Cloud Storage Security
Cytobank is committed to protecting the confidentiality, integrity, and availability of your information. Our trusted and tested cloud-based platform offers numerous advantages over local storage-based solutions. Maintaining the integrity of your data goes beyond simply hosting it in the cloud with regular back ups. We embrace the concepts of security-by-design and privacy-by-design. Cytobank monitors its security program and controls on a continuous basis and is committed to ongoing security improvement.
Cytobank’s information security governance is aligned with the International Organization for Standardization (ISO) 27001, the Federal Information Security Management Act (FISMA), Federal Information Processing Standards Publications FIPS 199/200, the National Institute of Standards and Technology (NIST) Special Publications 800 Series.
Based on these frameworks, Cytobank has developed and implemented an information technology security and privacy program that includes a set of written policies, procedures, and security controls designed to ensure the privacy and security of information.
Cytobank servers ensure the security of your scientific data and put access controls in your hands via projects. The Cytobank platform gives you the tools to enhance productivity and allows you to collaborate, while ensuring that data remain safely under your control.
Physical and Environmental Security
Physical access to data centers is controlled both at the perimeter and at building ingress points using video surveillance, two-factor access control systems, and other electronic systems. Data centers are staffed 24/7/365 by trained security guards. Data centers include redundant power, climate control, fire suppression, and redundant network connectivity.
Logical and Network Security
We employ security architecture techniques, server hardening, firewalls, network monitoring, intrusion detection, data isolation, and session control to protect customer systems and information. Transmissions to Cytobank servers are encrypted using SSL/TLS connections.
Development and Maintenance
Cytobank has a robust software development lifecycle that includes secure software development practices, secure design and coding, source-code control, and end-to-end quality testing. Cytobank uses an automated deployment platform that facilitates platform updates and efficient security patching.
Security Training and Awareness
All personnel receive security awareness training and education at hire and annually thereafter. Employees are trained on Cytobank security policies, procedures, and threats, and are instructed to immediately report any suspected security issue or incident.
Disaster Recovery and Business Continuity
Procedures and systems are in place to back up data to an off-site location on a daily basis. Cytobank also has automated monitoring tools to detect and respond to disruptions, capacity issues, and system failures. Our services are designed to deliver reliability, availability, and performance with guaranteed 99% uptime, with a financially backed service level agreement (SLA).
Network Monitoring and Incident Response
Cytobank operations uses centralized log monitoring tools and systems to detect failures, anomalous activity, and incursions to the Cytobank network, resources, and computer hosts. Incident response procedures are in place to investigate, isolate, disable, or shut down suspicious activity when detected.
Authentication and Access
The Cytobank platform requires authorized credentials for access to its network and services, segregates the production network from the corporate network and features administrative and technical controls to authenticate individuals and to ensure strong passwords, one-way password encryption and periodic review of access roles.
Data Retention and Return
Cytobank retains and protects customer data for the duration of the service agreement. Upon request, Cytobank will assist in returning data to the customer in industry standard format and remove remnants of the information from the Cytobank platform. Cytobank policies ensure that remaining data is overwritten and physical media is degaussed, shredded, or otherwise destroyed.
EU General Data Protection Regulations – GDPR
Cytobank meets the requirements of The General Data Protection Regulation (GDPR) (EU) 2016/679 aims to protect European citizens’ personal data, ensure the lawful processing of data, and safeguard data subjects’ data privacy rights and freedoms. As a data processor, Cytobank has implemented policies and procedures that meet the required principles for personal data protection including lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
We embrace a culture of security that includes many layers, honed by years of experience to meet the needs and regulatory requirements of our customers. When you use the Cytobank platform you can trust our security protections to protect your most critical scientific data assets.
Take a look in our Whitepaper to get an Overview of Security Systems and Processes that protect the information you entrust to us.