# Security & Compliance

[Security Brief](https://www.illumina.com/content/dam/illumina/gcs/assembled-assets/marketing-literature/illumina-connected-insights-security-brief-m-gl-01599/illumina-connected-insights-security-brief-m-gl-01599.pdf)

The platform adheres to guidelines established by international regulatory bodies for data security and privacy protection. The software is designed to comply with current data protection laws such as GDPR and HIPAA. To prevent breaches in data privacy, users should follow guidance and best practices regarding the storage of PHI as indicated below.

### Overview of Security and Compliance Practices <a href="#overview-of-security-and-compliance-practices" id="overview-of-security-and-compliance-practices"></a>

* ISO 27001, ISO 27701, & ISO 13485
* Compliant with GDPR and HIPAA requirements
* Transport Layer Security (TLS 1.2) for web-based API communication security
* Data encrypted at rest using Advanced Encryption Standard (AES)-256
* Service Organization Controls 1/SSAE, 16/SSAE 3402
* Regularly scheduled penetration testing by a third-party security firm
* Periodic network scanning
* Granular role-based access allows tight regulation over who can access and interact with data within the platform
* Public Key Infrastructure (PKI) to provide digital signatures to track actions within the security architecture
* Audit logging actions on the objects within the platform are recorded
* Data policies mitigating risk from attachments that could contain malware
* System hosts (virtual instances) deployed as known fixed images
* Automated secure code scanning adhering to Open Web Application Security Project (OWASP) guidance
* Two-factor authentication available for Enterprise license users
* TX-RAMP level 2 certification: Texas Risk and Authorization Management Program

Our systems are synchronized using a Cloud Time Sync Service to ensure accurate timekeeping and consistent log timestamps.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.connected.illumina.com/connected-insights/resources-and-references/security-and-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.