Security

Shiftboard utilizes industry leading technology
and practices to manage the security and integrity of your data.

Encryption

Shiftboard utilizes 256 bit SSL encryption. This ensures all communications to and from the Shiftboard application are encrypted and protected. It is one of the most secure encryption methods today, and is typically used for data in transit, or data traveling over a network or internet connection. However, it is also implemented for sensitive data such as financial, military, and government owned data.

Application Security

Shiftboard offers 3 layers of application security including:

  1. 256 bit SSL encrypted login to ensure maximum security in data transfer.
  2. Sharded data where customer data is separated into different data partitions to ensure no data overlap or loss.
  3. Customer account data is separated between different company locations and user levels to ensure there is no chance for data being shared between franchises or user levels.

Infrastructure

Shiftboard runs on a hybrid infrastructure utilizing TierPoint to support all US business and AWS cloud infrastructure for all European based business. This hybrid approach gives Shiftboard the best of both worlds with the ultimate control and redundancy.

TierPoint registers a 100% uptime and is audited under SSAE 18 Type 2 SOC 2, PCI-DSS*, GLBA and HIPAA standards annually and is ITAR and EU-US Privacy Shield registered. AWS is also backed by Amazons 99.99% uptime service level agreement.

Penetration Testing

Shiftboard employs WhiteHat Security’s industry-leading website security solution to help address concerns about safeguarding your confidential data from security breaches and hacker attacks.WhiteHat Sentinel conducts rigorous and ongoing security testing on thousands of the world’s leading websites, including Shiftboard and many Fortune 500 companies.

Single Sign On

Shiftboard supports Single Sign On, a property of access control for multiple related, yet independent software systems that allows users to login to connected systems with a single ID and password by leveraging SAML,SAML2. This supports a number of SSO providers like Shibboleth, Okta, ADFS, Onelogin, Google ID, and more.

GDPR

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. As of May 25th Shiftboard was deemed GDPR compliant. To learn more about Shiftboard’s approach to GDPR, see our GDPR policy details.

Questions

Security is of the utmost importance to Shiftboard. We mitigate security risks through applying best practice and active monitoring. However if you have any security concerns, or notice any possible security issues, we encourage you to reach out to privacy@shiftboard.com. Please see our privacy policy for a breakdown of how we handle potential issues.

Encryption

Shiftboard utilizes 256 bit SSL encryption. This ensures all communications to and from the Shiftboard application are encrypted and protected. It is one of the most secure encryption methods today, and is typically used for data in transit, or data traveling over a network or internet connection. However, it is also implemented for sensitive data such as financial, military, and government owned data.

Application Security

Shiftboard offers 3 layers of application security including:

  1. 256 bit SSL encrypted login to ensure maximum security in data transfer.
  2. Sharded data where customer data is separated into different data partitions to ensure no data overlap or loss.
  3. Customer account data is separated between different company locations and user levels to ensure there is no chance for data being shared between franchises or user levels.

Infrastructure

Shiftboard runs on a hybrid infrastructure utilizing TierPoint to support all US business and AWS cloud infrastructure for all European based business. This hybrid approach gives Shiftboard the best of both worlds with the ultimate control and redundancy.

TierPoint registers a 100% uptime and is audited under SSAE 18 Type 2 SOC 2, PCI-DSS*, GLBA and HIPAA standards annually and is ITAR and EU-US Privacy Shield registered. AWS is also backed by Amazons 99.99% uptime service level agreement.

Penetration Testing

Shiftboard employs WhiteHat Security’s industry-leading website security solution to help address concerns about safeguarding your confidential data from security breaches and hacker attacks.WhiteHat Sentinel conducts rigorous and ongoing security testing on thousands of the world’s leading websites, including Shiftboard and many Fortune 500 companies.

Single Sign On

Shiftboard supports Single Sign On, a property of access control for multiple related, yet independent software systems that allows users to login to connected systems with a single ID and password by leveraging SAML,SAML2. This supports a number of SSO providers like Shibboleth, Okta, ADFS, Onelogin, Google ID, and more.

Reporting

Security is of the utmost importance to Shiftboard. We mitigate security risks through applying best practice and active monitoring. However if you have any security concerns, or notice any possible security issues, we encourage you to reach out to privacy@shiftboard.com. Please see our privacy policy for a breakdown of how we handle potential issues.

GDPR

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. As of May 25th Shiftboard was deemed GDPR compliant. To learn more about Shiftboard’s approach to GDPR, see our GDPR policy details.