TRUST CENTER - OVERVIEW

Onesurance & Compliance Overview
Last updated: December 2024

About Onesurance

Onesurance innovative SaaS solutions for the insurance industry and uses advanced technology to streamline insurance processes and improve operational efficiency. We serve insurance companies throughout the European Union with secure, compliant, and reliable cloud-based services.

Our Commitment to Security

At Onesurance , information security Onesurance fundamental to everything we do. We recognize that our customers in the insurance industry entrust us with sensitive and confidential data, and we take this responsibility seriously.

Our security approach is based on three core principles:

• Confidentiality: We protect sensitive and personal information from unauthorized access or disclosure through robust access controls, encryption, and continuous monitoring.

• Integrity: We ensure that information remains accurate, complete, and unaltered through systematic checks and validation processes.

• Availability: We maintain high availability of information and systems through redundant infrastructure, business continuity planning, and proactive monitoring.

We take a risk-based approach to information security, continuously identifying, assessing, and addressing security risks to maintain the appropriate level of protection. Our Information Security Management System (ISMS) is designed to adapt to evolving threats while complying with the most stringent regulatory requirements.

Key Security Features:

• ISO 27001 certification planned for Q1 2026
• Full GDPR compliance with dedicated Data Protection Officer (DPO)
• DORA (Digital Operational Resilience Act) compliant for insurance sector requirements
• EU AI Act compliant practices for machine learning operations
• Data hosted exclusively within Azure West Europe (Netherlands)
• Multi-layered security controls including AES-256 encryption at rest and TLS 1.3 during transport
• Regular security audits, risk assessments, and continuous improvement processes
• 24/7 security monitoring and incident response capabilities
• Comprehensive security awareness program for employees
• 99.9% uptime SLA with multi-availability zone redundancy

For Customers in the Insurance Sector:

We understand the unique regulatory and operational requirements of the insurance industry. Our security framework specifically focuses on:

• DORA compliance for digital operational resilience
• Strict data protection standards for policyholder and claim data
• Reporting capabilities for regulations in line with EU insurance directives
• Business continuity and disaster recovery specifically designed for critical insurance operations
• Transparent third-party risk management with full disclosure of sub-processors

Security governance:

Information security at Onesurance led by our co-founders with executive oversight, supported by our dedicated Data Protection Officer and cross-functional Governance, Risk, and Compliance (GRC) team. Every employee undergoes security awareness training during onboarding and regularly throughout their employment, ensuring a security-conscious culture throughout the organization.

We regularly conduct internal audits, management reviews, and continuous monitoring to evaluate the effectiveness of our security controls. Our policy framework is reviewed annually and updated when significant changes occur in our business, technology, or regulatory environment.

Continuous Improvement:

Security is not a destination but a journey. We continuously monitor security incidents, conduct risk assessments, and update our controls to address emerging threats. Our commitment to continuous improvement ensures that we maintain the highest standards of information security while adapting to the evolving threat landscape.

Contact:

For security questions: onesurance
For compliance questions: onesurance
For privacy and data protection: onesurance
For general support: onesurance

Last updated: December 2024
Onesurance .V. | Breda, Netherlands | Chamber of Commerce: 87521997