Skip to main content

Commerce Earns Quality Management ISO Certification and Tests Against Responsible AI ISO Frameworks

Written by Customer Service on . Posted in Public Companies.

Certifications underscore Commerce’s commitment to trust, responsible innovation and operational excellence, setting it apart in the ecommerce industry

AUSTIN, Texas, Sept. 23, 2025 (GLOBE NEWSWIRE) — Commerce (Nasdaq: CMRC), an open, intelligent ecosystem of technology solutions that empower businesses to unlock data potential and deliver seamless, personalized experiences at scale, today announced that it has moved the mark toward security and AI program governance standards, gaining International Organization for Standardization (ISO): ISO 9001 for Quality Management certification and testing and certifying against ISO/IEC 42001 for Artificial Intelligence Management.

These new certifications, awarded by leading cybersecurity auditor Coalfire, strengthen Commerce’s competitive edge in security, reliability and ethical innovation. They also reinforce Commerce’s position as a values-driven organization, focused on innovation, compliance and customer trust. By aligning with ISO standards, the company ensures that its practices are transparent, well-governed and globally benchmarked.

“In today’s digital ecosystem, trust can’t simply be claimed. It must be proven,” said Dan Holden, chief information security officer at Commerce. “By achieving ISO 9001 and ISO 42001 certifications, Commerce is not only aligning with global best practices, we are demonstrating our commitment to quality, responsible AI implementation and end-to-end supply chain due diligence. This is about showing that security and governance are integral to how Commerce operates, and we are proving that commitment through a measurable, independently audited process.”

ISO 9001, a highly recognized global quality management standard, affirms that Commerce follows international best practices to ensure consistent product delivery and customer satisfaction. Coalfire examined Commerce’s internal business practices and found that the company follows international best practices for high-quality service and product delivery.

ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organizations. Achieving this certification reflects Commerce’s ethical approach to AI deployment and signals to merchants, partners and investors that it is proactively governing AI development with transparency, fairness and risk mitigation.

“These certifications, backed by comprehensive audits twice each year, provide transparency into the strength of our security and compliance posture,” Holden said. “Merchants using or considering Commerce can be confident that our product delivery follows high-quality standards and that we will not be training our AI models with their data.”

Trust as a Deciding Factor
Commerce’s strong compliance record is often a competitive differentiator for businesses choosing an ecommerce platform. Earlier this year, the Marine Corps Community Services (MCCS) and its implementation partner Raven Solutions selected Commerce to support their entry into the digital commerce market.

“When Raven Solutions was helping the Marine Corps Community Services choose an ecommerce platform, Commerce was able to demonstrate a strong security posture and a transparent documented record of compliance that enabled us to trust the platform’s integrity,” said Ryan Pratt, CEO of Raven Solutions. “We evaluated multiple options and Commerce’s security- and privacy-first approach – built on NIST, OWASP and CIS frameworks – was a decisive advantage over competitors.”

“MCCS is critical to strengthening mission readiness and quality of life for Marines through our morale, welfare and recreation (MWR) and Exchange services,” said David Raley, CX digital program manager at MCCS. “Adding ecommerce functionality was an important part of our strategy to provide better service to Marines.”

Commerce’s regularly audited infrastructure and practices include:

  • Weekly patching with zero downtime
  • Daily encrypted backups across four geographically dispersed data centers
  • Mandatory secure development training for engineers
  • Continuous third-party penetration testing and security monitoring
  • Enterprise-grade business continuity certified by ISO 22301

Commerce’s full suite of certifications, including ISO 27001, ISO 22301, and multiple SOC attestations, can be found at the Commerce Security Trust Center.

About Commerce
Commerce (Nasdaq: CMRC) empowers businesses to innovate, grow, and thrive by providing an open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, Commerce connects the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. Trusted by leading businesses like Coldwater Creek, Cole Haan, Harvey Nichols, King Arthur Baking Co., Mizuno, Perry Ellis, SportsShoes, and Uplift Desk, Commerce delivers the storefront control, optimized data, and AI-ready tools businesses need to grow, serve diverse buyers, and operate with confidence in an increasingly intelligent, multi-surface world. For more information, visit commerce.com or follow us on X and LinkedIn.

BigCommerce®, the Commerce logo, and other brands are the trademarks or registered trademarks of BigCommerce Pty. Ltd. Third-party trademarks and service marks are the property of their respective owner.

Media Contact:
Brad Hem
pr@commerce.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.