Overview
As part of our day-to-day business and in order to meet your needs and expectations, image.works may handle secure and/or protected information. In an effort to maintain your trust and uphold our responsibility to handle such information appropriately, we have reviewed our processes, controls and standards and implemented extensive security measures as needed. We recognize the need to establish and maintain an appropriate internal control environment for the benefit of our organization and our customers. Along with the measures we have taken so far, we will adopt any future measures required based on technology advancements, changes to privacy laws and company growth.
Risk Assessments/Audits
image.works went through a HIPAA Risk Assessment in January 2017, performed by Wipfli CPAs and Consultants. image.works also went through the SOC2 Type 1 audit as of September 27, 2023. This audit offers assurance that the services we provide are secure, keep data confidential, and meet confidentiality and regulatory requirements. The audit was performed by Wipfli CPAs and Consultants. You may request a copy of the report by emailing your sales rep or info@imageworksdirect.com.
Data Retention
image.works retains mail lists and all associated confidential information for six months. All lists are handled, retained and disposed of through processes and systems that follow security guidelines.
Network & Data Security
We use firewall systems to control local and internet network traffic. We also use secure channels, including SFTP and HTTPS, for data transfer. Software is kept up to date with the latest security patches. Endpoint Detect and Respond and Security Identity and Event Management (SIEM) services are used and monitored by a Security Operations Center (SOC) 24/7. All inbound and outbound email is scanned for malicious content prior to delivery.
Physical Security
Access to image.works facilities is managed with a key assignment and visitor policy. Employees are assigned a door opener to the parking garage and a key upon hire and must return them at employment end. Visitors to image.works are required to sign in and out and must be escorted by an employee throughout the office.
Employee Training
New employees receive training for security, confidentiality, privacy and safety policies shortly after beginning employment. All employees receive renewed training annually. Employees are also required to sign Code of Conduct, Confidentiality and Information Security Policy agreements.