Information security

• Key documents:
  • Information security policy
  • Terms of service

A strong protection of user data is crucial to maintain our users’ trust in GenomeDK. Therefore, GenomeDK has comprehensive procedures and systems to protect the confidentiality, integrity, and availability of our users’ data.

Here are some of the things we do:

• We never store confidential information outside our secure perimeters, and we use encrypted channels for all communication in and out of GenomeDK.
• We employ TOTP-based two-factor authentication for all users.
• We continuously update our information security management system according to international best practices, including ISO 27001.
• We ensure that our employees know our rules about data confidentiality and data security. All employees sign a confidentiality agreement and violations will have serious consequences for employment.
• We continuously monitor relevant channels for newly discovered bugs and security holes that may affect GenomeDK’s systems and update our systems accordingly.
• We maintain a small attack surface, with only the required software installed on the base system.

ISO 27001 certification

• Key documents:
  • ISO 27001 certificate

ISO 27001 is an internationally recognized standard for managing information security, providing a systematic approach to protecting sensitive data through a robust Information Security Management System (ISMS).

This certification signifies that GenomeDK has implemented policies, procedures, and controls based on the requirements of ISO 27001 for an information security management system. Achieving ISO 27001 certification involves thorough risk assessments, continuous monitoring, and regular audits to validate our compliance and effectiveness.

ISAE 3000 compliance

• Key documents:
  • ISAE 3000 audit report

ISAE 3000 is an international standard for assurance over non-financial information, ensuring that our processes and controls meet stringent criteria for integrity and reliability.

By complying with ISAE 3000, GenomeDK demonstrates its dedication to robust data protection, transparency, and accountability. This compliance is independently verified through yearly audits, providing assurance to our stakeholders that we consistently uphold best practices in managing and securing sensitive information.

GDPR compliance

At GenomeDK, we are committed to protecting your privacy and handling your personal data with transparency and care. Our privacy policy outlines how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR). We collect and process minimal personal data necessary for providing our services, such as your name, email address, affiliation, and login activity. This information is used solely to manage your account, ensure system security, and provide support. We do not share your personal data with third parties, except when required by law or with your explicit consent.

You have rights under GDPR, including access to your data, rectification, erasure, and more. To learn more about how we handle your personal data and your rights, please read our full privacy policy.