Can you trust the security of our vault?
Your competitors do.
We understand intellectual property. That’s why we’re committed to security and privacy across our platform — and why our customers trust us to help them find their next blockbuster products.
We’ve been ISO 27001-certified since 2018, and we’ve continued to invest in our information security management system and go beyond ISO requirements.Your data and your discoveries are yours alone, and we protect them with controls that allow you to innovate with peace of mind.
Security isn’t just “nice to have”
Companies are literally trusting us with their future revenue streams. We built our platform with security first, because guarding your products with bolt-on features isn’t good enough.
Corporate espionage is a serious threat
Our customers know their own systems are under constant threat, and they take strong steps to defend themselves. We are an extension of their networks, and we take security as seriously as they do.
Threats come in multiple forms
We are proud of our ISO 27001 credentials, but we treat them as just the starting point. From phishing to flooding, we anticipate what could go wrong and, like our customers, we take a comprehensive approach toward mitigating risks.
Security is at the heart of everything we do, across operations and processes. Our customers trust us with their most valuable and competitive assets. It’s an honor, and a responsibility we never forget.”
Chief Operating Officer
We’re committed to mitigating risk and ensuring that our services meet regulatory and security compliance requirements:
- Your data is classified, secured, and isolated while entrusted to Citrine
- Each customer’s production environment is hosted in a separate virtual private cloud
- Access to infrastructure, networks, and data is minimized with best-practice authentication systems.
Security and privacy by design
We designed the Citrine Platform with cybersecurity in mind:
- Change management processes
- Encryption in transit and at rest
- Account security
- Authorization security
- Cloud and network security
- Dedicated security team
- People security
- Continuous monitoring
Employee and third-party security
Our staff, contractors, and vendors must all comply with the same strict security and privacy requirements:
- Security awareness, phishing defense training, and mandatory background checks
- Vetting potential software supply chain suppliers with vulnerability assessments and ongoing patch management programs
- Amazon Web Services (AWS) data centers host all customer data and production systems
Driven by defense
We prepare for worst-case scenarios:
- Business continuity and disaster recovery planning
- Comprehensive infrastructure monitoring and activity logging
- Distributed Denial of Service (DDoS) protection
- Application vulnerability assessments and regular penetration testing