Plus Certified App Program
Shopify PCAP Security Assessment
Welcome!
In 2019, Shopify rolled out the Plus Certified App Program, which is a partner program to exclusively select and curate a group of partners to build valuable solutions for Shopify’s larger merchants.
How it Works
This security review applies to all partners in the program, including net new applicants and renewals. The following activities must be completed to finish the PCAP certification:
You must pass all security requirements to be accepted into the program as part of a new application or an annual renewal.
You will only be given a pass or a fail during the security review.
If you fail the assessment, you will work directly with us to rectify any issues.
Assessment Process
Onboarding
You begin by filling out the program application questionnaire with Shopify.
Upon getting to the security questions, you will be instructed to follow a link to Leviathan to complete the security assessment.
Upon landing on this web page, you will have the ability to review and sign Leviathan’s Statement of Work.
After executing the Statement of Work, you will be able to pay the service fee via Stripe.
Security Assessment
Once you have completed your payment via Stripe, you will be directed to a form for submitting your assessment response.
Upon completion of the security questionnaire, the form is submitted directly to Leviathan and Shopify.
Leviathan will review each application within 48 hours.
If you pass, Leviathan will provide your Letter of Validation to you within 48 hours which states that you have successfully passed the questionnaire.
If you fail, Leviathan will provide a remediation report to you within 48 hours with a clear outline on:
Failed security requirements.
Steps needed to solve the problem.
Next Steps
You will have up to sixty (60) days from initial submission to address the missing requirements and resubmit the security application. (Included in fee)
Leviathan will review the application within 48 hours.
Shopify will review the full application and determine whether you will join or remain in the program. You must pass all security requirements and receive a Letter of Validation.
The Company and Applicant agree that all answers and attachments to the Security Questionnaire are the Confidential Information of Shopify and Applicant under the Plus Certified App Program (PCAP). Confidential Information may be used by the Company as necessary for performing its obligations under the Statement of Work and as signed by the Applicant and to adhere to PCAP. Note: The Company adheres to ISO27001 Information Security Standards and can be supplied upon request.
If you are experiencing any issues with the PCAP security assessment process, please reach out to: