At BioAware, we understand that, in order for our customers to embrace the benefits of the cloud, they must be prepared to entrust us with
one of their most valuable assets, their data. When customers invest in a cloud service, they must be able to trust that their data are safe,
that the privacy of data is guaranteed and that the service is fully compliant with laws, regulations and standard practices.
The goal of our Trust Centre is to provide our customers with all of the needed information to make a qualified decision about BioAware as
service provider. The information covers all products and services specified on these pages, both as part of pure cloud solutions or as
part of our cloud-connected on premises solutions. Please see the table of data centers and services for exact listing.
Please contact us at firstname.lastname@example.org, should you need further information. We are happy to assist.
BioAware has been offering cloud solutions for more than 15 years. Over the years, we have established processes, methods and technologies
and embraced proven standards to meet our customers' security, privacy and accessibility needs. The nature of threats is constantly changing,
so security awareness is a natural part of our development process and we constantly strive to be even better.
From planning to deployment of new services or features, we follow our Security Development Lifecycle, meaning that security requirements
are embedded and measured during the service's lifetime. Security requirements are based on a combination of legal, sector, client, best
practices and compliance with privacy laws and regulations.
When making our services available to our customers, they are carefully monitored. This includes continuous scanning for vulnerabilities,
monitoring of intrusion attempts as well as abuse detection using the Acunetix security scanning services.
For public cloud solutions, we use the OVH datacenters for storage of information. They run around the clock and ensure operations by
protecting against power outage, physical intrusion and network outage. These datacenters conform to recognized industry standards of
physical security and reliability.
For information regarding hosting of our different services, see datacenters in our Transparency section.
When incidents occur, we have a dedicated Security Incident team (including our DPO, CEO, IT manager and two software developers) that
provides the necessary co-ordination, management, feedback and communication. They also have responsibility for assessing, responding to
and learning from information security incidents to make sure that we minimize the risk of reoccurrence. Incidents are reported on
https://www.bio-aware.com/defaultinfo.aspx?page=Status for all
products and services of BioAware, Customers can follow the progress of resolving the issues if any. Our Support section also provides
information on issues and their status (
The information on this page is intended for security researchers interested in reporting security vulnerabilities to the BioAware
security team. If you are a customer and have a question about security or a password or account issue, please contact us through the
standard support channels available for your product (https://www.bio-aware.com/BioloMICSSupport.aspx).
BioAware is committed to the security of our customers and their data and we believe that engaging with the security community is
important. We allocate resources to fix and patch vulnerabilities as soon as they are discovered by internal tests, researchers, or
customers. If you believe you've discovered a security vulnerability in a BioAware service, product or web property, we strongly
encourage you to inform us as quickly as possible and to not disclose the vulnerability publicly until it has been addressed contact
us via https://www.bio-aware.com/BioloMICSSupport.aspx or using our email
BioAware does not intend to initiate any legal action or law enforcement investigation against security researchers as long as they
adhere to our Responsible Disclosure guidelines.
How to Report a Security Vulnerability
We believe in open communications and will keep customers updated throughout this process. We aim to triage all reports within 12 business
hours and address all vulnerabilities within 30 days at most.
Q: How do we ensure that your services are up and running?
Our datacenter has a huge level of redundancy (hardware and software). Internet connections guaranteed and redundant as well.
The datacenter is connected to the fastest possible Internet routes to ensure steady data streams. In case of an interruption
there is an automatic transfer to a functioning connection, without the service being affected.
All our machine are managed by VM Ware software and in case of hardware failures the backup machines are taking over automatically.
Hardware systems that are not working anymore are automatically replace by OVH, usually with 15 to 30 minutes (24/7).
Q: How do we protect your information against cyber-attacks?
• We perform security audits and penetration testing using specific experts and software.
• Passwords are never stored as text but are always “hashed and salted” or one way encrypted. This means that not even we at BioAware
can find out what your password is. If you lose your password, you must generate a new one.
• All communications are via an encrypted connection.
• Our services are tested to handle recurrent attacks from, for example, SQLi, XSS and CSRF, session hijacking, and other threats.
• We continuously monitor our services via a series of monitoring software that send alerts when some problems occur (memory problems,
hard drive shortage, CPU usage, security threads, etc).
• OVH, our datacenter provider, is also adding several layers of checks and filters to prevent attacks and threads.
• OVH provides a general-purpose firewall and we also have our own software firewall that is specific to our environment. Both are
working together to ensure the highest possible security levels.
• Antivirus and antimalware software are also protecting our cloud based solutions.
Q: How do we physically protect your information?
• Complete backups of all virtual machines are done daily, and copies stored in physically separate locations. Daily virtual
machines backups are kept for one week.
• Backups of customers databases are also done on a daily basis and stored in physically separate locations. Daily database backups
are kept for at least 2 months and up to 6 months for some customers.
• External and regular backups to customers facilities can also be done on demand.
• Video monitoring and traceability of access to the premises.
• Every datacenter room is fitted with a fire detection and extinction system, as well as fire doors and complies with the APSAD R4 rule.
• OVH guarantees that the servers are constantly maintained and are 24 hours a day and 365 days a year supervised. For more detailed
information, see https://www.ovh.com/world/about-us/security.xml.
• Redundant climate control with environmental monitoring of gas, moisture, heat and water are available in our datacenter.
• Uninterruptible power supply regularly tested against fictional power outages.
• Our datacenter conforms to recognized industry standards of physical security and reliability, including ISO / IEC 27001:2005.
Q: Which guarantees and conditions apply?
When using services from BioAware, customers entrust us with their data. People will not use technology they do not trust, and for us,
privacy and data protection are important matters in building that trust. We protect the privacy of our customers through organizational,
technical and physical measures based on strict policies and standards.
Our Privacy page describes how BioAware processes personal data, and further information specific to our software products can be found
in the relevant terms of service. Please do not hesitate to get in touch with us at email@example.com, should you have further questions.
The General Data Protection Regulation (GDPR), a new EU wide law, is set to come into effect on the 25th May 2018. It is designed to
harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations
across the region approach data privacy. For more information about the GDPR, please refer to the
EU’s GDPR Portal.
The GDPR strengthens the rights of individuals with respect to personal data. This means that BioAware, as a software service provider,
must strengthen the security measures that protect the personal data of our customers and individuals registered in our systems. As well
as the features that enable our customers and individuals that use our services to exercise their rights.
It also means we must design our systems so as to enable our customers to meet their obligations as the data controller for the data they
process using our systems and services.
BioAware naturally sets out to ensure that all of our software services, to the very best of our efforts, are compliant with the GDPR.
Therefore, we have designed a comprehensive framework specifically with the GDPR in mind, comprised of the following main components:
• Training for our employees
• Privacy and data protection built into development and production
• Dedicated data protection manager
• A revised data processing agreement
All personnel in BioAware completed a mandatory course on privacy and data protection in 2018. In addition, specialist and key roles and
teams receive additional training and support, tailored to their needs and requirements. This is for example security engineers, security
and integration teams, and teams working with systems that handle sensitive data.
Key requirements and principles from the GDPR are built directly into our production and quality management systems, such as:
We also provide a system by which a customer can easily request information about how the services comply with the GDPR.
We are revising the data processing agreements for all our software services in order to align them with the GDPR. All software services
that comply with the framework described above will have the same data processing agreement, whose terms are thus based directly on a
thorough technical and organizational system of security and privacy compliance.
We also provide information here on the Trust Centre about your duties as a “data controller” under the GDPR, to enable and support you
when using software services from BioAware.
If you require more information in the meantime, please do not hesitate to contact us at firstname.lastname@example.org.
The BioAware server infrastructure is built on secure public cloud solutions facilitated by OVH. Data processing takes place in Europe
and follows local European regulations and requirements regarding protection of data privacy.
Q: Is it legal to store data outside of my country?
In general, yes. However, some countries have rules that specify special requirements (especially for accounting and payroll data).
We are not responsible for the data that our customers are storing in our systems and are not even monitoring the information they store
as they under NDA anyway in many cases. It is therefore the responsibility of the customers to ensure that what they store in our
datacenters is legal. If, for some reasons, we are made aware that some data are not legal or infringing the law we will warn our
customers and ask them to take the needed actions to solve the issue. If the customer is failing to do so, we would take the needed
actions to solve the problem.
Q: Where are data stored?
Data are stored on the OVH servers in Roubaix and Strasbourg (France). For more detailed information, see
For further information about datacenters, certifications, or data protection, please contact us at email@example.com.
BioAware strives to develop software according to current development best practices. We keep up to date with industry trends and
predictions, as well as planned and possible disruptive changes.
BioAware release changes and new versions to customers at varying intervals, ranging from daily updates when needed to longer intervals.
We hold the quality of our software as our highest priority, including security and performance of the service. Customer involvement
during the development stage is a crucial aspect in order for us to always be in tune with our customers’ needs and be able to deliver
the most important features needed by our customers.
All of our services are continuously monitored, and if any deviations are detected and have an impact on one or several of our customers
it is reported on our status sites (https://www.bio-aware.com/defaultinfo.aspx?page=Status for all products and services of BioAware or
on https://www.bio-aware.com/BioloMICSSupport.aspx for some specific issues).
An incident is defined as "any event which is not part of the standard operation of a service and which causes or may cause an interruption
to, or a reduction in, the quality of that service".
When we receive notification of an incident in our system, either from our customers who report a deviation, or from our internal
resources (personnel or monitoring), our teams immediately act upon this information and try to classify the incident severity.
If of high severity, we follow an escalation process in order to reach the correct team and fix the deviation as soon as possible.
In order to make sure that we are following the best development practices, we always strive to comply with industry standards to ensure
these are followed to the right extent.
In BioAware, we develop services that help our customers to comply as close as possible with national and international laws, as well as
industry specific standards and requirements like ISO standards and EU directives.
We are aware that, for our customers, complying with these rules and regulations is critical for remaining in business, staying ahead
of the competition and avoiding punitive actions. Therefore, rules for privacy protection, accounting, taxes and payroll management
are all tightly embedded in our processes. What’s more, we are doing our best to ensure that our software complies with applicable
laws in the markets to a reasonable extent.
All our development processes are following the best management guidelines with versioning, traceability and history of changes.
For compliance details regarding our hosting facilities, see the datacenters in our Transparency section. For information regarding
industry specific compliance, or other details not covered here, please get in touch with us at firstname.lastname@example.org.
Follow us on Facebook, Twitter
and other social media
or contact us by phone or email
Phone: + 32 478 28 57 64
BioAware SA NV Rue du Henrifontaine 20 B-4280 Hannut Belgium
ING Bank#: 340-0469612-73
BIC code: BBRUBEBB