The Tradeshift Compliance Program

The Tradeshift Compliance Program enables customers to evaluate and understand the robust controls in place at Tradeshift to maintain security and data protection in the cloud.

Our systems and process are run in accordance with, and audited against, stringent industry standards for ensuring the security, availability, confidentiality and integrity of data entrusted to our platform. Tradeshift is built from the ground up as a security focused, cloud first solution. Our platform allows you to rest easy, knowing your data resides with a safe, secure and compliant solution.

Below are the assurance programs we adhere to, and the validated accountability reports we provide our third parties:

SOC 1 / ISAE 3402

The audit for this report is conducted in accordance with AICPA: AT 801 (formerly SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).

This audit is the replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report. This dual-standard report can meet a broad range of auditing requirements for U.S. and international auditing bodies.

The SOC 1 report audit attests that Tradeshift’s control objectives are appropriately designed, and that the controls safeguarding customer data are operating effectively. It provides information to customers about Tradeshift’s control environment that may be relevant to their internal controls over financial reporting.

To provide information to customers and their auditors for their assessment and opinion of the effectiveness of internal controls over financial reporting (ICOFR).

SOC 2

In addition to the SOC 1 report, Tradeshift also has a Service Organization Controls 2 (SOC 2), Type II report available. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability and processing integrity applicable to service organizations, such as Tradeshift.

The Tradeshift SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security and availability principles set forth in the AICPA's Trust Services Principles criteria. This report provides additional transparency into our security and availability based on a defined industry standard and further demonstrates our commitment to protecting customer data.

ISO 27001

Tradeshift is also audited against the ISO 27001:2013 standard. ISO 27001:2013 is a widely-adopted global security standard that outlines the requirements for information security management systems. It provides a systematic approach to managing company and customer information that’s based on periodic risk assessments. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information.