Our ISO/IEC 27001:2022 certification demonstrates our commitment to strong, auditable security practices, including rigorous security controls, risk-based decision making, regular internal and external audits, continuous improvement and monitoring.

Strong password policies enforced for all of your users. Additional options for Single Sign-On (SSO), Multi-Factor Authentication (MFA) and Directory Sync (SCIM) are available on specific subscription plans to serve Enterprise needs.

From local files to cloud-hosted collaboration, Prism keeps your data secured, encrypted, and within your organization’s control.

Data is stored in secure AWS data centers for licensing, account management and billing, and Prism Cloud. Your data is encrypted in transit (TLS) and at rest.

Prism Desktop files are stored locally on your device, giving your organization full control over storage, access, and backup.

A privacy-by-design approach that gives you transparency, control, and confidence in how your data is handled.

Logical isolation for each customer to keep research data separate.

Role-based access controls ensure that only authorized users can view or collaborate on projects.

Safeguards that help keep your data secure, reliable, and always available.

Ongoing monitoring and vulnerability scanning by independent security experts.

Continuous security monitoring of Prism Cloud infrastructure and applications using AWS and industry-leading tools.

Secure cloud infrastructure and operational best practices designed to help ensure service availability.

Security and privacy are built into the software development lifecycle (SDLC) to protect your data at every stage.

Secure coding practices are followed throughout development, including SAST and SCA code scanning to identify vulnerabilities and improve code quality. 

Production systems are separated from development, testing, and internal corporate systems.

Access restricted to authorized GraphPad staff with multi-factor authentication and principle of least privilege.

Ongoing mandatory training is provided to our team on security, privacy, and data protection.

Prism uses a combination of automated testing and security review to help identify and remediate vulnerabilities. This supports timely fixes and secure product releases.

Automated vulnerability testing to detect issues in source code and third party components before release.

Risk based remediation with findings prioritized by severity and tracked through to resolution.

Customer updates provided through product releases, with notifications and guidance to support customer change and patch processes.

We take a privacy-by-design approach across the entire Prism ecosystem. Our privacy commitments include:

• Collecting only the data necessary to operate our services.
• Customer control over data sharing and collaboration.
• Compliance with international privacy standards.
• Clear, transparent privacy policies.

We do not sell or rent personal data, and we comply with privacy regulations such as GDPR to give you control over your data.

See our Privacy Policy for more information.