris Computer,
powering positive change.

 

Company
Platform
Support
Terms

Newsletter Sign Up

Sign up
Cyber essentials
Onefile iso
Cyber essentials

© 2025 Onefile Ltd is registered in England with company number 4404879. The registered office is: 6th Floor, Cornerblock, Quay Street, Manchester, M3 3HN. VAT Number 792825685 © Onefile Ltd, 2005-2024. All Rights Reserved.

Onefile Ltd is registered in England with company number 4404879. The registered office is: 6th Floor, Cornerblock, Quay Street, Manchester, M3 3HN. VAT Number 792825685. © Onefile Ltd 2025. All Rights Reserved.

Privacy Notice    Terms of Use