Security and Privacy at LabArchives: Our Guiding Principles

Daniel Ayala will be posting articles about information security, privacy and compliance in our blog. Throughout his 25 year career, he has led security and privacy organisations in banking and financial services, pharmaceutical, information, higher education, research and library organisations around the world, and both writes and speaks regularly on the topics of security, privacy, data ethics, and compliance. He also happens to be LabArchives Chief Information Security Officer!

As a security leader, I often get asked what it means for security and privacy to be part of the culture of an organisation, especially in light of continuous new threats to technology and the science our technology enables. “Baking it in” comes in many forms and is an ongoing process.

One of the ways we have embedded security and privacy into our culture is to try to make them understandable and tangible, and to find ways that they can be applicable to all areas of the organization. The result is a set of guiding principles that are useful not only to LabArchives colleagues but also to the communities we serve.

These guiding principles are the embodiment of our commitment to data protection, research integrity, and ensuring strong trust in technology as an enabler and custodian of the world’s research. The goal of these principles is to enable every colleague within LabArchives to weigh each decision they make against these barometers to ensure they are aligned to these security and privacy commitments.

1) Protect the integrity and security of our customer’s data.  Integrity is at the core of data, and data is at the core of research. If the data is not good or its fidelity cannot be counted upon to be authentic all the way through its life, then the research cannot be counted upon. By committing to protecting both the access and the provenance of the data within LabArchives systems and supporting processes, we are demonstrating our commitment to the integrity of your research from start to finish.

2) Support the compliance requirements of customers whenever possible. More and more compliance requirements are arriving across the world related to security, privacy, and other regulatory requirements. While we may not be able to certify to each one right away, we will provide the necessary details to allow customer organizations to understand how LabArchives systems meet or support specific compliance requirements around the world.

3) Rigorously educate and inform our team and our customers to reduce security, privacy, and compliance risks.  One of the goals of research is to educate and inform, and we believe in doing both as much as our customers do. On the topics of security, privacy and compliance, we will continue to share our insights, our knowledge, and our findings as they apply not only to our products and services, but also to the broader realm of research and technology.

4) Build customer trust and reputation through transparency. The surest way to build and maintain trust is to be honest and transparent. This principle establishes this as bedrock within LabArchives. We will be clear about what we do and what we do not, what we can do and what we cannot, and we will provide products and services that enable customers to maintain control over the research data you entrust us to store and manage on your behalf. We will be clear about what we do with that data and we will allow customers and users to have as much agency over that data as possible.

5) Deploy technology to monitor, detect and respond to internal and external threats. We are a technology company, but we also believe that robust processes and the right people are an absolute requirement to deploying technology successfully, including the technology that monitors and responds to threats affecting our systems. That said, this principle ensures that we embed security and privacy into our technology as much as we do the primary features that support research. We have and will continue to invest in the technology necessary to identify and counter attacks, quantify and allow us to make the right decisions to best protect our customer’s research data. 

We are sharing all of these as a way to demonstrate and begin our commitment to principles numbers 3 and 4: to educate on what should be expected from LabArchives and companies like us, and to be publicly accountable for delivering on all of these guiding principles as we continue our business in 2022 and beyond.