(overview:compliance)=
# Compliance

Atgenomix SeqsLab follows the most relevant security frameworks and regulations in the healthcare industry:

- ISO/IEC 27001:2013 Information Security Management System
- ISO/IEC 27018:2019 Practices for Protecting Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors
- IEC 62304:2006+A1:2015 Medical Device - Software Life Cycle Processes
- FDA Cybersecurity Guidance
- FDA 21 CFR Part 11 Audit Trail

Security measures used on SeqsLab include:

- Virtual private cloud
- Role-based access control
- Encryption at rest and in transit
- Activity audit logs
- Data, code, and execution integrity
- Open standards
- Code inspection

Combined with Microsoft Azure's trusted cloud, SeqsLab is compliant with the following regulations out of the box:

- Health Information Trust Alliance (HITRUST)
- Health Insurance Portability & Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud

As a Gold Member in [Health Level Seven International (HL7)](https://hl7.org/FHIR/)(![external link](../images/external-link.png)), Atgenomix also supports the HL7 objective to create a suite of standard-based technologies for streamlining sophisticated data management and computational analysis of biomedical and multi-omics information.

![compliance](../images/seqslab-biomedIT.png)