Security Reviews & Compliance at OrderMyGear

At OrderMyGear, we are committed to maintaining the highest standards of data security and privacy. We understand that validating our security posture is a critical part of your vendor risk management process. To facilitate this, we have streamlined our security review process to get you the information you need as efficiently as possible.

Step 1: Visit Our Trust Center (Start Here)

Before submitting a custom questionnaire, we strongly encourage you to visit our Trust Center. Most security and compliance questions are comprehensively answered in our standard audit reports and certifications.

Documents Available on our Trust Center:

• SOC 3 Report: A public summary of our security controls and compliance.
• SOC 2 Type 2 Report: An independent, third-party audit demonstrating the ongoing effectiveness of our security controls. (Authorization & NDA Required)
• PCI Compliance: Documentation regarding our adherence to Payment Card Industry standards. You can find documentation that covers both the Pop-up and Company Store platform.
• Penetration Test Summaries: High-level results from our annual third-party testing. (Authorization & NDA Required)
• Certificate of Insurance: Proof of our Cyber Insurance Coverage. (Authorization & NDA Required)
• Common Security Questions: A document that contains the most common security questions we get. (Authorization & NDA Required)

Why use the Trust Center? Leveraging our provided documentation, such as our SOC 2 report, is the fastest way to validate our security controls. These independent audits cover our Security, Availability, and Confidentiality criteria and typically eliminate the need for redundant custom questionnaires.

Step 2: Custom Security Questionnaires

If our standard compliance documentation does not meet your criteria, and a custom questionnaire is still required, please review our policies regarding submission, timeline, and costs. Please note, we only will accept questionnaires for the Company Store platform at this time.

Pricing & Billable Hours

Due to the resources required to complete manual reviews, OrderMyGear applies the following pricing policy to custom questionnaires:

• This is a billable service that requires approval before moving forward
  • Rate & Approval: There is a minimum $500 charge for security questionnaires, which covers up to 4 hours of time. This must be approved before we can move forward.

  • Longer questionnaires can take well over 4 hours to complete. An estimated range will be provided to you for approval before our team moves forward - additional time is billed at $95/hour.

     

Step 3: Submission Guidelines

To prevent delays in processing your request, please ensure your questionnaire adheres to the following formatting standards. For your convenience, we have provided a template for you to utilize at the bottom of this article. Non-compliant files may be returned for reformatting.

• Format: Excel (.xlsx) or CSV.
• Structure:
  • One question per row.
  • Simple "Yes/No" questions are preferred, with a column for short comments if necessary.
  • Avoid complex multiple-choice. If a multiple-choice question is required, all options must fit within a single cell. We do not support any question portals or nested questions.
• Once you have successfully added all of your questions to the spreadsheet, please send the questions to your CSM. They will ensure it is sent to the correct teams to get it processed in an organized fashion.
• Please ensure to send the original document AS WELL AS the formatted spreadsheet mentioned above. This will help ensure context is not lost when our template is utilized.