Home / Platform / Security

Can you trust the security of our vault?
Your competitors do.

We understand intellectual property. That’s why we’re committed to security and privacy across our platform — and why our customers trust us to help them find their next blockbuster products.

The principle:

We’re committed to physical, network, and application security, and we are transparent about the steps we take to protect the platform and its contents.

We’ve been ISO 27001-certified since 2018, and we’ve continued to invest in our information security management system and go beyond ISO requirements.Your data and your discoveries are yours alone, and we protect them with controls that allow you to innovate with peace of mind.

Security - iso 27001
Why this matters to our customers:

Our customers are more than manufacturers. They are inventors, and their intellectual property represents their “crown jewels.”

Security isn’t just “nice to have”
Companies are literally trusting us with their future revenue streams. We built our platform with security first, because guarding your products with bolt-on features isn’t good enough.

Corporate espionage is a serious threat
Our customers know their own systems are under constant threat, and they take strong steps to defend themselves. We are an extension of their networks, and we take security as seriously as they do.

Threats come in multiple forms
We are proud of our ISO 27001 credentials, but we treat them as just the starting point. From phishing to flooding, we anticipate what could go wrong and, like our customers, we take a comprehensive approach toward mitigating risks.


quotation mark

Security is at the heart of everything we do, across operations and processes. Our customers trust us with their most valuable and competitive assets. It’s an honor, and a responsibility we never forget.”

Justine Trubey
Chief Operating Officer

Operational Security

We’re committed to mitigating risk and ensuring that our services meet regulatory and security compliance requirements:

  • Your data is classified, secured, and isolated while entrusted to Citrine
  • Each customer’s production environment is hosted in a separate virtual private cloud
  • Access to infrastructure, networks, and data is minimized with best-practice authentication systems.

Security and privacy by design

We designed the Citrine Platform with cybersecurity in mind:

  • Change management processes
  • Encryption in transit and at rest
  • Account security
  • Authorization security
  • Cloud and network security
  • Dedicated security team
  • People security
  • Continuous monitoring

Employee and third-party security

Our staff, contractors, and vendors must all comply with the same strict security and privacy requirements:

  • Security awareness, phishing defense training, and mandatory background checks
  • Citrine Assesses all potential and current vendors including: software supply chain suppliers, service providers and applications for compliance and competence.
  • Amazon Web Services (AWS) data centers host all customer data and production systems

Driven by defense

We prepare for worst-case scenarios:

  • Business continuity and disaster recovery planning
  • Citrine Platform infrastructure is logged and continuously monitored by our engineering team
  • Software code weakness and library code vulnerability assessments are built into our software development and deployment process.
Read Citrine’s Security White Paper:
See for yourself: