Deployment Documentation v4.2

SystemArchitecture

Assuranta is engineered for environments where data sovereignty is an absolute requirement. Through an isolated microservice architecture, we ensure full control over regulatory data flows.

Protected Customer Perimeter (VPC/LAN) Assuranta Core Docker Engine Data Layer PostgreSQL Internal User

Interactive Guide

Hover over the components in the architecture diagram to explore data isolation and technical connectivity points.

Logical Workflow

The Compliance Chain

How infrastructure translates into operational value. Assuranta automates handovers between the bank's lines of defense. An integrated workflow tying all modules together.

Step 01

BIA & Tiering

Classifies criticality and automatically establishes RTO/RPO requirements based on business value.

Step 02

Security Req

Generates mandatory technical requirements (SRD) based on selected protection class. Security by Design.

Step 03

Control Map

Maps executed controls against DORA and NIS2 in a Unified Framework. Map once, comply many.

Step 04

Risk Quant

Converts technical flaws into financial exposure (ALE) according to the FAIR model for executive management.

Step 05

Approval

Final business decision (NPAP) with built-in veto right for Compliance, Risk, Security, and Legal.

Infrastructure & Execution

Assuranta is delivered as a pre-configured Docker stack, enabling immediate and consistent deployment regardless of underlying hardware. We recommend a hardened Linux or Ubuntu Server (LTS) as the host system.

  • 01 Container isolation via Namespace & Cgroups.
  • 02 Minimized attack surface (Distroless runtime).
  • 03 Stateless execution for high availability.

Data Sovereignty & Storage

Unlike traditional GRC tools, Assuranta does not require a cloud-based database. All regulatory information is stored in a customer-owned PostgreSQL instance.

  • >> Transparent Data Encryption (TDE).
  • >> Row-Level Security for multi-tenant environments.
  • >> Complete audit logging at the transaction level.

Network & Security

Communication between clients and containers occurs via encrypted tunnels (TLS 1.3). For banks and financial institutions, we support integration with internal HSM modules for advanced key management.

Immutable Audit Anchor

Every step in The Compliance Chain above, as well as every configuration change, is logged via Atomic Batch Writes.

This guarantees Non-repudiation; no decision can subsequently be denied or hidden during an inspection by supervisory authorities under DORA.