Information Security Program

IMO Information Security

The privacy and security of IMO intellectual property and customer data, along with confidence in IMO’s ability to deliver our products and services without disruption are critical to the success of IMO’s business. The purpose of this policy is to provide a security framework that will ensure the protection of IMO information and systems, and the customer and partner information stored in such systems, from unauthorized access, loss or damage. Accordingly, this policy has been established to achieve these key objectives:

  • To communicate a general approach to information security.
  • To detect and forestall the compromise of information security such as misuse of data, networks, computer systems and applications.
  • To protect the reputation of the company with respect to its ethical and legal responsibilities.
  • To observe the rights of the customers; providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy is one way to achieve this objective.

Security Awareness
IMO will make available a copy of the Information Security policy for review by employees. Each employee will promptly upon hiring, and annually thereafter, participate in employee training relevant to the IMO Information Security Program.

Risk Management
IMO has a dedicated Risk Management Team which discusses findings and recommendations resulting from the periodic reviews with relevant IMO personnel and remediates items timely.  This includes review of asset vulnerability scans, penetration tests and static code analysis.

Business Continuity & Disaster Recovery
IMO developed a Business Continuity Plan to coordinate recovery of critical business functions in managing and supporting the business recovery in the event of a disaster or any incident affecting the IMO Services or ability to conduct IMO Operations.

Software Development Life Cycle (SDLC) and Secure Coding
Standard best-practices are used throughout our software development cycle from design to implementation, testing, and deployment.

Data Management
IMO limits the amount of personal health information (PHI) collected to that necessary to achieve legitimate business goals and to comply with federal, state, and local laws. No customer data persists on employee laptops. We apply the principle of least privilege in all operations to ensure confidentiality and integrity of customer data.

Security Incident Response
Upon the occurrence of a security incident, IMO will assemble an Incident Response Team and applicable incident response procedures will be followed.

Data Center Management
IMO leverages Amazon Web Services (AWS) data centers for all production systems and customer data. AWS offers state-of-the-art physical protection for the servers and complies with an impressive array of standards.

IMO leverages AWS Key Management Service (KMS) to manage encryption keys, and AWS Secrets Manager for easier management of secrets. Data at rest and in motion are encrypted using Advanced Encryption Standard (AES).

Additional details can be provided upon request.