Carriers entrust Solverminds with bookings, schedules, rates, and operational data that doesn't recover well from mishandling. This page is the procurement-grade view of how we hold that responsibility — the certifications, where they apply, and where to send security disclosures.
Accreditations
Every certification below is held against an independent auditor with a documented re-certification cycle. Status and cycle dates are as of the current accreditation period.
Information Security Management System
Issued by BSI · Re-certified 2022 – 2025
Independently audited information security management system covering policy, access control, cryptographic controls, operations security, supplier relationships, incident management and business continuity. Re-certification cycle runs through 2025.
Capability Maturity Model Integration
Issued by CMMI Institute · First accredited 2015 · Re-accredited 2021
Process maturity for software engineering and product development. Level 3 means processes are characterised for the organisation and proactively managed — not just performed.
Greenhouse gas accounting and verification
Issued by Accredited verification body · Achieved 2023
Conformance to the ISO standard for quantifying and reporting greenhouse gas emissions and removals at the organisation level. Relevant for clients reporting Scope 3 emissions across their supplier base.
Service Organization Control · Type II
Issued by Independent auditor · Newly attested · 2026
SOC 2 covers the controls a service organisation has in place around security, availability, processing integrity, confidentiality and privacy. Required by most enterprise procurement teams running diligence on a SaaS supplier — and the right complement to ISO 27001 for clients in North American and European markets.
Security posture
These are the technical control areas that fall within the scope of our ISO 27001 audit. Each one is documented in our Statement of Applicability.
HTTPS / TLS in transit on every client-facing endpoint. JWT-based authentication on the optimisation APIs (per the published Fleet & Network Optimization deck).
Token refresh, scoped API validation, role-based authorisation per module. Enterprise clients can integrate against their own identity provider on bespoke implementations.
SaaS on subscription with REST-API integration and a documented ETL platform for data export and transformation. Deployment topology agreed per client engagement.
Change-control and audit trails for the operational records that matter most: bookings, rate decisions, stowage plans, fleet schedules. Documented for the ISO 27001 audit cycle.
Where we operate
Delivery and support span five offices across four regions. Engagement scope, data residency and processing locations are agreed per client and documented in the service definition.
If you believe you have identified a security vulnerability in our platform or services, write to enquiry@solverminds.com with the details. Responsible disclosure is welcome and we will work with reporters to validate and remediate legitimate findings.