Security

Cytobank servers ensure the security of your scientific data and put access controls in your hands via projects. Cytobank gives you the tools to enhance productivity while ensuring that data remain safely under your control.

Physical and environmental security

Cytobank operates its systems in high­-security data centers that meet SSAE­16 and ISAE 3402 standards. Cytobank data centers are designed to minimize the impact of disruptions to operations and are physically secured to prevent theft, tampering, and damage. Data centers include perimeter security, redundant power, climate control, fire suppression, and redundant network connectivity.

Logical and network security

Cytobank uses security architecture techniques, server hardening, firewalls, network monitoring, intrusion detection, data isolation, and session control to protect customer systems and information. Transmissions to the Cytobank servers are encrypted using SSL/TLS connections.

Development and maintenance

Cytobank has a robust software development lifecycle that includes secure software development practices, secure design and coding, source­-code control, and end-to-end quality testing. Cytobank uses an automated deployment platform that facilitates platform updates and efficient security patching.

Security training and awareness

All Cytobank personnel receive security awareness training and education at hire and annually thereafter. Employees are trained on Cytobank security policies, procedures, and threats, and are instructed to immediately report any suspected security issue or incident.

Disaster recovery and business continuity

Cytobank has procedures and systems in place to back up data to an off-site location on a daily basis. Cytobank also has automated monitoring tools to detect and respond to disruptions, capacity issues, and system failures. Cytobank services are designed to deliver reliability, availability, and performance with guaranteed 99% uptime, with a financially backed service level agreement (SLA).

Network monitoring and incident response

Cytobank operations uses centralized log monitoring tools and systems to detect failures, anomalous activity, and incursions to the Cytobank network, resources, and computer hosts. Cytobank has incident response procedures in place to investigate, isolate, disable, or shut down suspicious activity when detected.

Authentication and access

Cytobank requires authorized credentials for access to its network and services, segregates the production network from the corporate network, and features administrative and technical controls to authenticate individuals and to ensure strong passwords, one-­way password encryption, and periodic review of access roles.

Data retention and return

Cytobank retains and protects customer data for the duration of the service agreement. Upon request and for a fee, Cytobank will assist in returning data to the customer in industry standard format and remove remnants of the information from the Cytobank platform. Cytobank policies ensure that remaining data is overwritten and physical media is degaussed, shredded, or otherwise destroyed.

EU General Data Protection Regulations – GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 aims to protect European citizens' personal data, ensure the lawful processing of data, and safeguard data subjects’ data privacy rights and freedoms. The processing of data by Cytobank may include “Personal Information” including user contact information and pseudonymized data about individuals who reside the European Union (EU) and European Economic Area (EEA). As a data processor, Cytobank has implemented policies and procedures that meet the required principles for personal data protection including lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. Cytobank has implemented appropriate administrative, technical, and continuous monitoring safeguards to ensure the security and protection of Personal Information. Cytobank enters into confidentiality and data protection agreements with its sub-processors that include standard contractual clauses for data transfers to the United States.

→ Downloadable Security Whitepaper

Please contact us at sales@cytobank.org for more information and a copy of our detailed security whitepaper.