Drug discovery and development require an extremely high bar for data security. XtalPi has built a comprehensive information security management system (ISMS) with a special focus on four main aspects: cloud security, data security, operations security, and compliance. Our ISMS has received the ISO27001 certification by UKAS and CNAS in May 2019 and passed the 2022 annual review, which underlines XtalPi's dedication and ability to ensure our clients' data security.
XtalPi’s cloud security model incorporates the cloud shared responsibility model and follows the Center for Internet Security (CIS) benchmarks.
To maintain a high standard for information security and regulatory compliance, we make extensive use of the cloud providers’ virtual private cloud (VPC) services to create isolated virtual networks for different computing tasks based on client account, geography, and business line. In the meantime, our offices use a private network connection to safely access the cloud. Such a design ensures the security and reliability of data transition while remaining flexible for customization according to the clients’ specific requirements.
We place a strong emphasis on data security. Our system uses a private physical network to safeguard data transfer and SSL protocol for data encryption. For data storage, we use server-side data encryption using the AES-256 protocol.
To securely insulate the data of each client, we create a separated data storage domain for each of the client accounts, which includes object buckets and database tables with clearly defined different levels of authorities and accounts for data access management.
Our computing platform has a comprehensive account authority management system with auditing capabilities, supports fine-grained access and authority control and security audit to prevent data leak.
XtalPi's internal computing platform is operated by the VDI (virtual desktop infrastructure), which can only be accessed through the private network connected to it.
XtalPi received the ISO27001 certification by both UKAS and CNAS, a management system with information asset security and business risk management as the core. Data security is a top priority of ours, and we strive to keep our platform updated with the most advanced IT security technologies available and keep in compliance with the most strict industry standards.