Plus Certified App Program

Shopify PCAP Security Assessment

Welcome!

In 2019, Shopify rolled out the Plus Certified App Program, which is a partner program to exclusively select and curate a group of partners to build valuable solutions for Shopify’s larger merchants.

How it Works

This security review applies to all partners in the program, including net new applicants and renewals. The following activities must be completed to finish the PCAP certification:

  • You must pass all security requirements to be accepted into the program as part of a new application or an annual renewal.

  • You will only be given a pass or a fail during the security review.

  • If you fail the assessment, you will work directly with us to rectify any issues.

Assessment Process

Onboarding

  1. You begin by filling out the program application questionnaire with Shopify.

  2. Upon getting to the security questions, you will be instructed to follow a link to Leviathan to complete the security assessment.

  3. Upon landing on this web page, you will have the ability to review and sign Leviathan’s Statement of Work.

  4. After executing the Statement of Work, you will be able to pay the service fee via Stripe.

Security Assessment

  1. Once you have completed your payment via Stripe, you will be directed to a form for submitting your assessment response.

  2. Upon completion of the security questionnaire, the form is submitted directly to Leviathan and Shopify.

  3. Leviathan will review each application within 48 hours.

    1. If you pass, Leviathan will provide your Letter of Validation to you within 48 hours which states that you have successfully passed the questionnaire.

    2. If you fail, Leviathan will provide a remediation report to you within 48 hours with a clear outline on:

      1. Failed security requirements.

      2. Steps needed to solve the problem.

Next Steps

  1. You will have up to sixty (60) days from initial submission to address the missing requirements and resubmit the security application. (Included in fee)

  2. Leviathan will review the application within 48 hours.

  3. Shopify will review the full application and determine whether you will join or remain in the program. You must pass all security requirements and receive a Letter of Validation.

If you are experiencing any issues with the PCAP security assessment process, please reach out to:

shopify-pcap@leviathansecurity.com