PayShepherd Security

At PayShepherd, we take security seriously. We understand that our customers want their contractor billing data to be protected. So, we provide each customer a cloud environment dedicated to them. Your data is yours. We keep it that way.

PayShepherd does more than deliver a secure application, by using our cloud platform our customers can securely and easily collect and analyse billing data across multiple sites reducing billing errors, saving both time and money.

Secure Platform

We deliver PayShepherd on Amazon Web Services. By choosing AWS as our infrastructure, we are able to provide our customers with a secure and robust platform on which to manage their contractor billing. AWS infrastructure and platform services have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about security and compliance at AWS.

Data Centre Security

PayShepherd relies on AWS to provide data centre security. AWS provides physical access controls, round-the-clock site monitoring and operational controls, HVAC systems, fire suppression, and necessary to ensure its servers are protected from accidental or intentional damage or modifications. Twice yearly SOC 2 audits attest to these controls.

Communications, Network, and Data Security

Your data is never unprotected in transit. Each customer connects to a dedicated subdomain at using an encrypted channel using TLS v1.2 or greater using AWS ELBSecurityPolicy-TLS-1-2-2017-01 SSL policy.

Inside the PayShepherd service, your resources are isolated. Network access controls ensure that your traffic does not mix with other customer’s traffic. All internal traffic between service instances is encrypted. Likewise your computer storage resources are isolated. and your data is encrypted when stored.

Application Security

PayShepherd’s application is secure by design.

PayShepherd follows all applicable Complementary User Entity Controls required by AWS in their shared responsibility model.

PayShepherd’s software is built using stable frameworks selected in part for their reputation for security.

Vulnerability analysis, static application security testing (SAST), dynamic application security testing (DAST), and deliberate change management are fully integrated within PayShepherd’s continuous integration software development lifecycle. Insecure code does not make it past the first level of quality assurance.

PayShepherd does not stop there. Regular third-party penetration tests are performed.

Operations Security

PayShepherd’s service is continuously monitored to detect actual or potential control failures. PayShepherd’s controls are designed to provide defense-in-depth ensuring that no single control failure results in a compromise. All control failures result in a security incident and a response raised using PayShepherd’s security incident management procedures.

Human Resource Security

Security Policies

PayShepherd maintains a comprehensive suite of security policies and these are available to all employees and contractors. Employees are expected to read and accept these policies upon hire or transfer.


PayShepherd provides security awareness training to each employee on hire and annually thereafter. In addition, issue specific education material is distributed to staff through internal communications channels.

Employee Screening

All PayShepherd employees undergo a background check during the hiring process.

Assurance and Compliance

Platform Assurance

PayShepherd has chosen a platform (AWS) that is certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about security and compliance at AWS.