BANK AND CREDIT UNION MARKETING

image.works, Inc. Security and Compliance

Overview
As part of our day-to-day business and in order to meet your needs and expectations, image.works may handle secure and/or protected information. In an effort to maintain your trust and uphold our responsibility to handle such information appropriately, we have reviewed our processes, controls and standards and implemented extensive security measures as needed. We recognize the need to establish and maintain an appropriate internal control environment for the benefit of our organization and our customers. Along with the measures we have taken so far, we will adopt any future measures required based on technology advancements, changes to privacy laws and company growth.

SOC logoSOC2 Type 1
image.works went through the SOC2 Type 1 audit as of February 15, 2017. This audit offers assurance that the services we provide are secure, keep data confidential, and meet confidentiality and regulatory requirements. The audit was performed by Wipfli CPAs and Consultants. You may request a copy of the report by emailing your sales rep or info@imageworksdirect.com.

Data Retention
In compliance with credit bureau guidelines, image.works retains prescreened lists and all associated confidential information for 90 days. Non-prescreened mailing lists and associated information are retained for six months. All lists are handled, retained and disposed of through processes and systems that follow security guidelines.

Network & Data Security
We use firewall systems to control local and internet network traffic. We also use secure channels, including SFTP and HTTPS, for data transfer.

Software patches and updates are manually applied. Endpoint anti-virus and malware detection systems check for and protect against viruses and other malicious software.

Physical Security
Access to image.works facilities is managed with a key assignment and visitor policy. Employees are assigned a set of keys upon hire and must return them at employment end. One key accesses the building and the other accesses the image.works office. Visitors to image.works are required to sign in and out and must be escorted by an employee throughout the office.

Employee Training
New employees receive training for security, confidentiality, privacy and safety policies shortly after beginning employment. All employees receive renewed training annually. Employees are also required to sign Code of Conduct, Confidentiality and Information Security Policy agreements.