Certifications & Audits

Overview of our certifications, audits and compliance roadmap. Onesurance continuously invests in achieving and maintaining the highest security standards.

Certifications overview

  • ISO 27001 certification — Q2 2026
  • ISMS fully operational — Information security management system active
  • Semi-annual internal audits — Continuous evaluation and improvement
  • Annual penetration tests — External security assessments

Our Certifications

Detailed overview of all certifications and compliance frameworks that Onesurance pursues and adheres to.

In Progress

ISO 27001

Status: ISMS fully operational, external certification Q2 2026

Scope: Information security management system

Annex A: 14 categories compliant

Audits: Semi-annual internal

Information security policies, organisation of information security, asset management and access control. All organisational controls are defined, implemented and periodically reviewed.

Screening, terms of employment, security awareness training and disciplinary processes. All employees complete a security awareness programme and receive periodic training.

Physical security is ensured through Microsoft Azure data centres (ISO 27001 certified) with 24/7 surveillance, biometric access control and environmental management.

Encryption (AES-256 at-rest, TLS 1.3 in-transit), network segmentation, vulnerability management, logging and monitoring. All technological controls are continuously monitored via Azure Security Center.

Compliant

GDPR Compliance

Status: Fully compliant since inception

DPO appointed: Menno Kooistra

Data Processing Agreement: DPA available for all clients

DPIAs: Conducted for all high-risk processing activities

Register: Record of processing activities maintained and up to date

Compliant

DORA

Status: All 5 pillars implemented

Sector: Specific to the insurance industry

  • ICT risk management
  • Incident reporting
  • Digital operational resilience
  • Third-party ICT risk management
  • Information sharing
Monitoring

EU AI Act

AI systems classification: Limited / Minimal Risk

Design: Human-in-the-loop design

Status: Preparing for full compliance

  • AI systems classified by risk level
  • Transparency requirements implemented
  • Human oversight in all AI processes

Audit Planning

Overview of our planned and completed audits and security assessments.

Type Frequency Last Next
Internal audit Semi-annually Q4 2025 Q2 2026
Penetration test Annually Q4 2026
DPIA On change 06-11-2024 Scheduled
DR test Annually Q2 2026

Questions About Our Certifications?

Our Data Protection Officer is happy to assist you with questions about certifications, audits or compliance.

General support: support@onesurance.ai
DPO Email: dpo@onesurance.ai (DPO — Menno Kooistra)
Phone: +31 6 13 27 01 44 (Onesurance Support)
Contact Our DPO →