> For the complete documentation index, see [llms.txt](https://docs.owkin.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.owkin.com/governance-and-security/security-architecture/enterprise-security.md). # Enterprise security At Owkin, keeping your data secure is our highest priority. While much of our technology is developed and managed in-house, we also partner with select, highly reputable vendors who must meet our stringent privacy, security, and ethics standards. Each partner is carefully vetted through rigorous due diligence, including detailed security assessments and contractual requirements aligned with our own commitments. To ensure the highest standards of information protection, we employ robust organizational and technical measures, conduct regular internal and external audits, and perform comprehensive Security Risk Assessments with every major change to our systems. When integrating large language models or other third-party components, we choose hosting options that guarantee privacy and confidentiality for all data and outputs. This privacy-first approach ensures full compliance with **GDPR** and **HIPAA** requirements. Owkin is certified to **ISO 27001:2022** for information security and **ISO 13485:2016** for medical device quality, reflecting our ongoing dedication to safeguarding your data. With these measures in place, you can be confident that your information is protected at every stage. All data in K Pro is segregated by customer to ensure confidentiality. Access to data by Owkin employees is limited to those who have an operational role requiring maintenance access. System integrity and information security is maintained through multiple layers including 24/7 monitoring. *** Owkin's platform architecture aligns with enterprise security assessment standards by being ISO 27001 certified since November 2021, regularly undergoing internal and external audits, and performing security risk assessments across the organization. Data is encrypted at rest (AES-256) and in transit, and third-party audits and penetration tests are conducted to validate security controls. Additionally, Owkin's cloud provider (AWS) holds certifications such as ISO 27001, supporting compliance with industry standards. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.owkin.com/governance-and-security/security-architecture/enterprise-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.