DNAnexus Platform Exceeds Online Security Standards in President Biden’s Executive Order Aimed at Protecting American Infrastructure from Cyberattacks
August 9, 2021Comprehensive security, quality, and privacy framework enables global enterprise customers to manage an increasingly complex set of threats to critical operations and biomedical data.
MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–#PrecisionMedicine—DNAnexus, Inc., the leading cloud-based SaaS company serving the global healthcare and life sciences community, today announced that its biomedical informatics platform has achieved readiness and, in many areas, exceeds the full series of online security policy objectives outlined in President Biden’s recent executive order aimed at protecting critical American infrastructure from cyberattacks. The measures outlined in the new national security memorandum, titled “Improving Cybersecurity for Critical Infrastructure Control Systems,” are being coordinated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST).
DNAnexus offers a comprehensive security, quality, and privacy framework for biomedical informatics and data management and continuously makes improvements to its platform as the risks and threats to life science evolve. The software goes through a defined systems development life cycle that includes security and privacy design as well as rigorous multi-stage testing and code assurance checks prior to every release. The security architecture features:
- Data protection – All data are encrypted with modern cryptographic ciphers when in transit (SSL/TLS 1.2+) and at rest (AES 256).
- Access control – Each organization has access to administrative controls that restrict the ability of users and organizations to share information, allowing granular privilege levels to be specified for groups of data and application resources.
- Accountable collaboration – The application ecosystem allows developers and researchers to collaborate and quickly build new research functionality. Each data owner retains full control of the applications that can interact with their data.
- Integrity and auditability – All uploaded data are cryptographically fingerprinted to verify integrity and the provenance of the data is recorded in read-only audit logs. Actions are recorded in a 21 CFR Part 11/Annex 11 compliant audit trail for regulatory reporting.
- Availability – Industry-leading durability and thoughtfully designed access mechanisms enable collaboration while maintaining security. Multiple physical locations are leveraged to avoid system disruption.
- Privacy – The DNAnexus Platform features client data encryption, role-based access control management at the project level, built-in application permissions, and a full audit trail, as well as operational and support protocols and strict governance on the access to client data. In addition, DNAnexus’ Privacy Policy aligns with the regulations of Australia, Canada, the European Union, the US, and the principles of the Cross Border Privacy Enforcement Agreement.
- Compliance and control validation – The DNAnexus Platform is ISO 27001 compliant and undergoes regular, independent reviews of security controls, as well as a formal annual assessment of its entire Information Security Management System.
“Over the past decade, DNAnexus has built a secure cloud platform for accessing, analyzing, and translating the world’s biomedical data—powering a collaborative community that generates life-changing knowledge and breakthroughs in precision medicine,” said Richard Daly, CEO of DNAnexus. “Our technology was designed not only to meet but to exceed the most rigorous security and compliance requirements. This is why FDA, top pharmaceutical companies, global diagnostic test providers, and national research initiatives continue to trust our platform to support their precision medicine programs.”
For a detailed overview of the DNAnexus approach to security and privacy, email [email protected].
About DNAnexus
DNAnexus is a secure, trusted cloud platform for accessing, analyzing, and translating the world’s biomedical data—powering a collaborative scientific community that generates life-changing knowledge and breakthroughs in precision medicine. The platform delivers unparalleled scalability, flexibility and reproducibility that drive improved diagnostics, new targeted therapies, and better patient care through a collaborative, yet secure and compliant environment. DNAnexus is the trusted partner to Life Sciences, Healthcare, Government, and Academia in over 48 countries, and serves the world’s top pharmaceutical companies and national research initiatives. For more information on DNAnexus, please visit www.dnanexus.com or follow the company @DNAnexus.
Contacts
Andrew Noble
415-722-2129
[email protected]