Security at PayShepherd

At PayShepherd, we recognize that threats evolve, as does our approach to protecting your data.  We understand that our customers want their contractor billing data to be protected. We provide each customer with a dedicated cloud environment.  Your data is yours.  We keep it that way so you can enjoy a secure, fast, and private online experience—because your trust means everything to us.

PayShepherd does more than deliver a secure application. By using our cloud platform, our customers can securely and easily collect and analyze billing data across multiple sites—reducing billing errors, saving both time and money.

Secure Foundations

We deliver PayShepherd by leveraging Amazon Web Services. By choosing AWS as our infrastructure, we can provide our customers with a secure and robust platform on which to manage their contractor billing. AWS infrastructure and platform services have been certified as ISO 27001 and SOC 2 compliant.

Data Center Security

PayShepherd relies on AWS to provide data center security. AWS provides physical access controls, round-the-clock site monitoring and operational controls, HVAC systems, and fire suppression, which are necessary to ensure its servers are protected from accidental or intentional damage or modifications. Twice yearly SOC 2 audits attest to these controls.

Communications, Network, and Data Security

Your data is always protected in transit. Each customer connects to a dedicated subdomain at PayShepherd.com using an encrypted channel using TLS v1.2 or greater using AWS ELBSecurityPolicy-TLS-1-2-2017-01 SSL policy.

Inside the PayShepherd service, your resources are isolated. Network access controls ensure that your traffic does not mix with other customer’s traffic. All internal traffic between services is encrypted. Likewise, your computer storage resources are isolated, and your data is encrypted when stored.

‍

Application Security

PayShepherd’s application is secure by design.

Shared Model

PayShepherd follows all applicable Complementary User Entity Controls (CUECs) required by AWS in their shared responsibility model. This ensures that we align with AWS’s security best practices, properly configuring and managing our cloud environment to maintain data integrity, confidentiality, and availability. By adhering to these controls, we provide an extra layer of assurance that your data is handled securely and in compliance with industry standards.

Application Source Material

PayShepherd’s software is built using stable, industry-trusted frameworks, chosen in part for its strong security track record. These frameworks undergo continuous updates and rigorous security testing, reducing vulnerabilities and ensuring a resilient foundation for our platform. This proactive approach helps safeguard your data while maintaining high performance and reliability.

Vulnerability & Change Management

Vulnerability analysis, static application security testing (SAST), dynamic application security testing (DAST), and deliberate change management are fully integrated within PayShepherd’s continuous integration software development lifecycle. 

Penetration Testing

Regular third-party penetration tests are performed to proactively identify and address potential security vulnerabilities before they can be exploited. These assessments, conducted by independent security experts, ensure our platform remains resilient against evolving threats, reinforcing our commitment to safeguarding your data and operations.

‍

Web Server Security

Enhanced security at the web server level protects the application from threats like clickjacking, insecure content loading, and unauthorized data exposure. By leveraging features such as X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Referrer Policy, and Permissions Policy, we ensure safer browsing, prevent attacks, and strengthen data privacy—giving you and your users peace of mind.

X-Frame-Options

By implementing X-Frame-Options: SAMEORIGIN, we prevent malicious websites from embedding our content within iframes, effectively blocking clickjacking attacks. This ensures that your interactions with our site are direct and free from hidden threats.

Strict-Transport-Security

We’ve strengthened your connection security with the Strict-Transport-Security policy. This ensures that all interactions with our website (including subdomains) are encrypted using HTTPS, protecting sensitive data from being intercepted and ensuring your information stays private.

X-Content-Type-Options

Your data is further safeguarded with the X-Content-Type-Options policy, which prevents web browsers from interpreting files as different types than declared. This helps block certain types of attacks where harmful scripts might be mistakenly run on your browser.

Referrer-Policy

Our Referrer-Policy restricts the sharing of your browsing information to the same origin only, meaning other websites won’t be able to see where you came from when clicking through links. This protects your browsing history and limits data exposure.

Permissions-Policy

To ensure your privacy, we’ve disabled unnecessary access to features like geolocation, microphone, and camera. This minimizes the risk of these being exploited by third parties. Additionally, we enable essential functions for the best possible user experience, like fullscreen mode and asynchronous data syncing, but only for secure, first-party use.

‍

Operations Security

PayShepherd’s service is continuously monitored to detect actual or potential control failures. PayShepherd’s controls are designed to provide defense-in-depth, ensuring that no single control failure results in a compromise. 

All control failures result in a security incident, and a response is raised using PayShepherd’s security incident management procedures.

‍

Human Resource Security 

Security Policies 

PayShepherd maintains a comprehensive suite of security policies that are available to all employees and contractors. Employees read and accept these policies upon hire and once annually. 

Security Training & Awareness

PayShepherd provides security awareness training to each employee on hire and annually thereafter. In addition, issue-specific education material is distributed to staff through various communication channels, including in-person, email, and instant messaging. 

Employee Screening 

All PayShepherd employees undergo a background check during the hiring process.

Certified Cybersecurity Staff 

PayShepherd hires certified experts in the Cybersecurity field, with certifications such as ISC2’s Cybersecurity Information Systems Security Professional (CISSP) and EC-Council’s Certified Ethical Hacker (C|EH) and has a designated Chief Information Security Officer (CISO).

‍

Assurance and Compliance 

Platform Assurance 

PayShepherd has chosen a platform (AWS) that is certified as ISO 27001 and SOC 2 compliant.

Organizational Assurance

PayShepherd undergoes organizational level SOC2 Type II audits by independent third-party auditor(s) and is pleased to offer up our report to prospective customers once a Non-Disclosure Agreement has been signed.

‍