add-circle-bold add-circle add-square add alarm-bell-1 alert-diamond analytics-pie-2 archive archive arrow-down-1 arrow-down-2 arrow-left-1 arrow-right-1 arrow-up-1 attachment-1 bin-paper-1 book-star button-record check-1 check-circle-1 close close-quote close cog-1 cog common-file-stack copy-paste credit-card-1 diagram-fall-down disable time-clock-midnight download-thick-bottom drawer-send envelope-letter envelope-letter expand-6 expand-6 file-code filter-1 floppy-disk flying-insect-honey folder-file-1 headphones-customer-support hierarchy-9 hyperlink-2 information-circle keyboard-arrow-down keyboard-arrow-up layout-module-1 list-bullets lock-2 lock-unlock-1 love-it messages-bubble-square move-to-top multiple-circle multiple-neutral-1 multiple-users-1 navigation-menu-horizontal navigation-menu network-browser open-quote pencil-1 pencil-write pencil-1 print-text rating-star rating-star remove-circle remove-square-1 search send-email-1 shield-warning single-neutral-actions single-neutral smiley-sad-1 smiley-unhappy smiley-indifferent smiley-smile-1_1 smiley-happy smiley-sad-1 smiley-unhappy smiley-indifferent smiley-happy smiley-thrilled social-media-twitter synchronize-arrows-1 tags-double ticket-1 ticket-1 time-clock-circle undo view-1 view-off view wench
Site Shepherd Knowledge Base
Customer Portal
All Categories / Security & Compliance / Security & Compliance

Security & Compliance

Site Shepherd Platform Security and Compliance

Site Shepherd is a cloud application that provides site selection as a service. Our platform creates an experience to organize and score data to determine an optimal location.

Our software is designed to achieve a seamless site selection experience. We are continuously mindful of our customer’s privacy and limit access to all customer data on a need to know basis internally.

Site Shepherd applies best security practices retaining a minimal amount of customer data and operating with the fewest privileges necessary to provide a great experience to our users.

This document is meant to be an overview of platform-related privacy, security, and compliance.
 


Data Encryption

  • All connections from the browser to the Site Shepherd platform are encrypted in transit using to be Determined
  • All data is encrypted at rest.
  • Site Shepherd user passwords are stored as salted password hashes

 

Physical Infrastructure

The Site Shepherd application is hosted on Azure.  The Azure physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

 

For additional information see:

https://aws.amazon.com/security/

 

Vulnerability Management

We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies. All of our services run in containers that isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. The services are configured with tight network security constraints to further limit any potential risk. Both AWS and Heroku regularly conduct internal vulnerability assessments and patch the underlying systems.


For additional technical information see:

https://devcenter.heroku.com/articles/dyno-isolation

 

Incident Response Plan

Identification

Site Shepherd routinely monitors our external services and open source libraries for security issues and has executed Data Processing Addendums (DPA) with our vendors to ensure prompt notification of data breaches. Who continuously scans Site Sheperd for service interruptions, performance degradation, and security vulnerabilities with automated tools to immediately alert our engineers when an incident has been detected. Users may also report security issues to [email protected]

 
Containment

Whenever our engineering team is alerted to a security issue, the team determines what systems are affected and quickly contains the problem by disconnecting all affected systems and devices. Because all of our services run in containers that isolate processes, memory, and the file system they are easily replaced and updated in their entirety inhibiting further escalation.

 
Recovery

If data was found to be affected, it is restored from clean backup files, ensuring that no vulnerabilities remain. Secondary backups are also stored in Google Cloud. Systems are monitored for any recurrence. Ephemeral services are patched and redeployed eliminating any chance of malware persistence.

 
Retrospective

The Site Shepherd engineering team analyzes every operations incident and how it was handled, making recommendations for better future response and for preventing a recurrence.



 

Change Management Plan

New releases to the Site Shepherd Platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests, and end-to-end tests. Changes are also run against our continuous integration server. This enables us to automatically detect any issues in development.

Once a changeset is completed, it is manually peer reviewed by one or more members of the engineering team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test, and further evaluate the user experience.

After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.



 

Employee Screening and Policies

As a condition of employment, all Site Shepherd employees undergo pre-employment background checks and receive training during onboarding and throughout their employment on company policies, security, GDPR, and other related security, privacy, and compliance topics.



 

Compliance

PCI Compliance

Site Shepherd uses a PCI-compliant pay processor Stripe for encrypting and storing credit card details. More information on Stripe’s commitment to security and compliance can be found here. We utilize the direct Stripe javascript integration so your credit card information never reaches Calendly’s servers.

https://stripe.com/docs/security/stripe

 
GDPR Compliance

Site Shepherd is committed to GDPR compliance. We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or businesses that use Site Shepherd with European customers, feel secure and confident to continue using Site Shepherd. 

GDPR is a broad regulation. Since it’s new, and since there is no certification process, no company can legitimately claim that they are GDPR compliant. Site Shepherd makes a good-faith effort to be compliant with GDPR, both now and as future developments come along.

If you integrate Site Shepherd to share information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about location data for site selection projects unless they explicitly opt-in to future, marketing-related emails. 

 

Legal Documents

Site Shepherd Privacy Policy

Our current privacy policy can be found here:

 

 
Site Shepherd Terms of Use and Data Processing Addendum (“DPA”)

Our current terms of use, including a link to our data processing addendum, can be found here:

 

 
Site Shepherd User License Agreement

Our current User License Agreement can be found here:

 

Site Shepherd
Knowledge Base Contact Us
Knowledge Base Software by SupportBee