Trust
Security
Arbiter's security posture, certifications and responsible disclosure programme.
Coming soon. This page will be expanded as certifications progress. Email us with any security questions.
Certifications and audits
- SOC 2 Type II: in progress. The controls are in place; the audit observation window has not yet started.
- ISO 27001: planned following SOC 2 completion.
Infrastructure
- All services hosted in the EU (Ireland).
- Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Per-tenant isolation at the RADIUS, database and key-management layers.
- High-availability deployment with automated failover.
- Dependency and container image scanning in CI.
- Regular penetration testing by an independent third party.
Authentication and access control
- Dashboard access requires MFA.
- All administrative actions are audit-logged.
- API keys are scoped, rotatable and revocable per tenant.
Responsible disclosure
If you believe you have found a security vulnerability in Arbiter, please email security@arbiter.ie. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours. Please do not disclose publicly until we have had a reasonable opportunity to respond.
Last updated May 2026. For questions about this page, contact security@arbiter.ie.