Home / Critical Documents / Data Security

The Impact Information Security Program is built to ensure the security and privacy of our client’s sensitive information is never compromised, and that adequate measures are in place to maintain consistent service levels and delivery.

Impact operates an audit controlled environment, ensuring all of the policies, controls, and agreements necessary to protect confidential data and technological assets are in place.  Our program includes independent external network penetration testing, internal penetration testing, and highly secure, automated workflows.

Certifications and Compliance



Service Organization Controls (SOC 2 Type II) assurance engagement is completed on an annual basis to demonstrate adherence to the Trust Service Principals.

Confidentiality, integrity, and security of electronic protected health information is ensured through appropriate administrative, physical, and technical safeguards.

Appropriate controls are in place to protect against payment card compromises and theft.

Data Protection

Your Data is Safe

Impact is committed to a strong control environment and security practices.  Impact maintains a recovery network at our primary recovery site in Eden Prairie, MN (OneNeck IT Solutions). This Tier III data center is used as a warm site which means that all of our storage (server OS and data) is replicated to this site and that equipment is installed and tested such that traffic can be re-routed and systems activated to run from the recovery site in the event of a disaster.

In addition, our site in Western Minnesota is a designated as the primary business continuity site with capacity to temporarily house additional production services and office personnel. Secure remote access is also available for emergency team member

Data Security

Protecting Your Data

The security of your data is essential to every service we provide. We fulfill that promise by our commitment to continuous improvement and investments in technology, equipment, facilities, and employees.

The following are a sampling of the measures Impact takes to safeguard your sensitive information:

  • Annual SOC2 Type II attestation engagement
  • External 3rd party penetration testing and weekly scanning
  • Physical and electronic access to information is role-based, with principals of least privilege and business need strictly enforced. User account access is configured with minimum access rights and privileges needed to perform a particular function or transaction.
  • All visitors, contractors, and other personnel are required to sign confidentiality agreements and when appropriate, sign security agreements. Badge identification is required at all times. Impact requires the use of encrypted SFTP sessions.
  • Shipping entrances have controlled kiosks that require Impact personnel approval before truck drivers can enter the building
  • Cameras capture and record activity at all points of entry/exit and areas between security zones, within production areas with program controlled motorized cameras, and within the data center areas
  • Production spoilage is immediately placed in large locked bins which are not accessible to Impact employees, and securely shredded off-site
  • Remote access to Impact systems requires two factor authentication
  • Access to Web Portal requires user-defined complex passwords with expiration dates. Additional portal user security features include reCAPTCHA, multifactor authentication, IP validation, and forced password resets
Contact Us

How can we be of service? Send us an email and we'll get back to you, asap.