Fueling discovery with data.

GENOMA BIOINFORMATICS LLC
SECURITY POLICY
Last Updated: February 26, 2025

1. Introduction

This Security Policy (“Policy”) outlines the measures Genoma Bioinformatics LLC (“Company,” “we,” “us,” or “our”) takes to protect data and ensure the security of our systems and services. By using our services, you agree to the terms of this Policy.

2. Data Protection

  1. Encryption: All data is encrypted during transmission and storage using industry-standard encryption protocols.
  2. Access Controls: Access to data is restricted to authorized personnel only. Multi-factor authentication (MFA) is required for access to sensitive systems.
  3. Data Minimization: We collect and retain only the data necessary to provide our services.

3. System Security

  1. Firewalls and Intrusion Detection: Our systems are protected by firewalls and intrusion detection systems to prevent unauthorized access.
  2. Regular Updates: We regularly update and patch our systems to address security vulnerabilities.
  3. Backups: Data is backed up regularly and stored securely to ensure availability in case of an incident.

4. Incident Response

  1. Incident Identification: We monitor our systems for unusual activity and investigate potential security incidents promptly.
  2. Containment and Assessment: In the event of a security incident, we will:
    • Isolate affected systems.
    • Assess the scope and impact of the incident.
  3. Notification: If a data breach occurs, we will notify affected users and regulatory authorities as required by law.
  4. Remediation: We will implement measures to prevent future incidents and address any vulnerabilities.

5. Employee Training

  1. Training Requirements: All employees must complete annual training on data protection and security best practices.
  2. Topics Covered:
    • Data protection principles.
    • Recognizing and reporting security incidents.
    • Handling sensitive data.
  3. Documentation: We maintain records of employee training sessions.

6. Third-Party Security

  1. Vendor Assessments: We assess the security practices of third-party vendors and cloud providers (e.g., AWS, Azure, Google Cloud) to ensure they meet our standards.
  2. Data Protection Agreements: Third-party vendors are bound by strict data protection agreements to safeguard data.

7. Compliance

  1. GDPR and HIPAA: We comply with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) as applicable.
  2. Regular Audits: We conduct regular security audits to ensure compliance with applicable laws and industry standards.

8. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or through our services. Your continued use of our services after such changes constitutes your acceptance of the updated Policy.

If you have any questions about this Policy, please contact us at:
Genoma Bioinformatics LLC