We handle security and compliance,
so you don’t have to
We take on the hassle of compliance and security, so you can focus on serving your residents. PayIt meets compliance and regulatory requirements which align with — and often exceed — an agency’s policies and requirements.
Secure on the inside.
Validated from the outside.
PayIt’s platform and infosec program are designed to meet industry-standard security best practices. From our devices and facilities, to our policies and governance, to how we build and monitor our products, security is at the core of how we operate.
Industry Standard Frameworks
We designed our infosec program around industry-standard frameworks such as the NIST 800-Series that define essential practices to prevent, detect, and respond to cyberattacks; manage risk; secure networks and endpoints; and classify and protect data.
SOC Type 1 and Type 2 Compliance
PayIt is also SOC 1 Type 2 and SOC 2 Type 2 compliant. Auditors certified by the American Institute of CPAs annually verify that we have rigorous, effective internal accounting, IT, and security controls in place to protect our customers. Every agency should insist on this from cloud technology providers.
ISO 27001 & 27018 Certified
ISO 27001 & 27018 Certified: These two certifications demonstrate that PayIt’s infosec program meets both a general set of required security practices (27001) as well as a newer framework (27018) focused on protecting personally identifiable information (PII). The International Standards Organization provides these certifications following a detailed audit.
Compliance. Solved.
The Payment Card Industry Data Security Standard validates that an organization which accepts, processes, stores, or transmits credit card data keeps it secure. PayIt maintains DSS Level 1 compliance – the highest and most stringent.
Establishing and maintaining PCI compliance (and paying audit fines and remediation costs) is a big effort that can get expensive, so PayIt takes that off your plate.
Cloud hosting that’s grounded in security
Government-grade cloud hosting: Our US-based clients are hosted on AWS GovCloud and our Canada clients are hosted in AWS’ Canada Region Cloud for public sector. This keeps sensitive data safe, ensures high availability of services and data centers, bolsters identity management, and meets stringent federal and provincial security requirements.
