Overview of Information Security Policy

At GenScript, we are dedicated to securing our systems and protecting data integrity, guided by the core principles of the NIST Cybersecurity Framework and ISO 27001 standards. Information security and privacy protection lay the foundation for corporate compliance and sustainable operations. Our policies ensure robust protection, thorough risk management, and continuous improvement across all our processes.

Information Security Management Organization

We have established an organizational structure for information security, which comprises the Information Security & Data Compliance Committee, Biosafety Committee, the Information Security Department, and IT Department and assessed teams.

Information Security & Data Compliance Committee

Review and approve the information security strategy and goals, facilitate multi-functional cooperation, and coordinate relevant efforts

Information Security Department

Develop risk assessment plans, implement risk assessments, and develop risk mitigation plans

IT teams and
assessed teams

Identify information assets and undergo information security risk assessments

GenScript Data Security Policy

Our Data Security System covers the following areas:

We analyze organizational and industry policies to establish norms for data usage and define what constitutes sensitive data.
This involves positioning and classifying data according to its sensitivity and defining data protection levels accordingly.
We enforce strict controls throughout the data lifecycle, employing policies and a management platform for meticulous authority oversight.
Our systems ensure data is used appropriately within its intended bounds and log any unauthorized data activities for evidence and review.
We continuously monitor data, adapting our strategies to ensure operational continuity and security resilience.

In 2023, we enhanced our routine information security protocols, rigorously auditing outbound communications and data transactions. This also included improving our channels for reporting information security incidents and mitigate data leak risks:

Optimize the permission management policy for outbound emails, and disable outbound emails by default unless external communication is necessary for work
Minimize privileged accounts that are not necessary for work, and define requirements in the IT System Privileged Account Management Process
Inspect the installation of social media software across the Group, and uninstall software for those who have not applied for permission or whose permission has expired
Deploy a data backup and recovery system to prevent ransomware risks and ensure timely data recovery and business continuity

Incident Response Plan

Our structured incident management protocol includes:

Incident Discovery

Incident Discovery

Employees are required to report any observed or suspected security vulnerabilities immediately to the Information Security Department.

Security Incident Report

Security Incident Report

Discovered incidents are promptly reported by the discovering employee directly to the Information Security Department or through designated channels.

Security Incident Response

Security Incident Response

Our teams collaborate to swiftly address and mitigate any security incidents, minimizing potential impacts efficiently.

GenScript Privacy Policy

As a global biotech leader, GenScript diligently adheres to the laws and regulations governing digital assets and personal data privacy across all the countries and regions in which we operate. A cornerstone of our commitment to our customers is the protection of their privacy. To this end, we have developed a robust customer information security protection system that isolates and desensitizes personal data, thereby preventing any potential data breaches.


Minimize the collection of customer data


Inform customers of the scope of data use


Allow customers to delete personal data


Ensure safe and stable data storage

Privacy Policy

Our publicly accessible Privacy Policy articulates the foundational principles governing the collection, use, and storage of customer data, ensuring transparency and trust. We process customer data strictly to the extent necessary, minimizing it to what is reasonable and essential for our operations. Moreover, our contracts with customers incorporate specific privacy protection clauses, further securing their personal information and reinforcing our dedication to their data security.

Our ongoing efforts include the publication of the Data Security White Paper, which outlines our comprehensive data security management practices across the business and customer data lifecycle. We also maintain multiple global data storage centers to ensure local data storage compliance and minimize cross-border data transfer risks.

To guarantee exceptional production quality and ensure comprehensive traceability, ProBio has implemented a dual system architecture. This advanced system is designed to fulfill the stringent information security and validation standards required under the Good Manufacturing Practice (GMP) guidelines, applicable globally. This deployment not only optimizes our operational efficiencies but also aligns with best practices in data integrity and security within the manufacturing sector. ProBio has been honored with the prestigious “Emerging Enterprise Award by Supply Chain” from the Harvard Business Review, highlighting our leadership in leveraging technology to enhance our supply chain operations.


Do you like the current new website?