StartArchitecture And Security
PortiQ – Architecture & Security

Technical overview for
IT architects & security officers

Digital sovereignty is not a buzzword, but a
prerequisite for organizations with high responsibility.

This page is intended for:

DevOps / platform teams

IT architects

Security & compliance

Technical project managers

Core concept
of the PortiQ architecture

PortiQ is a modular platform for digital decision and approval processes.
The focus is not on BPMN modeling or data migration, but on:

Decision logic

Traceability

Governance

audit-proof documentation

Important: Workflows are modeled top-down from the decision – not bottom-up from data models.

Deploymentvariants

PortiQ is offered with identical architecture in different deployment models.

ComponentOn-premiseManaged CloudSaaS
InfrastructureFully under own controlCustomer-specifically managedStandardized
UpdatesResponsible internallyBy provider with SLA supportAutomated
NetworkInternal accessVPN/DMZ possiblePublic endpoints
SecurityIAM/AD/LDAP directly connectedIAM + providerStandard IAM

PortiQ Start / Extended (SaaS)

Typical deployment scenarios:

  • Quick start
  • Standardized operational processes
  • Lower entry barriers

Features:

  • Operation in secured cloud environment
  • Multi-tenant capable
  • Standardizede Update- & Wartungsprozesse
  • Same functional capabilities as on-prem
Buy now

PortiQ Local (On-premise)

Typical deployment scenarios:

  • High protection needs
  • Regulatory restrictions
  • Full data sovereignty required

Features:

  • Operation in own data center
  • Operation on VM or container infrastructure
  • Network access fully under customer control
  • Integration into existing IAM and security infrastructure
Inquire now

Logical system architecture

PortiQ is built in clearly separated layers.

Frontend / UI layer

  • Browser-based (no client installation)
  • Role-based user interface
  • Configuration of workflows & templates directly in the UI
  • Operable by departments within defined governance

Workflow & decision engine

  • Rule-based decision logic
  • States, escalations, versioning
  • Freely configurable (no BPMN requirement)
  • Multi-stage approvals
  • Mapping of parallel and sequential decisions

Governance & rule engine layer

  • Definition of responsibilities
  • Roles & permissions
  • Approval and escalation rules
  • Separation of configuration and execution
  • Change traceability

Signature & approval layer

  • Abstraction layer for signatures
  • Support for simple, advanced, and qualified signatures
  • Integration of external remote signature services
  • Optionaler Einsatz lokaler QSCD / HSM-Infrastructureen
  • Signature type depending on the respective use case

Audit & documentation layer

  • Complete logging of all decisions
  • Wer / wann / was / warum
  • Immutable decision logs
  • Basis for revision & audit
  • Separation of business decisions and technical execution

Integration layer

  • REST APIs
  • Webhooks
  • File-based integration
  • Step-by-step connection of external systems possible
  • No complete migration required

Persistence & storage

Storage of:

  • Documents
  • Metadata
  • Decision logs
  • Separation of business data and audit information
  • Encryption at storage level possible (depending on operation)

Authentication & identity

Typical connected systems:

  • Active Directory / LDAP
  • SAML 2.0
  • OAuth2 / OpenID Connect
  • Internal user management (optional)

Role-based access concept (RBAC):

  • Separation of business users, configuration, administration
  • Granular permissions at workflow, template, and decision level

Operation & resources

Example for a medium installation:

  • 4–8 vCPU
  • 8–16 GB RAM
  • Storage depending on document volume
  • Network: HTTPS (Port 443) + Integrationsendpoints

Scaling:

  • horizontally possible (depending on deployment)
  • suitable from mid-sized companies to large organizations

AI modules (optional)

PortiQ works completely without AI

  • AI modules serve exclusively for decision support
  • No automatic decision-making
  • Humans remain the final authority
  • AI usage is configurable and can be deactivated

Platform architecture
& Operations

Integrations

Typical connected systems:

  • ERP (e.g. SAP)
  • DMS / ECM
  • Specialized applications
  • File shares
  • Email systems (SMTP)
  • Signature services (remote signature, QSCD)

Integration takes place:

  • synchronously or asynchronously
  • via APIs or events
  • step by step, without big-bang migration

Security

Technische Securitysmechanismen umfassen u. a.:

  • TLS-secured communication
  • Role- and permission-based access
  • Separation of business logic and administration
  • Traceable configuration changes
  • Audit logs for all decision-relevant actions
  • Support for storage encryption

Important: Security is not an add-on, but an integral part of the architecture.

Typical architecture questions

Do all data need to be migrated?


No. PortiQ works top-down and integrates existing systems step by step

Can departments configure workflows themselves?


Yes, within defined governance rules.

Is PortiQ audit-capable?


Yes. Decisions are fully documented and traceable.

Is a later switch between SaaS and on-prem possible?


Yes, since the architecture and logic are identical.

TECHNICAL CONSULTATION

Discuss architecture & integration with an expert

Focus: existing system landscape, security requirements, and operations.

Book a conversation now