查看 Shopify 的合规性报告

若要查看评估 Shopify 的信息安全标准合规性后生成的所有报告,请转到帮助中心的合规性报告页面。在此处详细了解 Shopify 的安全性。

此页面概述 Shopify 的报告。

PCI 报告

支付卡行业数据安全标准 (PCI DSS) 是面向存储、处理或传输信用卡信息的组织的安全标准。制定该标准的目的是增强对支付数据的控制,从而减少欺诈。PCI 报告根据 PCI 安全标准委员会制定的“PCI DSS 要求”对组织进行评估。

报告名称描述
PCI 合规性认证 (AoC)AOC 是 Shopify 用于认证其年度 PCI DSS 合规性评估结果的表单,如“合规报告”中所述。Shopify 将在每次年度 PCI DSS 合规性评估后重新发布此表单。您需要登录您的 Shopify 账户才能查看此报告。
PCI 外部 ASV 漏洞扫描-扫描合规性认证 (AoSC)这是 Shopify 的认证扫描厂商 (ASV) 扫描合规性的季度认证。新的认证每季度发布一次。

### SOC 报告 服务组织控制 (SOC) 报告评估组织在隐私、处理完整性、安全性、可用性和保密方面的控制措施。创建 SOC 报告是为了达到[美国注册会计师协会 (AICPA) 审计准则委员会](https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations.html)确定的信任服务标准(Trust Services Criteria,TSC)。

报告名称描述
SOC 3

SOC3 报告包含 Shopify 的安全性和可用性保护措施,以及这些保护措施的外部审计建议。此报告可以免费共享。

SOC 2, Type IISOC 2, Type II 报告包含 Shopify 的安全和可用性保护措施,以及这些保护措施的外部审计建议。
SOC 2 补充说明信此信函由 Shopify 提供,用于补充说明 SOC 2 报告结束日期与签发补充说明信函之间的报告期的情况。

在此处查看 PCI 和 SOC 报告。

Shopify商户官网原文详情:

Viewing Shopify's compliance reports

To view all reports generated after assessing Shopify's compliance with information security standards, go to the Compliance Reports page in the Help Center. Learn more about security at Shopify here.

This page provides an overview of Shopify's reports.

PCI reports

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations that store, process, or transmit credit card information. The standard was created to increase controls around payment data to reduce fraud. PCI reports provide an organization's assesment against the PCI DSS Requirements laid out by the PCI Security Standards Council.


Report nameDescription
PCI Attestation of Compliance (AoC)The AOC is a form for Shopify to attest to the results of its annual PCI DSS compliance assessment, as documented in the Report on Compliance. Shopify will reissue this form after each annual PCI DSS compliance assessment. You'll need to log on to your Shopify account to view this report.
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)This is Shopify’s quarterly attestation of Approved Scanning Vendor (ASV) scan compliance. A new attestation is posted quarterly.

SOC reports

Service Organization Control (SOC) reports assess an organization’s controls in relation with privacy, processing integrity, security, availability, and confidentiality. SOC reports are created to meet the Trust Services Criteria (TSC) determined by the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA).

Report nameDescription
SOC 3

The SOC3 report contains Shopify's security and availability safeguards along with an external audit opinion of these safeguards. This report can be freely shared.

SOC 2, Type IIThe SOC 2, Type II report contains Shopify's security and availability safeguards along with an external audit opinion of these safeguards.
SOC 2 bridge letterThis letter is made available by Shopify to bridge the gap between the reporting period of the end date of the SOC 2 report to when the bridge letter is issued.

View PCI and SOC reports here.

文章内容来源:Shopify商户官方网站