Now servicing clients from 12 fulfillment centers, including continental Europe & the UK!

ShipMonk’s Commitment to Data Security and Privacy Protection

SOC 2 Compliance Certified

We’re SOC 2 Type I Compliance Certified.

What does that mean for you and your data?

  • Whether an ecommerce customer is buying a throw blanket or a ticket to the Bahamas, they want to ensure their private data is being protected. However, with so much legal jargon and technical terms used in the average privacy and security policy, that trust often comes down to customers having faith rather than full understanding of the facts. That’s not how we operate at ShipMonk. We believe our ecommerce clients should feel confident and have a clear understanding of how their customers’ data is being used. So here’s a concise, easy-to-understand breakdown of our approach to protecting your data, and theirs, and the SOC 2 Compliance Certification that affirms this commitment.

Why Do We Care about Security?

  • 1. Securing Data Transference
    When you work with any third-party vendors, data transference is at risk.
  • 2. Securing Client Company Data
    Mishandled private information can leave companies vulnerable to data theft, cyber attacks, improper alteration or disclosure of information, misuse of software, and malware installation.
  • 3. Protecting Customers
    Your ecommerce customers are also at risk if information from your business is misused or not properly protected.

What Is SOC 2 Compliance?

SOC 2 (System and Organization Controls) is an auditing process developed by the American Institute of Certified Public Accountants (AICPA) to ensure service providers securely manage data and protect privacy for all clients and within their own organization. It is the standard for data security among digital companies in the U.S.

SOC 2 has five “trust service principles” that data safety is measured against when being evaluated for compliance:

  • 1. Security

    Are the provider’s system resources protected against unauthorized access? Network/application firewalls, two-factor authentication, and intrusion detection are key.

  • 2. Availability

    Is the accessibility of systems, products, and/or services up to par with the agreed upon standards in the SLA between client and provider?
    Monitoring network performance and availability, site fail recovery, and security incident handling are key.

  • 3. Processing Integrity

    Do the provider’s systems achieve their purpose and handle data based on the set operating parameters?
    Monitoring of data processing and quality assurance procedures are key.

  • 4. Confidentiality

    Is all confidential data (intellectual property, business plans, financial information, etc.) properly encrypted when stored and processed?
    Network/application firewalls and ironclad access controls are key.

  • 5. Privacy

    Does the provider securely handle all personal data (set forth in a business’s privacy notice and AICPA’s generally accepted privacy principles, GAPP)?
    Strong cyber access controls, two-factor authentication, and encryption are key.

  • How SOC 2 Compliance Certification Works

    SOC 2 certification is issued by outside auditors at Insight Assurance, who conduct the detailed security exam via Vanta. They assess how well a provider complies with one or more of the five trust service principles based on the systems and processes in place. Completing the exam provides organizations with a report on their internal controls and how they protect customer data and sensitive information.

    Unlike other security certifications, SOC 2 reports are uniquely personalized. Each provider designs its own controls to comply with one or more of the trust service principles, keeping in line with their specific business practices.

  • What Makes ShipMonk a Trusted Security Provider?

    Your privacy matters, and reassurance that company info is being handled with care is a huge part of ensuring our ecommerce clients that they are in safe hands. That’s why we have successfully completed the SOC 2 Type I examination. Being Type I certified means we’ve proven operational effectiveness in the above trust service principles. More specifically, ShipMonk has completed:

    • An assessment of the design and operating effectiveness of our security controls.
    • A thorough examination of the security of our vendors and third-party partners.
    • A verified set of defined policies to ensure continued protection for customers and employees.

    The comprehensive process signifies our commitment to privacy and data security, and adherence to the availability and confidentiality standards developed by AICPA.

    With its SOC 2 recognition, all business owners have proof that ShipMonk not only protects the safety of its customers’ data today, but we have the right standards in place to safeguard that data in the future.

Our Commitment to You

One of our mottos at ShipMonk is “We Get Ship Done.” If you take anything away from this page, let it be that we proudly protect the ship out of your private data too. Being an entrepreneur has enough risk already embedded into the role. Don’t settle for a fulfillment provider that also puts your private information at risk. Information security is a top priority for all companies and we take that incredibly seriously. For more information about ShipMonk, visit our certifications page or contact us today to get started. And to learn about how we ensure product safety standards visit our facility compliance and certification page.

Powering some of the fastest
growing ecommerce companies

Join the Thousands of Ecommerce Companies Using ShipMonk