Security is a major concern for all organisations. At eLabNext, the safety of our platform and your data is a daily focus. Read this page to learn more about security at eLabNext.
eLabNext is a brand of Bio-ITech BV, part of Eppendorf group. Since 2016, Bio-ITech has been formally certified for ISO/IEC 27001, the globally accepted standard for information security management. This page identifies the measures we take to safeguard your data.
|Bio-ITech servers are hosted at ISEA 3402 or ISO 27001 compliant facilities in at least two geographically separated data centers. The Cloud for North American customers is hosted in the US. For customers in the rest of the world, the Cloud is hosted in Europe. Private Cloud installations are hosted in Amazon Web Services (AWS) Cloud data center in a region of preference of the customer.
|All servers are hosted from ISO 27001, SOCII, or ISEA 3201 compliant facilities. Our data center facilities feature a secured perimeter with 24/7 manned security, video surveillance, physical locks, and security alarms.
|The network availability is continuously monitored by Bio-ITech. In addition, server performance and uptime are monitored in real-time and when set thresholds are exceeded, due to abnormal events, Bio-ITech is notified.
|Bio-ITech uses data centers in the US for customers from North-America and data centers within Europe for customers in the rest of the world.
|Bio-ITech handles information with great care and disposes all of its storage devices according to an ISO 27002 data destruction protocol.
|Dedicated Security Team
|Bio-ITech has a globally distributed security response team to respond to alerts and security events.
|Our system is protected by multiple firewalls, secure data transport using HTTPS encryption, regular security audits and preventive measures to avert malicious network attacks.
|Bio-ITech has multiple security zones with restricted access. Sensitive systems are secured with multi-level protection and only accessible by those who need admission for maintenance.
|Network Vulnerability Scanning
|Bio-ITech assesses the security of application components periodically during Internal Software Security Audits.
|Third-Party Penetration Tests
|Our applications are tested extensively for vulnerabilities in periodic Penetration Tests.
|Access to the Cloud and Private Cloud network is restricted on a need-to-know basis. Access requires multiple factors of authentication
|Encryption in Transit
|All communication to end-users both from and to our data center is encrypted using an SSL (HTTPS) connection. eLabNext products use an Extended Validation (EV) SSL class III certificate that has been issued by COMODO CA Limited, a registered Certificate Authority (CA). Extended validation certificates are only issued to the most trusted service providers (including governmental institutes and banks) and are indicated by a green trust bar.
|Encryption at Rest
|All backup data is encrypted and stored securely.
|Availability & Continuity
|Uptime of all Cloud and Private Cloud servers are monitored in real-time. In case of an event, our staff will be alerted and is trained to resolve issues.
|Redundancy & Backups
|The Cloud is hosted in a fully redundant infrastructure to eliminate any single points of failure. All data is replicated in real-time and archived on a third database to ensure immediate recovery. Additionally, every 24 hours a full back-up of all data is stored in our encrypted vault in case of disaster recovery.
|Bio-ITech has a Disaster Recovery procedure in place in case of a complete system failure.
|To secure business continuity Bio-ITech provides an Escrow service. The source code of the application will be securely stored at an independent third party and will be released in case Bio-ITech fails to provide the required service.
|Bio-ITech organizes annual security trainings for all its staff to keep security awareness up-to-date.
|Dedicated testers review and test developed code for vulnerabilities.
|Developing, testing and staging is done in separated environments, ensuring security of our applications.
|In the Cloud, we offer eLab sign-in. In the Private Cloud, we offer the possibility to use Single Sign On (SSO) with Active Directory (AD/LDAP/AD FS).
|Single Sign-on (SSO)
|eLabJournal and eLabInventory allow the authentication via Single sign-on (SSO). This is possible via AD, ADFS, SAML LDAP and SURFconext depending on the hosting option.
|Two-factor Authentication (2FA)
|With two-step verification, users can be enforced to login with a two-step verification code in addition to their password. The two-step verification code is generated by their mobile device. 2-step verification provides a second layer of security to your account, making it more challenging for someone else to login as you.
|Secure Credential Storage
|Bio-ITech adheres to all best practices for storing user passwords. Passwords are never stored in a human readable format and only stored as a secure, salted, one-way hash.
|API Security & Authentication
|The eLabAPI is SSL-only and you must be a verified user to make API requests. You must always authorize with your username and password or with an API token to access data via the API.
|Additional Security Features
|Access Privileges & Roles
|eLabNext products support different system roles to allow full system control by an IT system administrator and Organisation Key-Users. In addition to their role as a user, their access level can be promoted to allow full system control over the entire system, or per organisation within the system, depending on the hosting solution.
|User Roles & Permissions
|eLabJournal and eLabInventory support a comprehensive list of permissions that can be activated or disabled per user. Access to data within eLabJournal can be tightly controlled. Permissions can be configured to define granular access privileges and can be set by the group administrator.
|In the Private Cloud, you may choose to enable IP restriction to make the application only accessible on specific IP address ranges. These restrictions are applicable to all users and data stored in the application.
|Bio-ITech is ISO 27001 certified since 2016.
|21 CFR 11 Compliant
|eLabJournal and eLabInventory comply to Title 21 CFR Part 11 of the Code of Federal Regulations, regulations on electronic records and signatures established by the United States Food and Drug Administration (FDA).
|Bio-ITech is compliant, but not yet certified, with the Federal Risk and Authorization Management Program, a United States government-wide compliance program that sets a standardized approach for cloud products and services regarding their approach to authorization, security assessment, and continuous monitoring.
|Bio-ITech handles strict security policies covering a range of topics. These policies are made available to all personnel and contractors that have access to information of Bio-ITech or its customers.
|All employees follow an extensive security awareness training after hiring to maximize security alertness. In addition, all software engineers receive an annual Good Coding Practice training in which security is a main topic.
|An extensive screening is performed on all potential hires for their educational and professional background during the hiring process. All new employees undergo a formal governmental screening procedure that includes a criminal background check during their trial period.
|All employee contracts contain a Non-Disclosure and Confidentiality agreement.
For any questions about our security measures or if you are interested in a 3rd-party statement about our information security management