Disease Studies

Living up to Company Values – Trust – The Importance of Information Security

PrecisionLife recognizes the privilege and responsibility inherent in working with patient and customer datasets and is wholly committed to secure information management. We routinely work inside the scope of HIPAA, GDPR, Non-Disclosure Agreements, Material Transfer Agreements, Data Sharing Agreements, commercial contracts and other international information security and privacy frameworks.

To provide a set of overarching information security systems, processes and policies for all of these we became accredited for ISO 27001 in 2018. ISO 27001 is the leading international standard for information security.



What is ISO 27001?

ISO 27001 is an accreditation awarded by the International Organization for Standardization (ISO) that contains a set of high-level standards for systems and policies to handle information securely.

The cornerstone of ISO 27001 is the assessment and management of risk. We had to design and implement an Information Security Management System (ISMS) containing stringent safeguards to ensure the confidentiality, integrity and availability of every dataset, study, and system we deliver. ISO 27001 provides requirements for the ISMS, outlines a set of policies and best practices, and details the security controls necessary to manage information risks. We tailored and extended these to suit our specific requirements.

The ISMS also defines how people and processes within a business can handle information securely. Four key aspects are crucial to complying with ISO 27001:

  • Security – information is proactively protected from external (and internal) threats and is managed at every stage in a way that ensures it is not disclosed
  • Privacy – Information is only disclosed to authorised parties and only when appropriate and all conditions attached to it have been met
  • Integrity – Information stored and used is accurate and up to date
  • Availability – Information is available and accessible when it is needed to help deliver services

Why did we pursue the certification?

We’re committed to protecting our clients’ data and believe that having the highest standards of information security is an essential part of operating a business that our customers can have trust in. To achieve the certification, we became even more process driven and consciously focused on the need for continuous information management and protection. We have used this to great effect in our project management, product development and customer delivery workflows.

The ISO 27001 certification provides a framework and checklist of controls that allow us to maintain a comprehensive and continually improving model for information security management. Our ISMS Committee meets once every three months to review our processes and we undertake an internal audit of our processes every twelve months which helps us to stay on top of our information security.

Our ISMS includes several controls:

  • Legal controls such as NDAs, MTAs, DSAs and other contractual agreements
  • Organisational controls such as our Access Control and Network Policies
  • Physical controls such as building security and alarm systems
  • Technical controls such as antivirus software and secure data repositories
  • Human Resource controls including thorough training and regular testing

 

How did we achieve it?

Sonia, our Group Operations Manager, spearheads the design and annual renewal of this accreditation by conducting thorough internal audits of our processes on an annual basis. She is aided greatly by our CTO and Senior Engineer, and supported by the whole PL team who understand the value of strong information protection at every stage of their work. Our internal audits give us an opportunity to review and continuously improve our systems, processes and policies before submitting them for external audit.

Every year an independent certification body (QMS) runs a detailed audit across the whole business to test whether all aspects of our ISMS meet industry best practice and the requirements of the ISO 27001 standard. When this has been demonstrated, they award us the certification.

In October of 2020 we passed our third independent annual renewal audits with no issues raised, an achievement of which we are quietly proud as it demonstrates the importance placed on information security by every member of the PrecisionLife team.

This means our clients and collaborators can have confidence in our processes and data management, enabling us all to focus on generating new insights into complex, chronic diseases


BSI ISO 27001 standards mark

More News & Media

View All News & Media

Building combinatorial risk scores to predict personal disease risk

PrecisionLife brings new insight into chronic disease biology through its unique patented combinatorial analytics platform.

25/03/21
Read more

How to Find Druggable Targets for Chronic Diseases

PrecisionLife brings new insight into chronic disease biology through its unique patented combinatorial analytics platform.

10/03/21
Read more

Why poker players win at combinatorial analysis…

PrecisionLife brings new insight into chronic disease biology through its unique patented combinatorial analytics platform.

23/02/21
Read more

Keep in touch

Please enter your email address if you would like to be kept informed of our work here at PrecisionLife. Note that our Privacy Policy and Terms & Conditions apply.

  • This field is for validation purposes and should be left unchanged.

Contact us

If you have any questions or would like to speak to us in terms of potential collaborations or partnership opportunities, please get in touch using the form below or email info@precisionlife.com and we will get back to you as soon as we can. Note that our Privacy Policy and Terms & Conditions apply.


UK

Unit 8b Bankside
Hanborough Business Park
Long Hanborough, OX29 8LJ

USA

1 Broadway Fl 14
Cambridge
MA 02142-1187

Denmark

Agern Allé 3
DK-2970
Hørsholm

Poland

CIC Ul
Chmielna 73m
00-801 Warszawa

  • This field is for validation purposes and should be left unchanged.