7shifts Data Protection

Screenshot 2024-02-14 at 11.14.20 AM.png

It is our mission at 7shifts to deliver a comprehensive suite of Security, Privacy governance and operational processes, to establish and maintain a secure and trusted platform and exemplify trust for our customers. We proactively build and manage our security program to adhere to industry standards and frameworks. We are committed to maintaining Payment Card Industry Data Security Standard (PCI-DSS) compliance as part of our dedication to ensuring the security of cardholder data and banking information.


  • Data Encryption: At 7shifts encrypting data both in transit and at rest is crucial. We protect sensitive and confidential information from unauthorized access. SSL/TLS 1.2  protocols for data in transit and strong encryption standards AES 256 for data at rest are employed.

  • Compliance with Standards: 7shifts adheres to industry standards and regulations such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27001, Payment Card Industry Security Standard (PCI-DSS) for cardholder data protection and Service Organizations Controls (SOC) amongst others, to enhance trust and security.

  • Regular Security Audits: 7shifts conducts periodic security audits on our security controls to ensure efficiency, optimization and risk management. This includes both internal audits and external third-party assessments. 

  • Multi-Factor Authentication (MFA): As required, 7shifts ensures the implementation of MFA, to ensure additional authentication mechanisms are in place for robust account security.

  • Robust Access Controls: At 7shifts, we govern access to data by implementing stringent access control measures that ensure that only authorized personnel have access to sensitive data. This includes role-based access control (RBAC) systems.

  • Secure Software Development Lifecycle (SSDLC): We incorporate security at every stage of software development to ensure that the software is built with security in mind from the ground up.

  • Vulnerability Management Program:  We proactively monitor and mitigate risks arising from vulnerabilities across our infrastructure, networks, applications and products. We conduct periodic vulnerability assessments and remediations to stay on top of risk mitigation.

  • Employee Training and Awareness: Our teams are empowered with the knowledge and tools necessary to handle data securely. We deliver regular security and awareness training for employees on security best practices while keeping our content up to date with the ever-evolving threat landscape.

  • Security Incident Management and Breach Reporting: In addition to the several detective and preventive controls we have in our environment, we have well-tested incident management procedures in place to ensure timely response to a security incident and external reporting, as required. 

  • Customer Data Privacy: 7shifts has documented policies and practices that prioritize customer data privacy, including clear privacy policies and consent mechanisms, that support building trust with customers and other stakeholders. For more information on our privacy practices, please see our Privacy Policy.

  • Communication: If you have any inquiries or concerns regarding the security and privacy of your data, please do not hesitate to contact our Customer Support team. We are committed to ensuring the confidentiality and protection of your information. For assistance, please reach out to us.

  • Infrastructure Security: Customers' data are hosted using secure hosting services, network security measures like firewalls and intrusion detection systems, and regular vulnerability scanning.
      • Secure Cloud Architecture: Our cloud infrastructure is designed with security as a top priority. We utilize a multi-layered approach to protect customer data, including strict access controls, network segmentation, and advanced threat detection systems. 
      • Data Encryption: All sensitive data, including PCI information, is encrypted both in transit and at rest. This ensures that the payment data remains confidential and secure from unauthorized access.
      • Regular Security Updates and Patch Management: We regularly update our systems and applications. This includes timely patching of any vulnerabilities to ensure our defences remain robust against emerging threats.
      • Continuous Monitoring and Threat Detection: Our infrastructure is monitored 24/7 for any unusual activity. We employ intrusion detection systems to swiftly identify any potential threats.
        Data Redundancy and Backup: To safeguard against data loss, we have implemented redundant storage solutions and regular backup protocols. In the event of a system failure, your data remains secure and readily recoverable.
  • Third-Party Risk Management (TPRM). At 7shifts, our TPRM program is an integral part of our operational strategy. This program is well-designed to identify, assess, and mitigate risks associated with third-party relationships. Our comprehensive approach encompasses Due Diligence, Contract Management, Incident Response, Cross-Functional Collaboration, Regulatory Compliance, and Continuous Monitoring.

  • Documented Policies and Procedures: 7shifts maintains records of our compliance efforts, policies, procedures, and monitoring processes.
Was this article helpful?
2 out of 4 found this helpful