Trust and security

Security, privacy, and compliance

Protecting customers is our top priority, which is why we put security, privacy, and compliance as the cornerstones of our product design and operations. We regularly perform audits and maintain HIPAA, NIST, and SOC compliance, as well as use an Information Security Committee to evaluate risks, drive policies, and implement recommendations. Further, we employ product-level security architects who are responsible for assessing and managing product-based security practices.

Security, privacy, and compliance

Imprivata incorporates security by design as a core principle across products, implementation, and operations to safeguard customer data in accordance with the robust requirements of life- and mission-critical organizations. Our security practices are designed to support essential standards and regulations such as NIST, HIPAA, and HITECH.

We’ve instituted multiple complementary layers of security to secure client, server, data, and transmission of all user information. Our products implement encryption at rest and in transit.

We understand that security is not a static discipline and proactively apply processes and technologies to protect against a wide range of attack types. Our response team continuously assesses new vulnerabilities and dynamically adjusts development and operations.

End of list content

We respect your privacy

We’re committed to protecting your information and complying with all applicable privacy laws in the conduct of our business.

Image of a person using a laptop, attempting to log in

Standards and Regulations

CE & CE Plus

Cyber Essentials is a UK Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber-attacks and provides a clear statement of the basic controls organizations should have in place to protect themselves. 

Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organization should have in place to mitigate the risk from common cyber threats.

Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme. It is a more rigorous test of your organization’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organization is protected against basic hacking and phishing attacks.

DEA-EPCS compliance

Compliant with the regulations of U.S. Department of Justice, a third party has audited Imprivata Enterprise Access Management with MFA for compliance with the requirements of 21 CFR part 1311.

ISO 27001:2013 and ISO 27701:2019

ISO 27001 and ISO 27701 were developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an Information Security Management System (ISMS) and Privacy Information Management System (PIMS).

Imprivata has met rigorous international standards to ensure the confidentiality, integrity, and availability of customer data, supplier information, and the processing of PII/PHI and client’s internal data related to services provided. It has been certified against ISO 27001 and 27701 standards.