Security
Security and trust for regulated trade insurance.
Meridian handles company, contract, payment, supplier and KYC information. Security must be visible in the product and embedded in the architecture.
Controls
Core security principles.
These are public-facing statements aligned with the future technical roadmap and compliance workflows.
Control
Identity & Access
Role-based access for buyers, suppliers, brokers, underwriters, admins and compliance users.
Control
Data Protection
Sensitive application, KYC, supplier and policy data should be encrypted in transit and protected at rest.
Control
Audit Trails
Policy, KYC, underwriting and claims actions should be logged with actor, timestamp and decision context.
Control
Operational Monitoring
Backend health, auth errors, failed uploads, suspicious activity and policy events should be monitored.
Account security
JWT-based authenticated sessions for portal access.
Separate admin login for underwriting and compliance roles.
Future support for MFA and device/session management.
Role checks before sensitive policy or compliance actions.
Insurance data security
Structured application and policy data held in database records.
Document uploads to be stored in controlled file storage.
Retention aligned with insurance, AML and audit requirements.
Clear privacy and data handling notices for users.
Incident readiness
Logging and alerting for failed auth and API errors.
Breach response process for security incidents.
Admin audit trail export for regulatory review.
Supplier and buyer data access minimised by role.
Next Step
Found a security concern?
Send a clear report with affected route, steps to reproduce and screenshots where possible.