Information security provides freedom from fear of cyber attacks. To achieve peace of mind, controls need to be put in place to protect all physical and information assets, services and data provided by and to clients. Eagle Genomics have attained their 'Freedom from Fear' certification as they are compliant with ISO/IEC 27001:2013 regulation. Eagle understands that the confidentiality, integrity and availability of all information is vital to business operations and success.
Eagle Genomics gained compliance for information security by working with IT Governance, a global expert on ISO 27001. ISO/IEC 27001:2013 is the international standard for an ISMS (Information Security Management System) – a risk-based approach to information security that encompasses people, processes and technology. Certification to the standard is accepted around the world as proof that an organisation is following best practice for the security of information.
Eagle Genomics is a true pioneer in data discovery. Our award winning smart data platform has revolutionised data access and management in the life sciences industry. This has delivered widespread benefits to our range of blue chip clients in the biotech, pharmaceutical, healthcare and personal care sectors - notably the rapid reduction in time to new insight.
Secure development environment - Essential for Eagle to provide their services and product suite; data security is designed and implemented within the development lifecycle of the information systems.
Communication security - Network security is required for secure information transfer. Confidentiality agreements are in place between Eagle and its clients, third party suppliers and other stakeholders.
Operational security - Documentation is written and maintained to provide security guidance and standard operating procedure (SOPs) to all staff, including protection against malware, data backup procedures to protect against loss of data, and actions to identify technical vulnerabilities and prevent their exploitation.
Physical and environmental security - Access controls ensure the Eagle offices are secure. Staff who work in the office or at home understand that their day to day activities must have the same level of data security.
Access control - This ensures that the right people have the right access to the data they need to perform their jobs correctly. As staff arrive, transition into new roles and, maybe leave, access to applications is controlled accordingly. Many controls are in place to protect against unauthorised access to systems and applications - Eagle Genomics uses the LastPass application to manage user logins. Use of third party suppliers requires due diligence to be performed, followed by continual monitoring and reviewing to ensure Eagles assets are being correctly protected.
Information security is the responsibility of all Eagle staff. Staff are regularly trained to safeguard our compliance to the highest level. To ensure a consistent and effective approach to security, staff actively report and discuss security incidents, thereby maintaining communication about all security events and weaknesses.
Eagle have an active continuous improvement programme backed by significant commitment from senior management. This support is essential to establish and sustain effective implementation of the security policies and procedures. The investment into continual effort rewards Eagle in many ways, from high praise from our external auditors, to ensuring rapid response to warnings which enables Eagle to retain reliability as a trusted vendor to new and existing customers.
Images are available from IT Governance under the Creative commons license.