Security and Compliance at Atlar
When finance teams choose a treasury platform, particularly one with AI built in, they're choosing a partner to trust with some of the most sensitive data in the organization. Companies like Mangopay, Tide, Trustly, and Zilch have stringent security requirements, and earning their trust means independently verified controls that hold up to scrutiny.
Atlar is both ISO 27001:2022 certified and SOC 2 Type 2 compliant. Our Trust Center has the full documentation.
Why SOC 2 Type 2 matters
For finance and IT teams evaluating vendors, SOC 2 (System and Organization Controls 2) compliance is often a baseline expectation. The distinction worth noting is between Type 1 and Type 2: a Type 1 report assesses whether controls are designed appropriately at a single point in time, while a Type 2 report evaluates whether those controls actually work, consistently, over six to twelve months.
In practical terms, our SOC 2 Type 2 report means an independent auditor has examined how we protect your data—and confirmed we do what we say we do.
How we approach security
We operate on a zero-trust model—no location is treated as inherently trusted, including our own office. Atlar runs on Amazon Web Services in Europe, with strict network segmentation and encryption at rest and in transit. Vulnerability scanning runs continuously, and our security team is staffed to respond to incidents around the clock.
Our security hub has more detail, and you can check real-time platform status on our status page.
Security features in the platform
The Atlar platform also gives customers direct control over their own security posture:
- Role-based access control (RBAC). Assign permissions by job function so users can access only what they need.
- Approval chains. Require multi-step sign-off on sensitive actions—particularly payments—configured to match your internal policies.
- Single sign-on (SSO). SAML 2.0-based SSO with Google Workspace, Microsoft Entra ID, Okta, AWS IAM Identity Center, and others.
- Multi-factor authentication (MFA). Enforce MFA at login and on sensitive operations like payment approvals.
- Audit trails. Complete logs of every user and system action, always available for review.
AI with the same safeguards
Atlar Intelligence, the AI layer embedded across the platform, is held to the same security standards as everything else. Customer data is never used to train models. All processing runs on AWS in Europe, so your data never leaves Atlar's environment. And the assistant can only surface information that the user already has permission to access.
In short: the AI is designed to be useful without compromising the trust you've placed in us.
Certifications and regulatory alignment
Atlar's certifications and controls:
- ISO 27001:2022. The international standard for information security management.
- SOC 2 Type 2. Independent verification that our controls work over time.
- GDPR. Data protection practices aligned with European regulations.
- DORA. Controls aligned with EU requirements for financial sector resilience.
We also commission external penetration testing annually.
Questions?
If you'd like to discuss our security practices or need specific documentation for a vendor review, our team is happy to help.
_NEF-EDIT.jpg)
You can unsubscribe anytime.
Most recent
