Security and compliance

Information security

A strong protection of user data is crucial to maintain our users’ trust in GenomeDK. Therefore, GenomeDK has comprehensive procedures and systems to protect the confidentiality, integrity, and availability of our users’ data.

Here are some of the things we do:

  • We never store confidential information outside our secure perimeters, and we use encrypted channels for all communication in and out of GenomeDK.
  • We employ TOTP-based two-factor authentication for all users.
  • We continuously update our information security management system according to international best practices, including ISO 27001.
  • We ensure that our employees know our rules about data confidentiality and data security. All employees sign a confidentiality agreement and violations will have serious consequences for employment.
  • We continuously monitor relevant channels for newly discovered bugs and security holes that may affect GenomeDK’s systems and update our systems accordingly.
  • We maintain a small attack surface, with only the required software installed on the base system.

ISO 27001 certification

ISO 27001 is an internationally recognized standard for managing information security, providing a systematic approach to protecting sensitive data through a robust Information Security Management System (ISMS).

This certification signifies that GenomeDK has implemented policies, procedures, and controls based on the requirements of ISO 27001 for an information security management system. Achieving ISO 27001 certification involves thorough risk assessments, continuous monitoring, and regular audits to validate our compliance and effectiveness.

ISAE 3000 compliance

ISAE 3000 is an international standard for assurance over non-financial information, ensuring that our processes and controls meet stringent criteria for integrity and reliability.

By complying with ISAE 3000, GenomeDK demonstrates its dedication to robust data protection, transparency, and accountability. This compliance is independently verified through yearly audits, providing assurance to our stakeholders that we consistently uphold best practices in managing and securing sensitive information.

GDPR compliance

GenomeDK is fully compliant with GDPR, ensuring the protection and privacy of personal data. We store minimal user data and never share this information with third parties. Our practices align with GDPR requirements, reflecting our commitment to maintaining user trust and data integrity.