Case Study

Achieving Compliance Agility: BigCommerce's Roadmap to Regulatory Success with Coalfire

June 11, 2024

BigCommerce provides its customers sophisticated enterprise-grade functionality, customization and performance with simplicity and ease-of-use. Tens of thousands of B2C and B2B companies across 150 countries and numerous industries rely on BigCommerce, including Burrow, Coldwater Creek, Francesca’s, Harvey Nichols, King Arthur Baking Co., MKM Building Supplies, United Aqua Group and Uplift Desk.


As a PCI DSS Level 1 payment processor, maintaining PCI Data Security Standard (DSS) Report on Compliance (ROC) is a critical requirement. But beyond just PCI DSS, BigCommerce wanted to pursue compliance with many additional regulatory mandates (e.g. SOC, ISO) to expand its compliance. Thus, it was time consuming and required multiple cycles to gather evidence and complete assessments for each framework, not only initially, but annually. Also, with the different frameworks that would be required, BigCommerce needed expertise from a provider that      could span the frameworks      they were pursuing. By achieving multi-framework compliance, BigCommerce wanted to achieve: 

  • Competitive Edge: BigCommerce pursued compliance with additional regulatory mandates to differentiate itself from competitors and maintain the competitive edge.
  • Business Expansion: Achieving compliance with multiple regulatory frameworks opens up opportunities for BigCommerce to expand its business by making their platform more appealing to a wider range of businesses, including those in highly regulated industries.
  • Customer Trust: By proactively sharing compliance achievements, BigCommerce instills trust in customers, reassuring them of the security and resilience of its platforms.
  • Efficiency and Expertise:Seeking expertise from providers to navigate multiple regulatory frameworks efficiently, BigCommerce wanted to save time and resources while ensuring comprehensive compliance coverage.


BigCommerce was seeking a strategic partner that could help them with their critical PCI DSS assessment requirements in 2020. In Coalfire, they found expertise and experience early on and this was demonstrated as they moved from PCI DSS 3.2 to 4.0, what they believed to be a heavy lift. The quality of the Coalfire team made it much easier. As they began to expand to additional frameworks such as ISO 27001 in 2021 and SOC 1/2/3 in 2022 and ISO 27017/27018 in 2023, the easier and simplified audits, reuse of evidence, and ease at which additional assessments were conducted, all helped BigCommerce to achieve multi-framework compliance much faster. Moving forward, BigCommerce is also looking at additional frameworks to have a complete stack of compliance.

The Coalfire Compliance Essentials platform, combined with Coalfire expertise, enabled much of this by automating and coordinating audits for both new frameworks and recurring assessments. Compliance Essentials has allowed BigCommerce to pursue continuous compliance and upload evidence during the assessments, or quarterly, and allows them to be audit-ready throughout the year. BigCommerce was able to move quicker than their competition and complete assessments for frameworks, ahead of the two years their competition took. The quality of the Coalfire team earned their trust and confidence and has enabled them to move rapidly and efficiently.


BigCommerce has successfully executed on their strategy to differentiate via compliance. The company proactively shares their compliance achievements via its Trust Center on its website, where customers can see all the certifications and assessment validations that BigCommerce has achieved. The Trust Center displays 18 compliance badges that demonstrate out of the box compliance for its customers and commitment to security. Due to this compliance strategy, BigCommerce customers can trust the company to provide secure and resilient platforms. As a result, BigCommerce enjoys: 

  • Enhanced Reputation: BigCommerce's commitment to multi-framework compliance enhanced its reputation as a reliable and trustworthy e-commerce platform provider, attracting more merchants seeking a secure and compliant solution.
  • Streamlined Operations: By leveraging Coalfire Compliance Essentials platform and expertise, BigCommerce streamlined its compliance processes, saving time and resources. This efficiency allows the company to focus more on innovation and growth initiatives rather than being bogged down by compliance burdens.
  • Accelerated Growth: With quicker attainment of compliance assessments for multiple frameworks, BigCommerce outpaced its competition, enabling faster expansion into new markets and driving accelerated business growth.

“Coalfire Compliance Essentials simplifies evidence collection and maintains the mappings. We can upload any new evidence quarterly, making the next audit easier.”

- Susan Phillips, Senior Director, Cybersecurity and GRC


By strategically partnering with Coalfire, BigCommerce navigated the complex landscape of regulatory frameworks efficiently, achieving multi-framework compliance faster than its competitors. This proactive approach not only enhances BigCommerce's reputation as a trusted e-commerce platform, but also streamlines operations, allowing the company to focus on innovation and expansion initiatives. With an enhanced reputation, streamlined operations, and accelerated growth, BigCommerce continues to lead the industry, providing secure and resilient platforms for merchants worldwide and reaffirms its commitment to supporting merchants at every stage of growth, ensuring their success in the dynamic landscape of e-commerce.