Information Security

Drug discovery and development require an extremely high bar for data security. XtalPi has built a comprehensive information security management system (ISMS) with a special focus on four main aspects: cloud security, data security, operation security, and compliance. Our ISMS has received the ISO27001 certification by UKAS and CNAS since May 2019, which underlines XtalPi's dedication and ability to ensure our clients' data security.

Cloud Security

XtalPi’s cloud security model is designed based on the AWS shared responsibility model while also following the CIS benchmark protocol.
We use AWS's VPC service for the separation of cloud computing resources, while the connection between office and cloud uses a physical private network connection. Such a design ensures the reliability of data transition and remains flexible to be customized for the client's specific requirement.

Data Security

We place a strong emphasis on data security. Our system uses a private physical network to safeguard data transfer and SSL protocol for data encryption. For data storage, we use server-side data encryption using the AES-256 protocol.
To securely insulate the data of each client, we create a separated data storage domain for each of the client accounts, which includes object buckets and database tables with clearly defined different levels of authorities and accounts for data access management.

Operation Security

Our computing platform has a comprehensive account authority management system with auditing capabilities, supports fine-grained access and authority control and security audit to prevent data leak.
XtalPi's internal computing platform is operated by the VDI (virtual desktop infrastructure), which can only be accessed through the private network connected to it.


XtalPi received the ISO27001 certification by both UKAS and CNAS, a management system with information asset security and business risk management as the core. Data security is a top priority of ours, and we strive to keep our platform updated with the most advanced IT security technologies available and keep in compliance with the most strict industry standards.