It has been claimed that continuous assurance can be attained by combining continuous monitoring by management, with continuous auditing of data streams and the effectiveness of internal controls by an external auditor. However, we find that in existing literature the final step to continuous assurance has been left unexplained. In this paper we propose an architecture and procedure for attaining continuous assurance. It consists of a dashboard architecture collecting results of continuous monitoring and continuous auditing, combined with a report generator and workflow system that is able to generate an official assurance report, when required. The proposal is motivated by a case study of a platform for monitoring the security of healthcare Apps. The case indicates that the proposal would be technically and legally feasible. Economic viability has not been investigated.