LogoLogo
Illumina Connected Software
  • Introduction
  • Get Started
    • About the Platform
    • Get Started
  • Home
    • Projects
    • Bundles
    • Event Log
    • Metadata Models
    • Docker Repository
    • Tool Repository
    • Storage
      • Connect AWS S3 Bucket
        • SSE-KMS Encryption
  • Project
    • Data
      • Data Integrity
    • Samples
    • Activity
    • Flow
      • Reference Data
      • Pipelines
        • Nextflow
        • CWL
        • XML Input Form
        • 🆕JSON-Based input forms
          • InputForm.json Syntax
          • JSON Scatter Gather Pipeline
        • Tips and Tricks
      • Analyses
    • Base
      • Tables
        • Data Catalogue
      • Query
      • Schedule
      • Snowflake
    • Bench
      • Workspaces
      • JupyterLab
      • 🆕Bring Your Own Bench Image
      • 🆕Bench Command Line Interface
      • 🆕Pipeline Development in Bench (Experimental)
        • Creating a Pipeline from Scratch
        • nf-core Pipelines
        • Updating an Existing Flow Pipeline
      • 🆕Containers in Bench
      • FUSE Driver
    • Cohorts
      • Create a Cohort
      • Import New Samples
      • Prepare Metadata Sheets
      • Precomputed GWAS and PheWAS
      • Cohort Analysis
      • Compare Cohorts
      • Cohorts Data in ICA Base
      • Oncology Walk-through
      • Rare Genetic Disorders Walk-through
      • Public Data Sets
    • Details
    • Team
    • Connectivity
      • Service Connector
      • Project Connector
    • Notifications
  • Command-Line Interface
    • Installation
    • Authentication
    • Data Transfer
    • Config Settings
    • Output Format
    • Command Index
    • Releases
  • Sequencer Integration
    • Cloud Analysis Auto-launch
  • Tutorials
    • Nextflow Pipeline
      • Nextflow DRAGEN Pipeline
      • Nextflow: Scatter-gather Method
      • Nextflow: Pipeline Lift
        • Nextflow: Pipeline Lift: RNASeq
      • Nextflow CLI Workflow
    • CWL CLI Workflow
      • CWL Graphical Pipeline
      • CWL DRAGEN Pipeline
      • CWL: Scatter-gather Method
    • Base Basics
      • Base: SnowSQL
      • Base: Access Tables via Python
    • Bench ICA Python Library
    • API Beginner Guide
    • Launch Pipelines on CLI
      • Mount projectdata using CLI
    • Data Transfer Options
    • Pipeline Chaining on AWS
    • End-to-End User Flow: DRAGEN Analysis
  • Reference
    • Software Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
    • Document Revision History
      • 2025
      • 2024
      • 2023
      • 2022
    • Known Issues
    • API
    • Pricing
    • Security and Compliance
    • Network Settings
    • ICA Terminology
    • Resources
    • Data Formats
    • FAQ
Powered by GitBook
On this page
  • Overview of Security and Compliance Practices
  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • General Guidance

Was this helpful?

Export as PDF
  1. Reference

Security and Compliance

The platform adheres to guidelines established by international regulatory bodies for data security and privacy protection. The software is designed to comply with current data protection laws such as GDPR and HIPAA. To prevent breaches in data privacy, users should follow guidance and best practices regarding the storage of PHI as indicated below.

Overview of Security and Compliance Practices

  • ISO 27001, ISO 27701, & ISO 13485

  • Compliant with GDPR, HIPAA, PIPEDA, and DSPTK requirements

  • Transport Layer Security (TLS 1.2) for web-based API communication security

  • Data encrypted at rest using Advanced Encryption Standard (AES)-256

  • Service Organization Controls 1/SSAE, 16/SSAE 3402

  • Federal Information Security Management Act (FISMA) Moderate

  • Payment Card Industry Data Security Standard Level 1

  • Federal Information Processing Standard Publication 140-2

  • Regularly scheduled penetration testing by a third-party security firm

  • Periodic network scanning

  • Granular role-based access allows tight regulation over who can access and interact with data within the platform

  • Public Key Infrastructure (PKI) to provide digital signatures to track actions within the security architecture

  • Audit logging actions on the objects within the platform are recorded

  • Data policies mitigating risk from attachments that could contain malware

  • System hosts (virtual instances) deployed as known fixed images

  • Automated secure code scanning adhering to Open Web Application Security Project (OWASP) guidance

  • Two-factor authentication available for Enterprise license users

  • TX-RAMP level 2 certification: Texas Risk and Authorization Management Program

Health Insurance Portability and Accountability Act (HIPAA)

File content is the only place where users may safely store Protected Health Information (PHI). Personal data should not be stored in metadata or path names. Note that, to operate in a HIPAA compliant manner, you will also need a BAA with Illumina. Contact your account manager or Illumina Technical Support for more information. If you need to request an audit trail, contact Illumina Technical Support with the information you need.

General Data Protection Regulation (GDPR)

Data file content is the only place where users may safely store Personal Data is in file content. Personal data should not be stored in metadata or path names.

General Guidance

Data can be brought to the platform through several mechanisms. Care should be taken when specifying data to be uploaded or connected to avoid unintentional privacy breach when dealing with sensitive data.

  • Ensure AWS S3 key prefixes are properly specified when creating a storage configuration and that all S3 objects under the prefix shall be made available.

  • Take care when deleting data from the platform sourced from AWS S3 connected storage configurations as the delete operation will delete the object from the source AWS S3 bucket.

  • Ensure the path to the source data is correct and does not include unintended files when performing uploads through the service connector or command-line interface.

PreviousPricingNextNetwork Settings

Last updated 1 month ago

Was this helpful?