Trust

Security

Arbiter's security posture, certifications and responsible disclosure programme.

Coming soon. This page will be expanded as certifications progress. Email us with any security questions.

Certifications and audits

  • SOC 2 Type II: in progress. The controls are in place; the audit observation window has not yet started.
  • ISO 27001: planned following SOC 2 completion.

Infrastructure

  • All services hosted in the EU (Ireland).
  • Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Per-tenant isolation at the RADIUS, database and key-management layers.
  • High-availability deployment with automated failover.
  • Dependency and container image scanning in CI.
  • Regular penetration testing by an independent third party.

Authentication and access control

  • Dashboard access requires MFA.
  • All administrative actions are audit-logged.
  • API keys are scoped, rotatable and revocable per tenant.

Responsible disclosure

If you believe you have found a security vulnerability in Arbiter, please email security@arbiter.ie. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours. Please do not disclose publicly until we have had a reasonable opportunity to respond.

Last updated May 2026. For questions about this page, contact security@arbiter.ie.