Why Fluent Commerce Focuses on SOC 2 Type 2 Attestation (Not SOC 1 / ISAE 3402)
Intended Audience:
Technical User
Author:
Amith Raj
Changed on:
3 Oct 2025
Overview
Fluent Commerce prioritizes SOC 2 Type 2 attestation over SOC 1 / ISAE 3402 due to its focus on order management, fulfillment, and inventory processes. SOC 2 Type 2 evaluates controls across Security, Availability, Processing Integrity, Confidentiality, and Privacy, addressing customer concerns about data protection and system reliability. Annual audits reinforce Fluent Commerce's commitment to these areas.
Key points
- SOC 1 / ISAE 3402 focuses on financial reporting, which is not relevant to Fluent Commerce's services.
- Fluent Commerce provides tools for order management and fulfillment, not direct financial transaction processing.
- SOC 2 Type 2 attestation is more appropriate for evaluating cloud-based software providers.
- SOC 2 Type 2 assesses controls across five Trust Services Categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
- Annual independent audits of SOC 2 Type 2 demonstrate Fluent Commerce's commitment to data protection and system reliability.
Fluent Commerce does not obtain a SOC 1 or ISAE 3402 report primarily due to the nature of our service.
- Focus on Financial Reporting: A SOC 1 / ISAE 3402 report is specifically designed for "Service Organizations" and focuses on controls relevant to an audit of a user entity's financial statements. This means it assesses controls that could impact the financial reporting of our customers.
- Service Type: These reports are typically relevant for services that directly process financial transactions that would appear on a customer's balance sheet, such as a payroll processor or a claims administrator.
- Fluent Commerce's Role: Fluent Commerce provides a headless commerce platform that empowers customers to manage their order management, fulfillment, and inventory processes. While critical to operations, our platform typically does not directly impact your financial statements in the same way these other service types would.
- Financial Transactions Reside Within Your Systems: We provide the tools and infrastructure, but the financial transactions and their reporting ultimately reside within your own systems.
- Conclusion: Therefore, a SOC 1 / ISAE 3402 Attestation is not relevant or applicable to Fluent Commerce.
Instead of a SOC 1/ISAE 3402 report, Fluent Commerce already obtains and maintains a SOC 2 Type 2 Attestation Report annually.
A SOC 2 report is designed to provide assurance about controls relevant to the five Trust Services Categories (TSCs):
Trust Services Category | Focus |
Security | Protecting our systems and your data from unauthorized access, use, disclosure, disruption, modification, or destruction. |
Availability | Ensuring our systems are available for operation and use as agreed. |
Processing Integrity | Confirming that system processing is complete, accurate, timely, and authorized. |
Confidentiality | Protecting confidential information as committed or agreed. |
Privacy | Protecting personal information as committed or agreed. |
These categories are precisely the areas that are most relevant and critical when evaluating a cloud-based software provider like Fluent Commerce.
We believe that our SOC 2 Type 2 report provides a more comprehensive and appropriate assessment of our control environment for a cloud-based platform like ours. It directly addresses the most likely concerns customers have regarding data protection, system reliability, and operational integrity.
Our SOC 2 Type 2 report is audited annually by an independent third party and demonstrates our commitment to these critical areas.
We are happy to share our most recent SOC 2 Type 2 report, which provides detailed information about our controls and the independent auditor's opinion on their effectiveness.
Click here to access our Trust Center Portal for the latest SOC 2 Type 2 Report.
