Compliance shouldn't stop your migration.

Keystone Migrate is built for regulated insurance environments. Your data stays in your environment. Your regulator gets the evidence they need. Your CISO gets the architecture review they expect.

Book a security-focused discussion

How data flows -- and where it stays.

Your Environment

  • • Databricks lakehouse
  • • Policy data
  • • Claims data
  • • Underwriting data

Keystone Control Plane

  • • Orchestration
  • • Validation
  • • Reconciliation

Evidence Outputs

  • • Reconciliation reports
  • • Audit trails
  • • Regulatory docs
↓ Commands IN (dashed)
↑ Metadata OUT (dashed)
Policy data, claims data, and underwriting data NEVER leave your security perimeter.

Keystone Migrate processes your data in-situ within your Databricks lakehouse. The control plane sends migration instructions and validation rules into your environment. What comes back is metadata: validation results, reconciliation status, and error reports. Your policy data, claims data, and underwriting data remain within your security perimeter at all times.

Our data handling principles.

Customer data stays in the customer's environment.

We do not replicate, cache, or store your policy, claims, or underwriting data in Keystone infrastructure. Your Databricks lakehouse is the single source of truth.

Access is audited and time-limited.

Keystone's connection to your environment is established via secure, audited channels. Access is granted for specific migration activities, logged in full, and revoked when the activity completes.

You control the perimeter.

Your network controls determine what Keystone can access. We work within your security policies, not around them. If your policy requires VPN, we use VPN. If your policy requires IP allowlisting, we provide static IPs.

Access control and audit.

Keystone Migrate implements role-based access control (RBAC) for all platform users. Every action -- every query, every migration rule change, every data access event -- is logged with user identity, timestamp, and action detail. Audit logs are immutable and exportable for your compliance review.

Roles

Migration administrators, migration operators, read-only viewers. Roles are configurable per engagement.

Session management

Sessions are time-limited with automatic expiry. Multi-factor authentication supported.

Audit trail

Full audit trail of every action. Exportable in standard formats for compliance review.

Regulatory compliance built in.

We remove regulatory blockers.

UK/EU

Solvency II

Migration evidence packs include the documentation your Solvency II reporting requires. Reserve calculations are reconciled and verified before cutover.

FCA

Keystone maintains audit trails that satisfy FCA data integrity requirements. Your compliance team gets exportable evidence.

GDPR

Personal data within your policy book is processed in-situ within your environment. Keystone does not transfer personal data outside your security perimeter.

US

State-level insurance regulation

Keystone's evidence packs adapt to state-specific requirements. NAIC model law compliance documented.

NYDFS 23 NYCRR 500

For NY-domiciled insurers, Keystone supports the cybersecurity regulation's data handling and audit requirements.

Australia

APRA prudential standards

CPS 234 (information security), CPS 230 (operational risk). Keystone's in-situ architecture aligns with APRA's expectations for data handling by third-party providers.

Incident response.

Keystone maintains a documented incident response process covering detection, triage, containment, resolution, and communication. In the event of a security incident affecting a customer engagement, we commit to notification within 72 hours and a full incident report within 5 business days, subject to SLA agreement.

Certifications and standards.

We believe in transparency about where we are and where we're heading.

CertificationStatusTarget Date
Cyber Essentials Plus
In progress
Q2 2026
ISO 27001
Planned
Q3 2026
SOC 2 Type II
Planned
2027

Security documentation.

Data Processing Agreement

Download our Data Processing Agreement template.

Security Pack (NDA-gated)

Request our detailed security whitepaper and sub-processor list. We'll respond within 2 business days with our NDA for execution.

We'll respond within 2 business days with our NDA for execution.

Help us prepare the right materials for your review

Questions about our security posture?

We welcome security-focused conversations. Our team can walk through our architecture, data handling practices, and compliance approach in detail.

Book a security discussion