Infrastructure & Architecture

Our entire infrastructure runs on Microsoft Azure West-Europe, with 100% EU data residency and enterprise-grade security for the insurance industry.

Infrastructure at a Glance

  • Azure West-Europe exclusively — All services run in the Azure West-Europe region
  • 100% EU data residency — No data leaves the European Union
  • Multi-zone deployment — Redundancy across multiple availability zones
  • PaaS architecture — Fully managed platform services for maximum security

Azure Infrastructure

Our entire infrastructure is hosted in the Azure West-Europe region (Netherlands). We use a PaaS architecture, where Microsoft is responsible for managing the underlying hardware and operating system.

Compute & Processing

  • Azure SQL Database — Fully managed relational database with built-in high availability and automatic backups
  • Azure Machine Learning — Secure ML environment for model training and inference within the EU
  • Python runtime — Application logic and data pipelines built in Python on Azure-managed compute

Storage

  • Azure Storage Account — Encrypted object storage (AES-256) for files and datasets, with access control via Shared Access Signatures and RBAC

Network

  • Azure Virtual Network (VNet) — Isolated network environment with private endpoints for all services
  • Network Security Groups (NSG) — Strict inbound and outbound traffic rules at network and subnet level
  • Azure DDoS Protection — Automatic detection and mitigation of volumetric and protocol attacks

Data Centre

  • Multi-zone deployment — Services distributed across multiple availability zones for maximum resilience
  • ISO 27001 certified data centres — Microsoft Azure data centres are ISO 27001, SOC 2 and C5 certified

Data Flow

All data passes through a structured pipeline from input to output. Every step is secured with TLS 1.3 and includes validation and privacy measures.

Step 1 — Input Sources

  • Direct database connection — Secure connection to client source databases via encrypted channels
  • Manual upload — Secure file upload via the portal with validation and virus scanning

Step 2 — Processing Pipeline

  • DBT validation — Automated data validation and transformation via DBT (Data Build Tool) with built-in quality checks
  • ML models — Machine learning models for analysis and prediction, trained on anonymised data
  • Privacy measures — Pseudonymisation (SHA-256) and data minimisation are applied before processing

Step 3 — Output Destinations

  • Portal — Secure web portal with MFA protection for clients to view results
  • API — RESTful API with OAuth 2.0 authentication for automated integrations

End-to-end encryption

All communication between the above steps is secured with TLS 1.3. Data is encrypted both in transit and at rest.

Security Measures

Multiple security layers protect our infrastructure against unauthorised access, data loss and cyber attacks.

Network Security

  • Network Security Groups (NSG) — Strict firewall rules that only allow necessary traffic at network and subnet level

Encryption

  • AES-256 at rest — All stored data encrypted with AES-256 via Azure Storage Service Encryption
  • TLS 1.3 in transit — All communication secured with the latest transport protocol
  • Transparent Data Encryption (TDE) — Database encryption active on all Azure SQL databases

Identity & Access

  • Multi-Factor Authentication (MFA) — Mandatory for all employees and administrator accounts via Microsoft Entra ID
  • Role-Based Access Control (RBAC) — Least privilege principle with quarterly access reviews

Monitoring & Detection

  • 24/7 Azure Monitor & Security Center — Real-time monitoring of all infrastructure components and security events

Backup & Recovery

  • Daily backups — Automatic daily backups of all databases and files
  • 30-day retention — Backups retained for 30 days for point-in-time recovery

Monitoring & Performance

We continuously monitor our infrastructure to ensure optimal performance and availability for our clients in the insurance industry.

Continuous Monitoring

  • 24/7 monitoring — Azure Monitor and Security Center monitor all services, networks and endpoints in real time
  • Proactive alerting — Automated notifications for anomalous patterns, performance degradation and security events

Availability

  • 95% uptime SLA — Guaranteed availability during business hours (Monday to Friday 08:30-17:30 CET)

Disaster Recovery

  • RTO: 24 hours — Recovery Time Objective of maximum 24 hours following a disaster
  • RPO: ~10 minutes — Recovery Point Objective of approximately 10 minutes thanks to transaction log backups every 10 minutes

Technical Specifications

Overview of our infrastructure components and configuration.

Category Component Details
ComputeAzure SQL, Azure ML, PythonPaaS-managed services in West-Europe region
StorageAzure Storage AccountAES-256 encrypted, RBAC access control
NetworkVNet, NSG, DDoS ProtectionIsolated network with private endpoints and TLS 1.3
BackupDaily backups30-day retention, RPO ~10 min (transaction logs)
MonitoringAzure Monitor, Security Center24/7 real-time monitoring with proactive alerting

Questions About Our Infrastructure?

Our Data Protection Officer is happy to assist you with questions about security, compliance or privacy.

General Support: support@onesurance.ai
DPO Email: dpo@onesurance.ai (DPO — Menno Kooistra)
Phone: +31 6 13 27 01 44 (Onesurance Support)
Contact Our DPO →