PayShepherd Security
At PayShepherd, we take security seriously. We understand that our customers want their contractor billing data to be protected. So, we provide each customer a cloud environment dedicated to them. Your data is yours. We keep it that way.
PayShepherd does more than deliver a secure application, by using our cloud platform our customers can securely and easily collect and analyse billing data across multiple sites reducing billing errors, saving both time and money.
Secure Platform
We deliver PayShepherd on Amazon Web Services. By choosing AWS as our infrastructure, we are able to provide our customers with a secure and robust platform on which to manage their contractor billing. AWS infrastructure and platform services have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about security and compliance at AWS.
Data Centre Security
PayShepherd relies on AWS to provide data centre security. AWS provides physical access controls, round-the-clock site monitoring and operational controls, HVAC systems, fire suppression, and necessary to ensure its servers are protected from accidental or intentional damage or modifications. Twice yearly SOC 2 audits attest to these controls.
Communications, Network, and Data Security
Your data is never unprotected in transit. Each customer connects to a dedicated subdomain at PayShepherd.com using an encrypted channel using TLS v1.2 or greater using AWS ELBSecurityPolicy-TLS-1-2-2017-01 SSL policy.
Inside the PayShepherd service, your resources are isolated. Network access controls ensure that your traffic does not mix with other customer’s traffic. All internal traffic between service instances is encrypted. Likewise your computer storage resources are isolated. and your data is encrypted when stored.
Application Security
PayShepherd’s application is secure by design.
PayShepherd follows all applicable Complementary User Entity Controls required by AWS in their shared responsibility model.
PayShepherd’s software is built using stable frameworks selected in part for their reputation for security.
Vulnerability analysis, static application security testing (SAST), dynamic application security testing (DAST), and deliberate change management are fully integrated within PayShepherd’s continuous integration software development lifecycle. Insecure code does not make it past the first level of quality assurance.
PayShepherd does not stop there. Regular third-party penetration tests are performed.
Operations Security
PayShepherd’s service is continuously monitored to detect actual or potential control failures. PayShepherd’s controls are designed to provide defense-in-depth ensuring that no single control failure results in a compromise. All control failures result in a security incident and a response raised using PayShepherd’s security incident management procedures.
Human Resource Security
Security Policies
PayShepherd maintains a comprehensive suite of security policies and these are available to all employees and contractors. Employees are expected to read and accept these policies upon hire or transfer.
Training
PayShepherd provides security awareness training to each employee on hire and annually thereafter. In addition, issue specific education material is distributed to staff through internal communications channels.
Employee Screening
All PayShepherd employees undergo a background check during the hiring process.
Assurance and Compliance
Platform Assurance
PayShepherd is audited against the AICPA Trust Services Criteria for Security, Confidentiality, and Availability. To view our SOC 2 or 3 reports please contact your PayShepherd Representative.