October 19, 2018  |  Announcements  |  By  |  0 Comments

Secure and Reliable Storage of Your Clinical Research Data in the Cloud

Screen Shot 2018-09-28 at 11.15.29 AMBy our guest blogger, Ken Stineman*, Ken is Cytobank’s Security Lead.

Cytobank is utilized by most of the top pharmaceutical companies, immunologically-driven biotech companies and many leading academic institutions for analyzing, storing and sharing complex cytometry data generated on their clinical trial specimens. These entities routinely perform rigorous assessments of our security and these complement the testing and evaluation we do in-house.

Today the Cytobank platform is for research use only, so any data associated with humans must be de-identified so that no Patient Health Information (PHI) is stored on the Cytobank platform. We have plans to become HIPAA compliant in the future and we will be able to take PHI at that time.

Cytobank is committed to protecting the confidentiality, integrity, and availability of your information. Our trusted and tested cloud-based platform offers numerous advantages over local storage-based solutions. Maintaining the integrity of your data goes beyond simply hosting it in the cloud with regular back ups.  We embrace the concepts of security-by-design and privacy-by-design. Cytobank monitors its security program and controls on a continuous basis and is committed to ongoing security improvement.

Security Overview:

Cytobank’s information security governance is aligned with the International Organization for Standardization (ISO) 27001, the Federal Information Security Management Act (FISMA), Federal Information Processing Standards Publications FIPS 199/200, the National Institute of Standards and Technology (NIST) Special Publications 800 Series.

Based on these frameworks, Cytobank has developed and implemented an information technology security and privacy program that includes a set of written policies, procedures, and security controls designed to ensure the privacy and security of information.

Access Security

Cytobank servers ensure the security of your scientific data and put access controls in your hands via projects. Cytobank gives you the tools to enhance productivity and allow you to collaborate, while ensuring that data remain safely under your control.

Physical and Environmental Security

Physical access to data centers is controlled both at the perimeter and at building ingress points using video surveillance, two-factor access control systems, and other electronic systems. Data centers are staffed 24/7/365 by trained security guards.  Data centers include redundant power, climate control, fire suppression, and redundant network connectivity.

Logical and Network Security

We employ security architecture techniques, server hardening, firewalls, network monitoring, intrusion detection, data isolation, and session control to protect customer systems and information. Transmissions to Cytobank servers are encrypted using SSL/TLS connections.

Development and Maintenance 

Cytobank has a robust software development lifecycle that includes secure software development practices, secure design and coding, source­-code control, and end-to-end quality testing. Cytobank uses an automated deployment platform that facilitates platform updates and efficient security patching.

Security Training and Awareness

All Cytobank personnel receive security awareness training and education at hire and annually thereafter. Employees are trained on Cytobank security policies, procedures, and threats, and are instructed to immediately report any suspected security issue or incident.

Disaster Recovery and Business Continuity

Cytobank has procedures and systems in place to back up data to an off-site location on a daily basis. Cytobank also has automated monitoring tools to detect and respond to disruptions, capacity issues, and system failures. Cytobank services are designed to deliver reliability, availability, and performance with guaranteed 99% uptime, with a financially backed service level agreement (SLA).

Network Monitoring and Incident Response

Cytobank operations uses centralized log monitoring tools and systems to detect failures, anomalous activity, and incursions to the Cytobank network, resources, and computer hosts. Cytobank has incident response procedures in place to investigate, isolate, disable, or shut down suspicious activity when detected.

Authentication and Access

Cytobank requires authorized credentials for access to its network and services, segregates the production network from the corporate network, and features administrative and technical controls to authenticate individuals and to ensure strong passwords, one-­way password encryption, and periodic review of access roles.

Data Retention and Return

Cytobank retains and protects customer data for the duration of the service agreement. Upon request, Cytobank will assist in returning data to the customer in industry standard format and remove remnants of the information from the Cytobank platform. Cytobank policies ensure that remaining data is overwritten and physical media is degaussed, shredded, or otherwise destroyed.

EU General Data Protection Regulations – GDPR

Cytobank meets the requirements of The General Data Protection Regulation (GDPR) (EU) 2016/679 aims to protect European citizens’ personal data, ensure the lawful processing of data, and safeguard data subjects’ data privacy rights and freedoms.  As a data processor, Cytobank has implemented policies and procedures that meet the required principles for personal data protection including lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.

At Cytobank, we embrace a culture of security that includes many layers, honed by years of experience to meet the needs and regulatory requirements of our customers. When you use the Cytobank platform you can trust our security protections to protect your most critical scientific data assets.

→ Register Now to Try Cytobank Premium Free for 30 Days
→ Contact us at sales@cytobank.org for more information and a copy of our detailed security whitepaper.

*Ken Stineman is Cytobank’s Security Lead, and he has a long career as a software technology, privacy and cybersecurity leader with more than 25 years of experience at companies like Genomic Health, Incyte, and Intel. Ken was recently featured as a guest expert in a recent webinar hosted by leading security platform CYBRIC.