Enterprise security

At Owkin, keeping your data secure is our highest priority. While much of our technology is developed and managed in-house, we also partner with select, highly reputable vendors who must meet our stringent privacy, security, and ethics standards. Each partner is carefully vetted through rigorous due diligence, including detailed security assessments and contractual requirements aligned with our own commitments.

To ensure the highest standards of information protection, we employ robust organizational and technical measures, conduct regular internal and external audits, and perform comprehensive Security Risk Assessments with every major change to our systems. When integrating large language models or other third-party components, we choose hosting options that guarantee privacy and confidentiality for all data and outputs. This privacy-first approach ensures full compliance with GDPR and HIPAA requirements.

Owkin is certified to ISO 27001:2022 for information security and ISO 13485:2016 for medical device quality, reflecting our ongoing dedication to safeguarding your data. With these measures in place, you can be confident that your information is protected at every stage.

All data in K Pro is segregated by customer to ensure confidentiality. Access to data by Owkin employees is limited to those who have an operational role requiring maintenance access. System integrity and information security is maintained through multiple layers including 24/7 monitoring.

Owkin's platform architecture aligns with enterprise security assessment standards by being ISO 27001 certified since November 2021, regularly undergoing internal and external audits, and performing security risk assessments across the organization. Data is encrypted at rest (AES-256) and in transit, and third-party audits and penetration tests are conducted to validate security controls. Additionally, Owkin's cloud provider (AWS) holds certifications such as ISO 27001, supporting compliance with industry standards.