Ascensio System SIA

ONLYOFFICE cloud service

A cloud-based full-stack office suite with collaborative online editors for documents, spreadsheets and presentations, document management system, CRM, project management features, mail, calendars and corporate communication hub. ONLYOFFICE cloud service offers advanced security and monitoring features and is complemented with free ONLYOFFICE Desktop Editors and mobile applications.

Features

  • set of professional document editing and formatting tools
  • two co-editing modes (real-time and paragraph-locking)
  • real-time collaboration with comments, chat, change tracking and versions
  • advanced document permissions: commenting, reviewing, filling forms
  • productivity tools to manage documents, emails, contacts, events
  • communication hub with blogs, forums, wiki, bookmarks, chat
  • advanced security options: 2FA, E2E encryption, data logging and monitoring
  • free connectable desktop editors for Windows, Linux and Mac
  • mobile office for iOS and Android, mobile project management (iOS)

Benefits

  • all-in-one business solution
  • highest MS Office format compatibility
  • integration with third-party services
  • reliable hosting
  • full GDPR compliance
  • branding options
  • scalability
  • no installation required
  • regular updates and professional tech support

Pricing

£1.61 to £4.03 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@onlyoffice.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 5 1 8 1 5 5 3 4 7 1 3 3 7 6

Contact

Ascensio System SIA Konstantin Maistrenko
Telephone: +44 20 3287 1086
Email: sales@onlyoffice.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
Access to a web browser (supported browsers listed further)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1-2 days, excluding weekends
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We haven't done any web chat testing with assistive technology users ourselves.
Onsite support
No
Support levels
Level 1: functionality consultation, minor bug reporting, general questions, pre-sale assistance
Level 2: major bugs that require specific knowledge and the assistance of the developer team

Both levels are included in the price of the solutions.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide technical assistance by our Professional Services team, private demonstrations on request, complete user documentation available in our Help Center, and a variety of resources including our blog, video tutorials and webinars (live and on-demand).
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Upon the end of the contract, users have the right to request a digital copy of their data in a structured, commonly used and machine-readable format to be able to move from one service to another.

This can be achieved by using data backup options or by request to a support service.
End-of-contract process
Upon the end of the contract, the ONLYOFFICE portal is deactivated and direct access to the interface is blocked.

The portal data is stored on the server for 6 months by default, and it is possible to export the data on request if the subscription is due and no backup copy had been exporter prior to deactivation.

The user data can be completely deleted on request: it becomes unavailable and gets completely erased within 60 days. Sometimes we have to store some Data for a longer period of time either due to technical limitations or to comply with the law.

There's no additional cost to any of the processes.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile web version supports all the features of the collaboration platform and supports most of the features of the online editors.

There are also additional mobile applications for the office suite (with document management) for iOS and Android and the project management app for iOS.
Service interface
Yes
Description of service interface
The service has a web interface, typical for each module's category (e.g. online office suite, CRM, document management system, etc.)

The interface is organized through toolbars, buttons, fields, and texts. Different components of the interface can be used via separate browser tabs.
Accessibility standards
None or don’t know
Description of accessibility
Of the EN 301 549 9 criteria for web, ONLYOFFICE supports the following items:
Non-text content
Use of color
Audio control
Contrast
Images of text
Keyboard
Page titled
Link purpose
Multiple ways
Headings and labels
Focus
Language
On focus
On input
Consistent navigation
Consistent identification
Error identification
Labels or instructions
Error suggestion
Error prevention
Parsing
Name, role, value

All other criteria stated in the chapter is not applicable.
Accessibility testing
We have not done any testing with users of assistive technology.
API
No
Customisation available
Yes
Description of customisation
Admins of the ONLYOFFICE portals can customize the interface appearance and change the set of components available to users and groups.

More information: https://helpcenter.onlyoffice.com/gettingstarted/configuration.aspx

Scaling

Independence of resources
ONLYOFFICE cloud service is hosted on Amazon AWS that provides opportunities for scaling and load balancing.

Analytics

Service usage metrics
Yes
Metrics types
Portal creation date;
the number of active users registered on your portal;
the storage space allowed for the selected pricing plan;
the total storage space used;
the storage space used by each portal module or tool;
the total number of visits per day;
audit trail data;
login history and online status.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data using the backup functionality
Data export formats
Other
Other data export formats
.TAR.GZ
Data import formats
Other
Other data import formats
TAR.GZ

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
On the side of the AWS data centers where the data is stored and processed, AWS will use commercially reasonable efforts to make AWS Systems Manager available with a Monthly Uptime Percentage of at least 99.9% (the “Service Commitment”).

Ascensio System SIA does not warrant that ONLYOFFICE or services provided under the agreement will meet particular user's requirements and that operation of ONLYOFFICE will be error-free or uninterrupted.

All payment obligations mentioned in the Terms of Service of ONLYOFFICE are non-cancellable and all amounts paid are non-refundable.
Approach to resilience
ONLYOFFICE cloud service data is stored in AWS infrastructure datacenters.

The AWS datacenter resiliency statement (taken from Amazon EC2 documentation):

The AWS global infrastructure is built around AWS Regions and Availability Zones. Regions provide multiple physically separated and isolated Availability Zones, which are connected through low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.

For more information about AWS Regions and Availability Zones, see AWS Global Infrastructure.

In addition to the AWS global infrastructure, Amazon EC2 offers the following features to support your data resiliency:

Copying AMIs across Regions
Copying EBS snapshots across Regions
Automating EBS snapshots using Amazon Data Lifecycle Manager
Maintaining the health and availability of your fleet using Amazon EC2 Auto Scaling
Distributing incoming traffic across multiple instances in a single Availability Zone or multiple Availability Zones using Elastic Load Balancing
Outage reporting
We provide email alerts to report outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Through the settings, the portal users with owner and admin rights can filter authentication using the following criteria:
- Trusted mail domains;
- IP restriction;
- Password length (on registration);
- Cookie lifetime (automatic logout).

2FA and Single Sign-On options can be chosen to additionally manage the authentication security.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
ONLYOFFICE Security Policy is based on the following principles:
Data on ONLYOFFICE cloud portals belong to the users.
Reliable hosting is used for cloud solutions.
Authentication filtering and monitoring tools are implemented to give users control over their portal activity.
The solutions are built with access management and data leak prevention measures.
Regular security testing is made to spot possible vulnerabilities and eliminate them within a reasonable time period.
Information security policies and processes
ONLYOFFICE sticks to data minimalism and transparency of all procedures with user data. ONLYOFFICE undergoes regular security testing and provides all necessary information about the status of possible vulnerabilities and outages.

Data security at rest and in transit is guaranteed by the standards to which AWS complies as a supplier of the infrastructure.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We run mandatory tests in-house by a QA Department when preparing each version of the software/component to the final release. Upon discovery of any possible bug, we assure the timely fix. This approach includes both proactive and reactive responses.
Vulnerability management type
Undisclosed
Vulnerability management approach
We assess potential threats via a variety of in-house testing activities. The patches are deployed within a period from 1 working day to one month, depending on the nature of the discovered issues. This class of issues is given a top priority under any circumstances.

The information about potential threats is obtained from both the known practice and routine testing procedures.
Protective monitoring type
Undisclosed
Protective monitoring approach
We offer convenient ways of reporting any potential compromises to assure that the issue is discovered and tackled in a timely manner. ONLYOFFICE does not have access to the activity of the portals, so there is no way to audit the potential compromises directly. We assure immediate response to the issues via communicating through the problem with the technical team of each customer.
Incident management type
Undisclosed
Incident management approach
The existing support system is the main means of directly reporting the incidents to the ONLYOFFICE Professional Services team.

ONLYOFFICE has a pre-defined process for dealing with common issues and the events related to the possible expected behavior.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.61 to £4.03 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The free trial is normally 30 days. Currently, it's set to 180 days as a special offer.

The free trial of ONLYOFFICE Cloud Service includes:
- All features;
- Up to 50 active users;
- Unlimited number of guests;
- 20 GB disk space;
- Technical support and onboarding.
Link to free trial
https://www.onlyoffice.com/saas.aspx

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@onlyoffice.com. Tell them what format you need. It will help if you say what assistive technology you use.