Architecture Overview · Security & Trust

AMP Platform Architecture

High-level deployment architecture for public-sector security review. Detailed implementation specifications available under NDA for qualified procurement engagements.

Hosted on Microsoft Azure US Data Residency

Request Security Documentation →

Deployment Overview

How AMP Deploys

Azure-Native Infrastructure

AMP is deployed on Microsoft Azure App Service with Azure SQL Database, Blob Storage, and Key Vault. All data resides in US Azure regions.

Microsoft Entra ID Authentication

All user authentication flows through Microsoft Entra ID (formerly Azure AD). SSO, MFA, and conditional access policies are supported natively.

Role-Based Access Control

Permissions are enforced at the application layer using role-based access control. Agency administrators manage user roles and access scopes.

Deployment Architecture

Representative high-level architecture. Sensitive implementation details are not publicly disclosed.

Layer 1 — Users

Agency Staff

PM Teams

Executive Users

Field Inspectors

Layer 2 — Authentication

Microsoft Entra ID

Single Sign-On · MFA · Conditional Access · RBAC

Layer 3 — Application

AMP Essentials PMIS

SharePoint Online / Cloud SaaS

Project controls, RFIs, submittals, change orders, risk, compliance, reporting

AMP Insight

Intelligence Platform

Asset risk, capital planning, executive analytics, AI advisory, regulatory compliance

Layer 4 — Azure Infrastructure

Microsoft Azure — US Data Residency

Azure App Service

Azure SQL Database

Blob Storage

Key Vault

TLS 1.3 Encryption

Full Audit Log

Azure Monitor

Backup & Recovery

Layer 5 — Optional Integrations

Optional Integrations

GIS / ArcGIS

CMMS

ERP / Finance

Power BI

SharePoint Online

IoT / SCADA

Procore

M365

High-level reference. Detailed data flow diagrams and implementation specifications are available under NDA for qualified procurement engagements.

Security Controls

Security Controls Summary

Transport Security

TLS 1.3 enforced for all data in transit. No unencrypted connections permitted.

Data at Rest

Azure SQL Transparent Data Encryption (TDE). Blob Storage encrypted at rest with AES-256.

Access Control

Role-based access control enforced at application and database layers. Principle of least privilege applied.

Authentication

Microsoft Entra ID SSO with MFA support. Conditional access policies configurable per agency.

Audit Trail

Full write audit log maintained for all data mutations. Tamper-resistant log storage. Available for agency review.

US Data Residency

All data stored in US Azure regions. No cross-border data transfer without explicit agency authorization.

Key Management

Secrets and connection strings managed in Azure Key Vault. No credentials stored in code or configuration files.

Incident Response

Defined incident response process. Agency notification SLA documented. Available under NDA.

Data Governance

Data Ownership & Boundaries

Category	AMP Commitment	Notes
Agency data ownership	Agency retains full ownership	AMP holds no license to agency data
Data portability	Full export available on request	Standard formats (CSV, JSON, SharePoint)
Third-party sharing	Never without written consent	No advertising, analytics, or data brokers
AI model training	Agency data never used	No public model training on client data
Data retention	Per agency policy	Configurable retention schedules
Data deletion	On contract termination	Confirmed deletion certificate available

Get More Detail

Need More Detail?

Request Security Packet

Full security documentation including data flow diagrams, access control model, incident response summary, and procurement language.

Request Security Documentation →

Schedule Architecture Review

For qualified procurement engagements, AMP can provide a detailed architecture review with your IT and security team.

Book a Meeting →

AMP Platform Architecture Overview — Representative high-level reference. Last updated June 2026. Detailed implementation specifications, data flow diagrams, and security artifacts available under NDA for qualified procurement engagements.