IMP’s Principal Service Commitments and System Requirements 

Commitments are declarations made by management to our customers regarding the performance of the IMP’s Implementation Management Services.

System requirements are specifications regarding how IMP’s Implementation Management Services system should function to meet our principal commitments to customers. 

IMP’s principal service commitments and system requirements related to the Implementation Management Services include the following:

Security Commitments:

• System access is granted to authorized personnel only 

• Protection of data at rest and in transit 

• Regular security assessments 

• Identification and remediation of security incidents/events 

• Regular system updates 

• Protection of personally identifying information and security of the information system from unauthorized access, use, modification, disclosure, destruction, threats, or hazards 

• Develop, implement, and maintain an information security program designed to protect the security, integrity, and confidentiality of the system and its information 

• Perform risk assessments for both internal and external threats to the system and its information 

• Enable timely, reliable, and continuous access to and use of information and systems to support operations 

System Requirements:

• Logical access standards 

• Physical access standards 

• Employee provisioning and deprovisioning standards 

• Access reviews 

• Encryption standards  

• Intrusion detection and prevention standards 

• Risk and vulnerability management standards 

• Configuration management 

• Incident handling standards 

• Change management standards 

• Vendor management