SOC 2 Compliance
Our SOC 2 program covers the operational controls we use to protect customer data — security, availability, and confidentiality.
1. What is SOC 2
SOC 2 is an independent audit framework, defined by the American Institute of CPAs (AICPA), that evaluates whether a service organization has designed and operates controls that meet specific Trust Services Criteria. It is widely used by SaaS providers to demonstrate operational maturity to enterprise customers.
2. Scope
Shipider's SOC 2 scope covers the warehouse management platform, including the customer-facing dashboard, operator dashboard, mobile scanning experience, public API, and the production infrastructure that supports them.
3. Trust Services Criteria
The program focuses on three of the five Trust Services Criteria categories:
- Security — protection against unauthorized access (physical and logical).
- Availability — the platform is operational and accessible as committed.
- Confidentiality — designated confidential information is appropriately protected.
4. Current Status
We are actively operating against SOC 2 controls and engaging an independent auditor to produce a Type II report. Until the Type II report is issued, customers can request the latest control narrative under NDA.
5. Key Controls
The control set covers access management, change management, vulnerability management, monitoring and logging, incident response, backup and recovery, vendor management, and personnel security. See our Security page for a plain-language summary.
6. Requesting the Report
Customers and prospective customers can request the latest SOC 2 report or control narrative under a mutual NDA. Reach us at support@shipider.com with your account or company details.
7. Updates
We will refresh this page whenever the report status changes — including new observation periods, auditor changes, or material updates to the scope or control set.
