]>

Integrity Voting Systems’ private election security policies and procedures

IVS is SOC 2 compliant Our internal capabilites have been subjected to SOC 2 (service organizational control) auditing (previously called SAS 70).  This audit is performed annually by Certified Public Accountants, Moss-Adams, and tests security, system availability, processing integrity, confidentiality and privacy protocols.

SOC 200x218

Security Photo

Integrity Voting Systems: serious about security Voting is an American institution. We recognize and value the importance of our democratic system. And that's why we are adamant about security during every step of the ballot printing and mailing process. Below are the rigorous steps we take to protect your organization's information.

Personnel: All IVS employees, authorized client representatives, and escorted authorized observers are issued security coded identification badges which must be worn at all times. Badges must be used to pass through all door entries. ID badges are issued according to level of security clearance. At no time will anyone be allowed unescorted into any area in which they don't have security clearance. In addition, all balloting material being held during production is locked in a 1,000-square-foot cage available to only a few key managers.

Data Transfer: For any job that is confidential or where security is required, we download data on our secure FTP site. Files are destroyed after production. During production, the product is under the direct control/possession of a designated individual at all times. All employees sign non-disclosure agreements. If the plant shuts down, or any printed product must be left unattended, we store it in our locked secured storage area, which is accessible only with a badge during work hours and sealed with a numbered seal at night. The seal is recorded in our secure storage log, and rights to break the seal are limited to specific employees. After hours, our security system is programmed to limit access only to key, designated employees. Video cameras monitor the entire premises 24/7.

Secure Data Management: Once customer data is processed, it is encrypted and stored on a system that is backed up to a secure offsite location, or destroyed after processing as customer directs. We keep customer data on a secure, needs-based access system, with Intrusion Detection Systems at the perimeter. We shred all waste materials from the manufacturing process. Limited personnel have access to secure data.

Media Handling: Controls are in place to appropriately classify, label and protect sensitive information on backup media, in hardcopy and in other forms while in transit and storage, and to destroy sensitive data in accordance with established retention policies. Some media handling policies are customer specific, depending on level of security required. All files are deleted upon completion with verification of removal by authorized personnel. All hard copies of materials produced that are not delivered to the customer are shredded. All customer supplied disks and hard copies are returned to customer. We require non-disclosure agreements from our employees and restrict which personnel can work on secure jobs depending on the level required.

Data Storage: All data is stored at our Class A Data Center and backed up to our server room at corporate headquarters in Everett, WA. Our Data Center facility requires a three factor authentication (fingerprint, combination and card access) to physically access the facility. We are point-to-point connected to our co-location via fiberline. The server room is enclosed inexpanded steel mesh. It requires keycard, combination lock and a keyed door lock to gain access. To guard against catastrophic loss, all files on our server are backed up daily and transferred to this location.

Disaster Recovery: IVS has an established disaster recovery resource partner that is located out of state. This company is equal to or in excess of IVS when it comes to capacity and security. This company works with financial and HIPAA records on a daily basis. We would partner with them to store up to a month's worth of inventory in the event we were not able to get our main manufacturing plant up and running. We have had no loss of business due to disasters, labor issues or contingency events in the past. However, IVS has a Disaster Recovery and Business Continuity Plan available upon request. IVS has a co-location based in Everett, WA which is a class-A data center. In the event of an unforeseeable circumstance, IVS will immediately communicate any and all deviations from normal business practices, thus keeping customers notified and up to date. Telecommunications, work-in-progress, Internet, prepress, customer service functions and all production services would be transferred and customer work would continue to be produced. We also facilitate duplicate storage of all product files in a secure, offsite location. In the event of a disaster, we would issue a new secure pass code and user ID to the certified customer contingency site. If the customer currently has alternate contingency sites, we would need a list of these sites to aid in validating authenticity. If you have any specific concerns about security at Integrity Voting Systems, please contact us.