SOC 2 Attestation and Information Security at Imprivata FairWarning

March 28, 2019

Imprivata FairWarning continues to invest in information security technologies, procedures and training as well as associated governance. For our United States customer operations, this means assessments and governance for HIPAA, and for our international operations we do the same for a range of security and privacy standards.

In August Imprivata FairWarning will kick off our SOC 2 Type 1 Attestation and this comes after two years of continual information security technology investments and procedural improvements.  A few are outlined below:

Governance and Information Security Team and Meetings
For nearly two years I have participated in the our weekly governance and information security meetings to demonstrate the highest level of executive support for these initiatives.  This also provides clear visibility on requirements for budgetary and organizational support.  This commitment has generated strong, lasting momentum for information security at Imprivata FairWarning

Secure Devices: Two Factor Authentication
Two Factor Authentication is the latest technology implemented to further our information security systems.  Every team member must now present two authentication factors to gain access into their computer devices and to customer data. We believe this helps establish a strong defense against the misuse of team members devices and is a deterrent for bad actors
 
Laptops and Portable Media
All of our laptops have encryption installed at the time they go into use at Imprivata FairWarning.  Further, we have disabled portable media on every laptop and this restriction can be circumvented only by a special change process
 
Secure Monitoring: Point-to-point Virtual Private Network
We use a secure point-to-point VPN to remotely monitor and support customer deployments. This allows our service teams to not only secure and encrypt transmission of data, but proactively monitor the status of system jobs like file delivery, file parsing, backups, as well as whether a system is online. Our goal is to find problems and fix them before customers, without jeopardizing the security of your data, and to execute these operations with the utmost security
 
Secure E-mail Communication: Transport Layer Security
TLS offers customers the assurance of more secure transmission of email between organizations. Utilizing this communication technology reduces the chance of outside parties tampering with any sensitive messages or data. We have implemented this with our customers and have required it for new implementations.  We have also implemented a secure email system for non-customer communications or for those few customers who do not support TLS
 
Educating Team Members
Team members are aware of the important role they play in security. They are the front line of defense when it comes to security. We conduct extensive security awareness training to ensure our team members are vigilant and help us minimize human error.  We also have policies and training on anti-corruption practices
 
We all know there is no “perfect security posture” so we strive to relentlessly improve and drive the culture of information security and governance into Imprivata FairWarning’s culture.

Sincerely

Kurt J. Long
Founder, Imprivata FairWarning