Security and availability of the TotalQA service are central to Image Owl’s commitment to our users. To that end, Image Owl has a comprehensive, audited system to ensure that our customers’ data is safe and available.
- Maintain appropriate administrative, physical, and technical safeguards to protect the security and integrity of the Total QA platform and the customer data following Image Owls security requirements.
- Perform annual third-party security and compliance audits of the environment, including, but not limited to:
- Reporting on Controls at a Service Organization Relevant to Security and Availability (SOC 2) examinations.
- Use formal HR processes, including background checks, code of conduct, company policy acknowledgments, security awareness training, disciplinary procedures, and annual performance reviews.
- Follow formal access management procedures for requesting, approving, provisioning, reviewing, and revoking Image Owl personnel access to any production systems.
- Prevent malware from being introduced to production systems.
- Continuously monitor the production environment for vulnerabilities and malicious traffic.
- Use industry-standard secure encryption methods to protect customer data at rest and in transit.
- Transmit unique login credentials and customer data via encrypted connections.
- Maintain an availability SLA for customers as defined in the Master services agreement.
- Maintain a disaster recovery and business continuity plan to ensure the availability of information following an interruption or failure of critical business processes.
- Maintain and adhere to a formal incident management process, including security incident escalation procedures.
- Maintain confidentiality of customer data and notify customers in the event of a data breach.
- Identify, classify, and properly dispose of confidential data when the retention period is reached or notification of customer account cancellation.
Image Owl establishes system and operational requirements that support achieving principal service commitments, applicable laws and regulatory compliance, and other system requirements. These requirements are communicated in Image Owl’s policies and procedures, system design documentation, or customer contracts. Information Security policies define how systems and data are protected. Image Owl updates these policies as appropriate based on evolving technologies, changes to the security threat landscape, and changes to industry standards, provided any updates do not materially reduce the service commitments or overall service provided to customers as described in the customer contracts.
Image Owl regularly reviews the security, availability, and performance metrics to ensure these commitments are met. If material changes occur that reduce the level of security and availability commitments within the agreement, Image Owl will notify the customer via the Image Owl website or directly via email.