Key Security Features

Given privacy, intellectual property, and general data security considerations, QuartzBio technology incorporates a number of integral security features. Security aspects were developed with a global client and user base in mind, and include:

Encryption at rest

  • Raw data encrypted in S3 (AES256)
  • Biomarker database is encrypted (AES256)
  • Any local instance storage is encrypted (AES256)

Encryption in transit

  • Aspera (AES256)
  • Any request to BM database encrypted via SSL

Server access

  • Servers are behind firewall and are only accessible after authentication
  • Access to server resources is restricted to authorized team members
  • System and security groups used to provide fine-grained access controls of any resource

Compliance

As the suite of QuartzBio solutions is deployed globally, including North America, Europe, and the Asia-Pacific region, this requires a robust and wide-ranging set of policies to address region-specific regulations for data handling and compliance.

GDPR

  • Applicable GDPR policy
  • Privacy policy
  • Compliance officer is located in Germany
  • AWS infrastructure in Germany data center (eu-central-1) for studies requiring data to reside in EU

HIPAA

  • Uses HIPAA-compliant services
  • Services are being used to comply with HIPAA security requirements (e.g. encryption, monitoring, access management)

21 CFR Part 11

QuartzBio is compliant with all relevant provisions of 21 CFR part 11, using a checklist to determine the applicability of the guideline for each system we deploy. Contact us for details.

Additional Certifications Available Upon Request

  • ISO 27001
  • ISO 27017
  • SOC1
  • SOC2
  • SOC3
  • HITRUST