Blog
Getting Unstuck on the Path to Digital Transformation
Supporting Secure Scientific R&D with Cloud-Based SaaS Solutions
LabArchives® cloud-based lab-management solutions are an ideal choice for government and academic research groups looking to securely and collaboratively manage their lab data, inventories, and resources. Cognizant of the increasingly stringent security demands placed upon such researchers, the LabArchives team at Dotmatics made a commitment to prioritize security in their product development so as to offer solutions that support both scientific innovation and information security. For the past five years, the team has been on a journey toward FedRAMP® authorization and it is thrilled to report that its LabArchives for Government solution achieved “In Process” FedRAMP designation in April 2024; it now awaits final authorization and listing on the FedRAMP marketplace, the sole provider-directory used by federal agencies seeking authorized cloud-based solutions.
Digital Data Transformation Prompts New Requirements
A shift toward digital record keeping in recent years has prompted research funding organizations—academic, commercial, and government—to mandate the ways data is secured and handled. Government policy offices, including the White House Office on Science and Technology, National Archives Records Administration, National Institutes of Health and more, have published guidance and policies regarding the safekeeping and access to government sponsored research data. The information security requirements in the Federal Risk and Authorization Management Program, or FedRAMP, help researchers in the federal government meet many of these requirements. FedRAMP is a standardized, risk-oriented assessment framework developed by the United States federal government for authorizing the use of cloud-based products to handle unclassified government information. FedRAMP assessment involves rigorous examination of a solution’s data security and data governance capabilities, as well as its development process, security procedures and policies, and its cloud-services technologies. Achieving FedRAMP authorization means accommodating continuous security monitoring and adhering to more than 300 standards-driven security controls, which are assessed by third-party auditors. In other words, it’s no small task.
Developing LabArchives for Government
The LabArchives team has always worked to protect the confidentiality, integrity, and availability of data stored within its cloud-hosted solutions. These user- and workflow-friendly solutions have served as the foundation for developing the LabArchives for Government solution. The LabArchives for Government solution has been further fortified with advanced security features customized to satisfy National Institute of Standards and Technology (NIST) Special Publication 800-53 requirements, which are at the heart of the FedRAMP program, as well as an evolving, state-level initiative, StateRAMP.
The LabArchives for Government solution offers three applications:
LabArchives Electronic Laboratory Notebook (ELN): a digital notebook and workspace for better data management, connectivity, and collaboration
LabArchives Inventory: software for the organization, usage, tracking, and ordering of inventory items
LabArchives Scheduler: easy-to-use calendar and scheduling tools for the management and scheduling of laboratory equipment and resources
National Cancer Institute Test and Pilot Program
As part of its FedRAMP journey, the LabArchives team collaborated with two highly-regarded research institutions within the National Institutes of Health (NIH)—the National Cancer Institute (NCI) and the National Center for Advancing Translational Sciences (NCATS).
Cloud-service providers seeking FedRAMP authorization must partner with a government agency that follows the provider’s FedRAMP journey and helps ensure that all key steps and requirements are fulfilled in order to achieve initial authorization. The official agency partner for LabArchives is the NCI. A pilot program at the NCI saw more than 1,000 researchers using LabArchives; this quickly blossomed to 4,000 scientists throughout the NIH using LabArchives, making it the first-ever ELN licensed for agency-wide use at the NIH.
LabArchives is an attractive option for research groups, like those at the NIH, who are looking beyond secure storage; such groups want a more complete solution that will facilitate their research, while also keeping pace with data-security requirements from government and state agencies. The LabArchives team is well prepared to develop solutions that meet guidelines from government agencies, such as the White House Office of Science and Technology, US Office of Management and Budget, and National Archives Records Administration, because of its longstanding and steadfast commitment to information security; and on top of this, the LabArchives team has likewise always prioritized workflow optimization and collaboration. As a result, the team is uniquely positioned to deliver more complete lab-management solutions that support security and innovation equally.
Benefits for All LabArchives Users
In developing LabArchives for Government, the development team further optimized LabArchives’ security-by-design approach to product development to satisfy US government requirements; this includes: even stronger encryption at all levels of the system; more comprehensive documentation of policies and procedures; additional vulnerability scanning and penetration testing; and more extensive reviews by a certified third-party assessor. While LabArchives for Government operates independently from other LabArchives cloud sites, many of the advanced technologies, policies, and procedures used for FedRAMP Authorization have also been implemented in the commercial LabArchives implementations. This means all LabArchives customers can benefit from further improved information security.
Join Us on the Journey
The LabArchives team is excited to share the benefits of this journey with all organizations hoping to support secure, collaborative scientific research. LabArchives has already received SOC 2 Type II and ISO 27001 certifications, and looks forward to FedRAMP and StateRAMP approvals to follow.
Learn how LabArchives can help your research group effectively innovate in the face of growing security requirements by visiting the LabArchives website.
