We utilize a variety of controls to prevent environmental misuse of information. Our compliance program incorporates risk-based control reviews, annual internal and external audits, third-party contract and vendor management efforts and provider compliance assessments to ensure continued compliance with regulatory requirements.
Our Security Program is designed to limit access to the entire network environment. Impexium undergoes rigorous control reviews and audits on an annualized basis to ensure the security of our platforms. Our security program protects our system accounts and network environment in a layered approach for overall security. While no environment is 100% secure, we take precautions to protect the systems and data to which we are entrusted.
We are committed to protecting your privacy and the confidentiality of your personal information. We understand the potential impact on our clients if member data or payment information were to be breached and we work hard to ensure the highest level of security in our industry.
Impexium also completes an annual PCI DSS SAQ-D Attestation of Compliance. This detailed assessment demonstrates our focus on safeguarding electronic card data that Impexium stores, processes, and transmits. Impexium also utilizes third-party gateways that are PCI Level 1-compliant.
Impexium leverages a cloud environment to provide a fully redundant, fault tolerant, scalable platform. Our cloud platform leverages the most state-of-the-art technology provided by our partners. Impexium utilizes Microsoft Azure for its managed IT operations and applications hosting.
Our engineers maintain innovative skills and awareness of the newest features and options available. We maintain a robust lab environment where we evaluate new technology for applicability and adoptability. We maintain partnerships with architects and engineers that allow us to quickly adopt modern technology without unnecessary risk.
Impexium maintains direct support relationships with our software vendors. We do not engage channel partners for support unless required by the vendor. We have named contacts with second level support for all of our critical software platforms. Our engineers and architects maintain up-to-date training. The entire support team receives up-to-the notifications of health and alerts that impact the stability of the system. Our rapid response team reacts with an all-hands-on-deck mentality when unexpected events occur. Our extensive monitoring platform gives our support team up to the minute awareness of the health of our systems.
Our operations philosophy is fast paced with a focus on stability and performance. Every configuration change or code deployment is evaluated for security and impact based on an established process of rigorous testing and in-depth peer review. Every change is created in our development environment and test deployed in staging before being approved for production. Our Quality Assurance team weighs in on every major change before implementation.
All critical data is stored on highly redundant, highly performant storage systems that are monitored for stability, tuned for performance, and configured to tolerate multiple failure of individual components. All data and system files are automatically backed up on a regular basis to minimize the risk of data loss and enable the recovery of data with minimal downtime. Backups of the database, network and file shares, and servers are scheduled daily. Differentials are backed up every two hours. Weekly full SQL backups are conducted within SQL native, in addition to 5-minute transactional backups. Backed-up data is appropriately secured and not accessible to unapproved users. Data and configuration files required to provide service continuity in case of a site failure are synchronized daily to our secondary sites to minimize downtime in case of unforeseen disaster.
Impexium leverages a multi-tiered backup retention methodology to provide varying levels of recoverability. We have secure copies of backups maintained in the Azure cloud environment.
The Microsoft Azure Cloud platform provides a highly reliable and secure service to our customers. Azure provides packet filter firewalls at the individual network adapter level and the network and subnet levels. Administrative access to the systems is restricted to authorized personnel. Web Application Firewalls (WAF) are also in place to provide a higher layer, more intelligent protection for more sophisticated attacks
Impexium deploys a managed 24/7 SIEM/MDR, that extends our risk management profile by utilizing threat hunting, Machine Intelligence, and anomalous behaviors to identify, detect and prioritize any threat to the environment. Our SOC team is immediately alerted to any vulnerability and cyber threat and provides a clear path to response and eradication as required.
Remote access to production and development environments is restricted to authorized staff and secured via an encrypted VPN using multi-factor authentication. Administrative access to the VPN is restricted to authorized personnel.
Access to Impexium’s physical location in Virginia is secured and restricted to authorized personnel.
The Compliance team is committed to aligning compliance efforts to ensure the security, quality, and efficiency of all systems and customer information. The team works to prevent, detect, and respond to business conduct that is inconsistent with the organization’s values, as well as regulatory requirements.