OneMore Secure (OMS) and its affiliates respect your security and privacy. We place great importance on protecting the data in our services. This security measures describes your rights to privacy and our commitment to protecting your personal data. All major privacy decisions at OneMore Secure are made at management level.
Who we are
"OneMore Secure” means OneMore Secure AB which is a Swedish registered company (Org nr 559389-1764).
OneMore Secure helps businesses throughout Europe become better at Cyber Security. The company develops and sells digital products as "Supply Chain Security". OneMore Secure was founded in 2022 and has an office in Stockholm, Sweden.
Executive summary
OMS is a cloud-native cybersecurity platform designed to manage supply chain cyber risks while supporting compliance with NIS2, GDPR and the EU AI Act. The system is built on Microsoft Azure using a Service-Oriented Architecture and applies a defence-in-depth security model across infrastructure, application, and DevSecOps layers.
Overall security maturity is strong and appropriate for regulated European SaaS environments.
Key Security Strengths
Data Protection by Design
Dual-database architecture separates system data from customer data.
Transparent Data Encryption (TDE) protects data, backups, and logs.
TLS enforced for all communications.
Argon2 password hashing implemented.
Identity & Access Governance
JWT-based authentication with optional 2FA.
Strict role-based access control (Admin, Auditor, Client).
All secrets stored in Azure Key Vault with RBAC enforcement.
Infrastructure & Environment Security
Fully isolated Dev, Staging, and Production environments.
Deny-by-default network policies for Key Vault and Storage.
SQL firewall IP allowlisting.
DevSecOps & Vulnerability Management
Controlled CI/CD promotion with approval gates through stating to production.
Dependency scanning (Dependabot, OWASP tools).
OWASP Top 10 (2025) risk coverage with automated and manual testing.
Technology stack
Our application relies on a well-established stack of technologies to deliver robust performance and security:
Backend & REST API: .Net Core framework provides a structured approach to building web applications, allowing for efficient development and maintenance.
Frontend Framework: Next.js is used for web forms and dynamic web applications, contributing to the interactive elements of our system.
Hosting Platform: Azure Web App for all web services.
Database: We utilize Azure SQL Database for data storage and retrieval, ensuring data integrity and reliability.
Multi-Factor Authentication (MFA)
Our application incorporates Multi-Factor Authentication (MFA) to bolster user account security. One of the MFA methods employed is Microsoft or Google Authenticator, which requires users to provide a one-time code in addition to their password for authentication. This adds an extra layer of protection against unauthorized access.
HTTPS (SSL/TLS) for Secure Communication
To secure data during transit, we use HTTPS (SSL/TLS). This cryptographic protocol ensures that data exchanged between the user's browser and our servers remains encrypted and protected from eavesdropping.
Database Encryption for Data-at-Rest Security
We take data security seriously and employ database encryption to protect data at rest. This means that even if someone gains access to our database, the data will remain encrypted and unreadable without the proper decryption keys.
Encryption: SHA256 on data in transit and AES256 on data at rest.
HTTP Security Headers
Our application leverages various HTTP security headers to enhance security:
Content-Security-Policy: This header defines the content sources allowed for our web pages, mitigating the risk of cross-site scripting (XSS) attacks.
Strict-Transport-Security: By enforcing HTTPS, we prevent man-in-the-middle attacks and secure communications between the client and server.
X-Content-Type-Options: This header prevents browsers from interpreting files as something else than declared by the content type, reducing the risk of certain attacks.
Referrer-Policy: This header controls what information is included in the Referrer header when navigating from one page to another.
Permissions-Policy: We specify permissions for various browser features, ensuring a higher level of control over how our application interacts with the user's device.
X-Frame-Options: This header helps prevent clickjacking attacks by specifying whether a browser should be allowed to render a page in a frame, iframe, embed, or object.
Deployment Architecture
Our application is deployed on Azure, a Microsoft cloud platform. Azure provides scalability, reliability, and security, which are crucial for our system's performance.
Virtual Machine (VM) in Azure
o Operating system: Windows Server 2019 Datacenter
o Location: Sweden Central
o The virtual server can only be accessed from whitelisted IP addresses
Summary
The OMS application follows the Service-Oriented Architecture (SOA) model to ensure scalability, flexibility, and modularity. With Next.js as the frontend framework, ASP.NET Core 9.0 for the backend, and Azure SQL Database for data storage, the architecture maintains a clean separation of concerns. Secure file storage is achieved via Azure Blob Storage, secret management via Azure Key Vault, and all services are deployed and scaled on Microsoft Azure.
Certification
OneMore Secure is certified according to SSF 1101 Cybersecurity. The certificate is valid until 2026-10-22.
Additional information
For more about Data Protection Agreement, see OneMore SecuresDPA.
For more about Terms & conditions, see OneMore SecuresTerms & Conditions.
This is how you contact us
Feel free to contact us if you have any questions about our privacy policy:
