NIH Security Best Practices Update

NIH logoDNAnexus has always taken a proactive approach to security and compliance. We’ve worked closely in partnership with AWS (Amazon Web Services) to provide our mutual customers best-in-class security for genome informatics and data management in the cloud. These efforts have been acknowledged in the updated publication of the National Institutes of Health Genomic Data Sharing Policies. The updated guidelines make it clear that researchers may use AWS and DNAnexus to store and analyze controlled-access genomic data, including dbGaP and TCGA.

Prior to this policy change, NIH guidance would not allow use of commercial cloud computing services for work involving controlled-access genomic data, which, though it has been stripped of identifying information, may be unique to individuals. With the new NIH policy, such data can be used in the cloud after investigators obtain project-specific approval for its use.

Applications for such approval must include a data security plan. At DNAnexus, we were pleased to discover that a publication from our white paper library detailing our own security compliance practices was listed as an information resource for individuals seeking a working understanding of the requirements.

DNAnexus platform features such as two-factor authentication, end-to-end encryption, need-based network access control, 24/7 security monitoring and updates, audit and access logging allow us to satisfy the new requirements and to exceed the security of many local datacenter installations.

DNAnexus is working with AWS and the NIH to establish mechanisms for processing data access requests and vending the access-controlled data to approved requestors, and we expect to be providing seamless access to these important datasets in DNAnexus.

The combination of data security and powerful computing made possible by the partnership between DNAnexus and AWS has created the ideal platform for global scientific collaboration in genomics. We are thrilled now to be witnessing the beginnings of a genomic discovery “Commons,” where data are brought together and analyzed by researchers around the world.  We will continue to meet and exceed existing security standards, working with our partners to enable new kinds of innovation driven by genomic big data.