Compliance & Security

Updated July 9, 2024

Table of Contents

Compliance, Security & Certifications

SOC 2 Type I & II Reports

SOC 2 Type I and Type II reports are designed to evaluate a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. Each report serves a distinct purpose:

Together, SOC 2 Type I and Type II reports are essential tools for understanding both the initial setup and the ongoing effectiveness of a service organization's control mechanisms.

SOC 1 Type II

The SOC 1 Type II certification attests that Shape Software has implemented robust internal controls and processes to ensure security and availability. This certification demonstrates our commitment to mitigating risks and safeguarding our clients' data, ensuring it remains highly secure.


HIPAA compliance involves adhering to standards set by the Health Insurance Portability and Accountability Act to protect sensitive patient health information. This includes implementing safeguards for PHI, conducting risk assessments, establishing policies, training employees, and monitoring for compliance.


The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law that regulates how private sector organizations handle personal information in commercial activities, ensuring individuals' privacy rights are protected. It mandates consent for data collection, accountability for data protection, transparency in data practices, and allows individuals to access and correct their personal information.


PHIPA, considered the Canadian equivalent of HIPAA, mandates that healthcare providers in Ontario obtain consent and are responsible for storing and protecting personal health information (PHI). Compliance requires appropriate safeguards, accountability, and allows individuals to access and correct their PHI.

Shape Software Inc. (“Shape” or “Shape Software”) and our affiliates take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure. This document outlines some of our providers mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are based on tier of service selected by our customer and are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.

Physical Security

Our providers data-centers are hosted in some of the most secure facilities available.

Network Security

The security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. 

Staff Processes

Providers data center infrastructure is not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations.


The process is designed to protect your data and security even in times of system failures. 

Legal Notice for Canadian Clients

If you are a Canadian client and require your servers to be hosted within Canada, please inform your sales representative at the time of sign-up. By default, our sign-up process does not automatically place you on a Canadian server unless specifically requested. Please note that fulfilling this request may extend the time required to set up your system.

Client Information Requests

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), clients have the right to request access to their personal information. To ensure compliance and protect your privacy, we require the following:

To request access to your personal information, please use the form provided below. Your privacy and the security of your data are our top priorities.

Submit a Request

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Get in Touch

Our team of experts are here to help! Call our sales line at (888) 762-7211


Contact Sales