ShipMonk’s Commitment to Data Security and Privacy Protection
We’re SOC 2 Type I Compliance Certified.
What does that mean for you and your data?
Whether an ecommerce customer is buying a throw blanket or a ticket to the Bahamas, they want to ensure their private data is being protected. However, with so much legal jargon and technical terms used in the average privacy and security policy, that trust often comes down to customers having faith rather than full understanding of the facts. That’s not how we operate at ShipMonk. We believe our ecommerce clients should feel confident and have a clear understanding of how their customers’ data is being used. So here’s a concise, easy-to-understand breakdown of our approach to protecting your data, and theirs, and the SOC 2 Compliance Certification that affirms this commitment.
Why Do We Care about Security?
1. Securing Data TransferenceWhen you work with any third-party vendors, data transference is at risk.
2. Securing Client Company DataMishandled private information can leave companies vulnerable to data theft, cyber attacks, improper alteration or disclosure of information, misuse of software, and malware installation.
3. Protecting CustomersYour ecommerce customers are also at risk if information from your business is misused or not properly protected.
What Is SOC 2 Compliance?
SOC 2 (System and Organization Controls) is an auditing process developed by the American Institute of Certified Public Accountants (AICPA) to ensure service providers securely manage data and protect privacy for all clients and within their own organization. It is the standard for data security among digital companies in the U.S.
SOC 2 has five “trust service principles” that data safety is measured against when being evaluated for compliance:
Are the provider’s system resources protected against unauthorized access? Network/application firewalls, two-factor authentication, and intrusion detection are key.
Is the accessibility of systems, products, and/or services up to par with the agreed upon standards in the SLA between client and provider?
Monitoring network performance and availability, site fail recovery, and security incident handling are key.
3. Processing Integrity
Do the provider’s systems achieve their purpose and handle data based on the set operating parameters?
Monitoring of data processing and quality assurance procedures are key.
Is all confidential data (intellectual property, business plans, financial information, etc.) properly encrypted when stored and processed?
Network/application firewalls and ironclad access controls are key.
Does the provider securely handle all personal data (set forth in a business’s privacy notice and AICPA’s generally accepted privacy principles, GAPP)?
Strong cyber access controls, two-factor authentication, and encryption are key.
How SOC 2 Compliance Certification Works
SOC 2 certification is issued by outside auditors at Insight Assurance, who conduct the detailed security exam via Vanta. They assess how well a provider complies with one or more of the five trust service principles based on the systems and processes in place. Completing the exam provides organizations with a report on their internal controls and how they protect customer data and sensitive information.
Unlike other security certifications, SOC 2 reports are uniquely personalized. Each provider designs its own controls to comply with one or more of the trust service principles, keeping in line with their specific business practices.
What Makes ShipMonk a Trusted Security Provider?
Your privacy matters, and reassurance that company info is being handled with care is a huge part of ensuring our ecommerce clients that they are in safe hands. That’s why we have successfully completed the SOC 2 Type I examination. Being Type I certified means we’ve proven operational effectiveness in the above trust service principles. More specifically, ShipMonk has completed:
- An assessment of the design and operating effectiveness of our security controls.
- A thorough examination of the security of our vendors and third-party partners.
- A verified set of defined policies to ensure continued protection for customers and employees.
The comprehensive process signifies our commitment to privacy and data security, and adherence to the availability and confidentiality standards developed by AICPA.
With its SOC 2 recognition, all business owners have proof that ShipMonk not only protects the safety of its customers’ data today, but we have the right standards in place to safeguard that data in the future.