IMP’s Principal Service Commitments and System Requirements
Commitments are declarations made by management to our customers regarding the performance of the IMP’s Implementation Management Services.
System requirements are specifications regarding how IMP’s Implementation Management Services system should function to meet our principal commitments to customers.
IMP’s principal service commitments and system requirements related to the Implementation Management Services include the following:
Security Commitments:
System access is granted to authorized personnel only
Protection of data at rest and in transit
Regular security assessments
Identification and remediation of security incidents/events
Regular system updates
Protection of personally identifying information and security of the information system from unauthorized access, use, modification, disclosure, destruction, threats, or hazards
Develop, implement, and maintain an information security program designed to protect the security, integrity, and confidentiality of the system and its information
Perform risk assessments for both internal and external threats to the system and its information
Enable timely, reliable, and continuous access to and use of information and systems to support operations
System Requirements:
Logical access standards
Physical access standards
Employee provisioning and deprovisioning standards
Access reviews
Encryption standards
Intrusion detection and prevention standards
Risk and vulnerability management standards
Configuration management
Incident handling standards
Change management standards
Vendor management