DNAnexus’ biomedical informatics platform exceeds security and compliance requirements

DNAnexus announced that its biomedical informatics platform has achieved readiness and, in many areas, exceeds the full series of online security policy objectives outlined in President Biden’s recent executive order aimed at protecting critical American infrastructure from cyberattacks.

The measures outlined in the new national security memorandum, titled “Improving Cybersecurity for Critical Infrastructure Control Systems,” are being coordinated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST).

DNAnexus offers a comprehensive security, quality, and privacy framework for biomedical informatics and data management and continuously makes improvements to its platform as the risks and threats to life science evolve.

The software goes through a defined systems development life cycle that includes security and privacy design as well as rigorous multi-stage testing and code assurance checks prior to every release. The security architecture features:

• Data protection – All data are encrypted with modern cryptographic ciphers when in transit (SSL/TLS 1.2+) and at rest (AES 256).
• Access control – Each organization has access to administrative controls that restrict the ability of users and organizations to share information, allowing granular privilege levels to be specified for groups of data and application resources.
• Accountable collaboration – The application ecosystem allows developers and researchers to collaborate and quickly build new research functionality. Each data owner retains full control of the applications that can interact with their data.
• Integrity and auditability – All uploaded data are cryptographically fingerprinted to verify integrity and the provenance of the data is recorded in read-only audit logs. Actions are recorded in a 21 CFR Part 11/Annex 11 compliant audit trail for regulatory reporting.
• Availability – Industry-leading durability and thoughtfully designed access mechanisms enable collaboration while maintaining security. Multiple physical locations are leveraged to avoid system disruption.
• Privacy – The DNAnexus Platform features client data encryption, role-based access control management at the project level, built-in application permissions, and a full audit trail, as well as operational and support protocols and strict governance on the access to client data. In addition, DNAnexus’ Privacy Policy aligns with the regulations of Australia, Canada, the European Union, the US, and the principles of the Cross Border Privacy Enforcement Agreement.
• Compliance and control validation – The DNAnexus Platform is ISO 27001 compliant and undergoes regular, independent reviews of security controls, as well as a formal annual assessment of its entire Information Security Management System.

“Over the past decade, DNAnexus has built a secure cloud platform for accessing, analyzing, and translating the world’s biomedical data—powering a collaborative community that generates life-changing knowledge and breakthroughs in precision medicine,” said Richard Daly, CEO of DNAnexus.

“Our technology was designed not only to meet but to exceed the most rigorous security and compliance requirements. This is why FDA, top pharmaceutical companies, global diagnostic test providers, and national research initiatives continue to trust our platform to support their precision medicine programs.”