Security, privacy, and compliance
Protecting customers is our top priority, which is why we put security, privacy, and compliance as the cornerstones of our product design and operations. We regularly perform audits and maintain HIPAA, NIST, and SOC compliance, as well as use an Information Security Committee to evaluate risks, drive policies, and implement recommendations. Further, we employ product-level security architects who are responsible for assessing and managing product-based security practices.
Security, privacy, and compliance
Imprivata incorporates security by design as a core principle across products, implementation, and operations to safeguard customer data in accordance with the robust requirements of life- and mission-critical organizations. Our security practices are designed to support essential standards and regulations such as NIST, HIPAA, and HITECH.
We’ve instituted multiple complementary layers of security to secure client, server, data, and transmission of all user information. Our products implement encryption at rest and in transit.
We understand that security is not a static discipline and proactively apply processes and technologies to protect against a wide range of attack types. Our response team continuously assesses new vulnerabilities and dynamically adjusts development and operations.
Imprivata enables customers to stay in control of their data with a comprehensive range of technical controls, procedures, and privacy features across our products.
We take the privacy of our customers’ data as an essential principle and ensure confidentiality, integrity, and availability across product use and lifecycle in the cloud and on-premises. Imprivata protects customer data throughout our business processes including support with robust role-based controls that limit access based on need and its intended use.
A strong governance program is in place to oversee data processing activities and lifecycle management, with data stewards to assure cross functional data management.
Imprivata security and privacy measures are designed to support the stringent requirements for life- and mission-critical industries, and to help customer compliance with essential health and privacy standards. Our employees, processes, and operations adhere to required standards and regulations (e.g., HIPAA and data protection and privacy training, SOC 2 attestation).
We respect your privacy
We’re committed to protecting your information and complying with all applicable privacy laws in the conduct of our business.
Standards and Regulations
CE & CE Plus
Cyber Essentials is a UK Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber-attacks and provides a clear statement of the basic controls organizations should have in place to protect themselves.
Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organization should have in place to mitigate the risk from common cyber threats.
Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme. It is a more rigorous test of your organization’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organization is protected against basic hacking and phishing attacks.
DEA-EPCS compliance
Compliant with the regulations of U.S. Department of Justice, a third party has audited Imprivata Enterprise Access Management with MFA for compliance with the requirements of 21 CFR part 1311.
FIDO alliance
Imprivata is a member of the FIDO Alliance, an open industry association with a mission to eliminate the world’s reliance on passwords by promoting the development of, use of, and compliance with standards for authentication and device attestation.
ISO 27001:2022 and ISO 27701:2019
ISO 27001 and ISO 27701 were developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an Information Security Management System (ISMS) and Privacy Information Management System (PIMS).
Imprivata has met rigorous international standards to ensure the confidentiality, integrity, and availability of customer data, supplier information, and the processing of PII/PHI and client’s internal data related to services provided. It has been certified against ISO 27001 and 27701 standards.