As part of our day-to-day business and in order to meet your needs and expectations, image.works may handle secure and/or protected information. In an effort to maintain your trust and uphold our responsibility to handle such information appropriately, we have reviewed our processes, controls and standards and implemented extensive security measures as needed. We recognize the need to establish and maintain an appropriate internal control environment for the benefit of our organization and our customers. Along with the measures we have taken so far, we will adopt any future measures required based on technology advancements, changes to privacy laws and company growth.
image.works went through a HIPAA Risk Assessment in January 2017, performed by Wipfli CPAs and Consultants. image.works also went through the SOC2 Type 1 audit as of July 23, 2020. This audit offers assurance that the services we provide are secure, keep data confidential, and meet confidentiality and regulatory requirements. The audit was performed by Wipfli CPAs and Consultants. You may request a copy of the report by emailing your sales rep or firstname.lastname@example.org.
image.works retains mail lists and all associated confidential information for six months. All lists are handled, retained and disposed of through processes and systems that follow security guidelines.
Network & Data Security
We use firewall systems to control local and internet network traffic. We also use secure channels, including SFTP and HTTPS, for data transfer. Software is kept up to date with the latest security patches. Endpoint Detect and Respond and Security Identity and Event Management (SIEM) services are used and monitored by a Security Operations Center (SOC) 24/7. All inbound and outbound email is scanned for malicious content prior to delivery.
Access to image.works facilities is managed with a key assignment and visitor policy. Employees are assigned a door opener to the parking garage and a key upon hire and must return them at employment end. Visitors to image.works are required to sign in and out and must be escorted by an employee throughout the office.
New employees receive training for security, confidentiality, privacy and safety policies shortly after beginning employment. All employees receive renewed training annually. Employees are also required to sign Code of Conduct, Confidentiality and Information Security Policy agreements.