The Terra platform and the data it contains is secured according to best practices in information security, suitable for safeguarding human health data.
The Broad Institute, Microsoft, and Verily support the medical research community as it deals with matters of public health. Our security posture addresses the rights of the patients whose data make this work possible, as well as the needs and concerns of the researchers. We work with internal and 3rd party security experts to define the system and security needs of the system, to assess that security controls are implemented, to monitor that controls continue to be effective, and to respond appropriately to incidents or anomalies.
We use best practices and industry standards, mostly aligned to NIST-800-53 Rev 4 Moderate, to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our users meet their own compliance standards.
All systems undergo continual threat assessment and detection.
We implement the core data security functions of Identify, Protect, Detect, Respond, and Recover at all times, and we maintain a posture of continual assessment through a variety of security automation in the “DevSecOps” mode of operation.