Safety and security are integral to CellEngine. We take extensive measures to ensure your data and usage of CellEngine remain safe, secure and private.
Encryption In Transit¶
All connections to CellEngine are encrypted with TLS 1.2 or 1.3 and strong ciphers. Connections using the insecure TLS versions 1.0 and 1.1 or weak ciphers are blocked. View our SSL Report from Qualys SSL Labs.
Encryption At Rest¶
All data in CellEngine is encrypted using AES-256 using a FIPS 140-2-validated cryptographic library. We rely heavily on Google Cloud Platform’s hardened security measures. For more information, refer to their encryption at rest documentation.
CellEngine’s user authentication follows the requirements for IAL/AAL Level 1 authenticators set out in the US NIST 800-63B Digital Identity Guidelines.
Domain administrators can view the security log for their domain. The log includes entries for user log ins, log outs, password changes and failed login attempts. Each entry includes the timestamp, geolocation, IP address and browser information.
Availability and Data Safety¶
CellEngine is designed to be fault-tolerant and highly available. Non-academic licenses include a 99.9% uptime SLA, with a 1-hour recovery point objective (RPO) and 4-hour recovery time objective (RTO).
Raw data files (FCS files and attachments) are immediately replicated in multiple data centers separated by at least 100 miles, providing protection against both data center failures and natural disasters. All other data is replicated between at least two data centers and additionally backed up hourly. We routinely test backup integrity and restoration according to standard operating procedures.
All data is stored in the United States.
Data Center Security¶
CellEngine is hosted on Google Cloud Platform. As such, we benefit from their extensive physical and personnel security measures. For more information, refer to their Security Web site.