We’re proud to announce that Arlo has been awarded SOC 2 compliance, after recently completing our SOC 2 Type 2 Audit. This achievement demonstrates our ongoing commitment to protecting customer data and delivering a platform that training providers can trust.
This milestone also coincides with the recent launch of our new Arlo Trust Center, a central hub where customers and prospects can access our up-to-date security policies, privacy practices, and request reports including SOC 2, PCI DSS, and GDPR compliance documentation.
Achieving SOC 2 required months of preparation and continuous monitoring. The process brought together not just our security team, but engineering, operations, and compliance functions across Arlo.
What is SOC 2?
SOC 2 is a globally recognized framework that evaluates how companies manage customer data. It focuses on principles such as security, availability, processing integrity, confidentiality, and privacy.
Security has always been fundamental to Arlo. Earlier in 2025, we completed our SOC 2 Type 1 audit, which confirmed that our security controls were designed effectively. The Type 2 audit goes further, it verifies that those controls are not just designed, but consistently followed and maintained over time.
It validates that Arlo’s security framework is operationally reliable and independently verified, giving peace of mind during procurement and ongoing use of the platform.
What this means for Arlo customers
SOC 2 is more than a compliance checkbox, it’s a reflection of our ongoing investment in security, resilience, and transparency.
Here’s what it means in practice:
- Independent validation: Third-party auditors confirmed Arlo’s security practices are consistently applied.
- Transparency: The Trust Center provides a central place to request SOC 2 reports, PCI DSS information, and GDPR compliance details
- Resilience: 99.99% uptime over the past three years, backed by multi-region hosting and disaster recovery planning
- Secure access: Enterprise-grade authentication, Single Sign-On (SSO), and multi-factor authentication options
- Privacy-first approach: GDPR-aligned policies and customer control over data hosting regions (US, Canada, Ireland, Australia)
SOC 2 marks another step in Arlo’s mission to provide training providers with a platform that’s secure, resilient, and trusted worldwide. We’re proud of this achievement, but more importantly, we’re proud of what it means for the customers who rely on Arlo every day to run their training businesses.
All New Trust Center
Our new Arlo Trust Center is live and ready for you to visit! For training providers, security reviews and procurement cycles can slow down growth and your ability to implement new technologies. The Trust Center gives your teams and stakeholders the information they need up front. Save time, reduce friction, and build confidence that Arlo is a partner you can rely on.
Inside, you’ll find:
- On-demand access to Arlo’s SOC 2 attestation, PCI DSS compliance documentation, GDPR processes and more.
- Clear visibility into our policies and practices. From data protection to incident response, so you know exactly how your information (and you customers) is safeguarded
- A living hub that’s continuously updated with the latest audits, standards, and security FAQs, so you’re always working with up-to-date information
- Request attestation confirmations or full reports to meet your own procurement and compliance needs without delays
Visit the Arlo Trust Center today to see how we’re raising the bar on transparency and making security accessible to everyone.
Words from our CISO, Andrew Thompson
We sat down with Andrew Thompson, Arlo’s Chief Information Security Officer (CISO), to get insights into the process, what SOC 2 means to him personally, and how it will benefit Arlo and our Customers.
Q: Why should customers care about SOC 2 Type 2?
Andrew: “Trust is so important in a commercial relationship, especially when you’re entrusted to handle your customer’s customer data. Arlo has always worked very hard to make sure our application is secure and that customers can trust us, so getting externally verified and having our SOC 2 Type 2 is crucial in building that trust and proves we do what we say we do.”
Q: What steps did Arlo take internally to prepare for and complete the audit?
Andrew: “Arlo already had a strong IT Management System (ITMS), but it was managed through files, folders, and spreadsheets. We set out to look for a modern compliance management system, which ended up being Vanta. Once integrated, we could clearly see the volume of work required to become compliant and plan accordingly.”
Q: How did the security team and wider company contribute?
Andrew: “The security team did the bulk of the work reviewing vendors, auditing our cloud infrastructure, conducting risk assessments, and remediating findings. But it wasn’t just a security exercise. Leadership made sure teams understood their obligations, and our People and Culture team played a big role — which is only apt, as security should be people-focused just as much as technology.”
Q: How will customers see these improvements in practice?
Andrew: “Shifting left improves efficiency in delivering a quality product. Security no longer becomes the gatekeeper but an enabler of product and engineering teams, all while maintaining the same standards that helped us achieve SOC 2 Type 2 in the first place.”
Q: What’s next for Arlo’s security roadmap?
Andrew: “The immediate focus is embedding these processes into our ongoing BAU. Achieving the attestation is not a once-and-done process, it’s a framework for continual improvement. Over the next year, we’ll keep strengthening our security posture while making what we do more efficient. A big part of that is ‘shifting left’ — tasking the entire Arlo team, not just security and leadership, to take ownership earlier in the process.”
Q: What did achieving SOC 2 Type 2 mean to you personally as Arlo’s CISO?
Andrew: “Security and privacy is one of those areas that you hope to remain invisible — if you’re doing a good job, it shouldn’t be something that gets called out too often. So to put in such a large amount of work and for that to be seen by not only the rest of the team at Arlo, but now our customers, it fills me with immense pride. I know that the work put in over the last nine months will have positive ramifications on the business for a long time to come.”
Let’s talk training management
Book a time with our expert team for a personalized tour, we’ll show you how Arlo helps you run a training platform that both you and your learners will love, with the peace of mind that your data is protected to the highest standards.
Happy training!
The Team at Arlo