Information security

Owkin uses data-driven research and AI to find the right treatment for every patient. We are firmly committed to maintaining the highest standards of privacy, security, and confidentiality for data we manage. 

Security team

Our Chief Information Security Officer is responsible for minimizing the risks to company, partner and client information. Owkin teams work together to ensure active risk management and ensure the confidentiality, integrity and availability of data. If you have any questions or concerns, please contact   


We build these principles into our information systems and operational procedures, in particular for personal healthcare and research data. 

  • Where possible we keep data at source, working with our partners to implement a federated approach
  • Research data is pseudonymized prior to upload to our systems 
  • Data is encrypted to industry standards in transit and storage
  • Network connections are monitored and controlled
  • Our systems are actively monitored and alerts managed by our on call teams
  • We apply data residency in the EU, UK or US as appropriate
  • Access to data is regulated through role based access control
  • We work with selected hosting providers to ensure physical and environmental security 
  • Our software development teams follow privacy by design and security best practice such as OWASP Top 10
  • Third party audits and penetration tests

Find out more about our federated approach to keeping data safe at source.


Owkin complies with legal requirements for handling personally identifiable data including the EU GDPR and US HIPAA.


Third party audits of our systems and controls provide additional confidence and trust in our information security.

  • ISO 27001 - Download the Certificate here EN | FR
  • Owkin's internal systems are hosted on systems certified for ISO 27001 and HDS (France).

BSI 27001

What is ISO 27001?

The ISO is an independent, nongovernmental, international body that develops standards to ensure the quality, safety, and efficiency of products, services, and systems. 

ISO 27001 is the only auditable certification in the world that defines the requirements of an information security management system (ISMS), covering 14 domains of security to ensure all areas are adequately assessed. 

To become ISO 27001 certified, Owkin created new guidelines around security, tested all controls across 14 domains, ran comprehensive training for all staff, and completed rigorous audits performed by external companies.

How does Owkin apply ISO 27001?

By obtaining the ISO 27001 certification, Owkin commits to protecting three aspects of information:

  • Confidentiality: Only authorized persons have the right to access information.
  • Integrity: Only authorized persons can change the information.
  • Availability: The information must be accessible to authorized persons whenever it is needed.

What is Owkin’s approach to data privacy?

Owkin is committed to ensuring the security and protection of personal data following the requirements of the EU General Data Protection Regulation.

We regularly conduct audits with the assistance of well-known third-party agencies to screen and enhance our internal security processes and policies.

Owkin complies with the highest industry standards for physical, environmental, and hosting controls. Okwin data centers handled by our vendors get advantage of the brand new architectural and engineering approaches.

The Production network is isolated from other staging, development, and infrastructure environments.