Information security provides freedom from fear and cyber attacks. To achieve this peace of mind, controls need to be put in place to protect all physical and information assets, services and data provided by and to clients. Eagle genomics have attained their “freedom from fear” as they are compliant with ISO/IEC 27001:2013 certification. Eagle understand that the confidentiality, integrity and availability of all information is vital to business operations and success.
Eagle Genomics gained compliance for information security by working with IT Governance, a global expert on ISO 27001. ISO/IEC 27001:2013 is the international standard for an ISMS (Information Security Management System) – a risk-based approach to information security that encompasses people, processes and technology. Certification to the Standard is accepted around the world as proof that an organisation is following best practice for the security of information. There are several themes that encompass this topic, and in this blog I will discuss a few to give an idea of the scope surrounding this certification.
Eagle Genomics is a true pioneer in data discovery. Our award winning smart data platform has revolutionised data access and management in the life sciences industry. This has delivered widespread benefits to our range of blue chip clients in the biotech, pharmaceutical, healthcare and personal care sectors - notably the rapid reduction in time to new insight.
- Secure development environment - Essential for Eagle to provide their services and product suite; data security is designed and implemented within the development lifecycle of the information systems.
- Communication security - Network security is required for secure information transfer. Confidentiality agreements are in place between Eagle and its clients, third party suppliers and other stakeholders.
- Operational security - Documentation is written and maintained to provide security guidance and standard operating procedure (SOPs) to all staff, including protection against malware, data backup procedures to protect against loss of data, and actions to identify technical vulnerabilities and prevent their exploitation.
- Physical and environmental security - Access controls ensure the Eagle offices are secure. Staff who work in the office or at home understand that their day to day activities must have the same level of data security. For example the clear desk policy, so all printed and electronic confidential information is protected.
- Access control - This ensures that the right people have the right access to the data they need to perform their jobs correctly. As staff arrive, transition into new roles and, maybe leave, access to applications is controlled accordingly. Many controls are in place to protect against unauthorised access to systems and applications - Eagle genomics use the LastPass application to manage user logins. Use of third party suppliers requires due diligence to be performed, followed by continual monitoring and reviewing to ensure Eagles assets are being correctly protected.
Information security is the responsibility of all Eagle staff. Staff are regularly trained to safeguard our compliance to the highest level. To ensure a consistent and effective approach to security, staff actively report and discuss security incidents, thereby maintaining communication about all security events and weaknesses.
Eagle have an active continuous improvement programme backed by significant commitment from senior management. This support is essential to establish and sustain effective implementation of the security policies and procedures. The investment into continual effort rewards Eagle in many ways: high praise from our external auditors; active surveillance of the security landscape to ensure rapid response to warnings and enables Eagle to retain our reliability as a trusted vendor to new and existing customers.
Images are available from IT Governance under the Creative commons license.