Protect Your R&D with Lock and Key: Data Security and Compliance in the Digital Age
Life Sciences companies are undergoing a digital transformation to ensure the development of more targeted therapies, significantly reduce the cost of drug development and accelerate time to market. It has become more important than ever for companies to manage and protect their data as a strategic asset. Benchling’s commitment to data security is central to our company. Our success depends on earning and keeping your trust, and we take that very seriously. Benchling protects your data with the most advanced security, infrastructure, encryption, authentication and business continuity measures.
Security and Compliance
In order to ensure we’re adhering to best practices and are insusceptible to vulnerabilities, we leverage many different third-parties as objective sources to measure against. Our security program is certified under ISO/IEC 27001:2013, an internationally accepted security standard. Benchling uses an independent third-party firm to perform annual vulnerability and penetration testing. We have also passed numerous customer audits by Top 10 biopharmaceutical companies, Fortune 500 companies and the United States government.
Infrastructure and Hosting
We start with secure thinking at the foundation of our infrastructure, utilizing Amazon Web Service (AWS) to host Benchling. You can be confident that this critical infrastructure is highly protected both physically and virtually with features like biometric entry authentication, 24/7/365 onsite monitoring, and compliance with multiple standards, such as ISO 27001, ISO 9001, and SOC 2. You can find more information on AWS here.
We are utilizing the strict industry standards to protect your data at all times. Data and communication is protected at rest using AES 256-bit encryption, and in transit using Transport Layer Security (TLS) encryption. Only Benchling administrators providing support and authorized members of the Benchling product development team receive as-needed, audited access to select customer data.
Authentication and Audit Logs
We have built-in functionality to empower your administrators to control your Benchling instance through user authentication, authorization, and granular permissions with a detailed audit log. Benchling offers rich SAML integration with customer single sign-on solutions (SSO), such as Ping, Okta, and Azure AD, with precise control on password requirements and multi-factor authentication (MFA). Your administrators can configure and grant user access with specific permissions to enable different levels of data access within your organization. All key actions, such as login information, data writes, etc., performed by user(s) with date and time stamps are captured in audit logs.
Business Continuity & Disaster Recovery
We firmly believe in providing the right protection and integrity for your core data with the most robust data availability and durability. Our production systems are replicated across multiple datacenters to be highly resilient to failure, as evidenced by our historical uptime of greater than 99.99%. Our database is backed up to AWS S3 daily and weekly with it being stored for 1 year. We also have back-up storage across datacenters and regions for extremely high durability (99.999999999%).
We recognize the importance of your research and have implemented the highest standards of data protection and compliance so you can be assured that your company’s data is safe with us. In our effort to offer more transparency on how we protect your data, we welcome your questions or concerns for our dedicated security team.
Please reach out to us if you have questions or concerns.