Lifebit Biotech Limited

Lifebit Platform: Cloud-Based Trusted Research Environment

The Lifebit Platform Trusted Research Environment (TRE) is a secure computing environment for researchers to remotely access large-scale biomedical data. The Lifebit Platform allows researchers, teams and large organisations to collaboratively and securely access, manage and analyse large-scale biomedical data over cloud environments or hybrid infrastructures (HPC-Cloud).

Features

• Federated Trusted Research Environment
• Intuitive cohort building and cohort definition sharing for data discovery
• Complex querying of clinical and multi-omics data
• Data standardisation, harmonisation using industry best-practices, e.g. OMOP, GA4GH
• Linking of all data-types (storage containers, clinical/multi-omics data)
• Security (encryption, segregation, airlock/data export controls, intrusion detection, RBAC)
• Full-fledged access controls and complete audit-trails of system and databases
• Cost tracking, cost recuperation, financial invoicing, cost limits, budget management
• Data segmentation features to separate data types and cohorts.
• State-of-the-art standardised pipelines, interactive tools (JupyterLab, pipeline composer, IGV)

Benefits

• Automation of big data analysis, high scalability and interoperability
• Run analysis across distributed private, public datasets (federated analysis)
• Collaboration - share data, results, code access with team members
• Intuitive cohort building and visualisation
• Access to wide-ranging compute instances, e.g. CPUs and GPUs
• Set spending limits in the cloud, aligned with research budgets
• Reproducibility of analyses through cloning runs and FAIR standards
• Open-source GA4GH-aligned TRE technology
• Upgrades and continuous platform releases included in maintenance and support
• Deliver integrations with external solutions across diverse architectures

£0 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@lifebit.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

478556591651973

Contact

Thorben Seeger
+ 44 7857149052
procurement@lifebit.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Set up cloud account (AWS, Azure, Google Cloud)
  • Provide Identity and Access Management (IAM) credentials

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial email responses via email to support@lifebit.ai are within 24 hours. For critical issues we respond immediately (i.e. within an hour) and provide a workaround in 12 hrs. This can be 9-5 or 24/7 depending on requirements (depending on a tailored service level agreement (SLA) Lifebit Platform subscription plan).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Lifebit uses Intercom Messenger, a customer messaging platform, which is compliant with the Web Content Accessibility Guidelines 2.0 Level AA. Specifically, Intercom focuses on three main areas for accessibility with their web chat, and include: ; Keyboard navigation ; Screen reader support ; Colour contrast.
• Onsite support: Yes, at extra cost
• Support levels: We provide a service model based on severity of the issue with different response times for each level. For critical issues we respond immediately (i.e. within an hour) and provide a workaround in 12 hrs. This can be 9-5 or 24/7 depending on requirements (depending on the Lifebit Platform subscription plan).
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Users can easily set up the service through the Lifebit Platform interface, which can be accessed through [https://cloudos.lifebit.ai/register/]. Creating a new account is simple, users only have to enter their name and email. Once signed up, users can either opt for 10 free credits of the Lifebit Cloud, or can link their AWS, Azure, Google Cloud accounts to the platform using the Identity and Access Management (IAM) credentials. To get started, Lifebit provides a freemium version of the Lifebit Platform, which allows users to explore the way the platform is structured, along with access to main applications like the Batch and Interactive analysis. Users are able to import pipelines, run analysis, connect data and organise their work in projects, while being able to import publicly available repositories from Git servers like Github, Bitbucket or connect their personal account to allow importing of private repositories from the Git server of choice or from the Docker.io container registry. Lifebit has a support chat, with live agents working on UK business hours to support all their users.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Markdown
• End-of-contract data extraction: The Lifebit Platform does not transfer any data, metadata, or log information out of the user's cloud account. The Lifebit Platform only manages the allocation of the user's resources and never processes any information from the user's analysis or datasets. Therefore, there is no need for users to extract their data when the contract ends. If they wish, they can simply revoke their Identity and Access Management (IAM) credentials from the Lifebit Platform and from this point the Lifebit Platform ceases to have access to the user's storage resources.
• End-of-contract process: Since the user's cloud account is linked to the Lifebit Platform, the user is responsible for revoking the Lifebit Platform' access to their cloud. As soon as their cloud is disconnected from the settings field in the Lifebit Platform, the platform will be detached from their account and data. Furthermore, the results generated from the data analysis via the Lifebit Platform are stored in the user's cloud account storage resources. Therefore, the data generated does not need to be transferred or deleted because they always live on the user's cloud. There are no additional costs associated to disconnecting the Lifebit Platform from cloud accounts.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Lifebit Platform has a mobile experience which is WCAG 2.0 AA compliant.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users can easily set up the service through the Lifebit Platform interface. Creating a new account is simple, users only have to enter their name, organisation and email. Once the account has been set up, users can run their analyses directly through the Lifebit Platform web interface. If desired, users can programmatically access the Lifebit Platform using the Lifebit API. There are no limitations to how users can set up or make changes through the web interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Lifebit engages WAI experts annually, to run web-accessibility tests across full platform. Additionally, Lifebit's QA team conducts regular accessibility audits using aXe accessibility testing and HTML_Codesniffer to identify and remediate accessibility problems.
• API: Yes
• What users can and can't do using the API: Users can generate a private API key by navigating the settings in the Lifebit Platform. They can subsequently include the key in HTTP request header to make requests. The option to register user’s endpoint to a webhook for receiving notifications is provided. The following actions can be performed by making API queries. ; (a) POST request to deploy a job and select all the parameters available through GUI (select instance type, workflow, input data and parameters). ; (b) GET requests for retrieving information. Request to retrieve information about specific job by providing job ID. ; (c) Retrieve information about all analyses Projects (includes all the jobs associated with given Projects, including summary statistics (eg. job count per Project)). ; (d) Retrieve information about all available analysis workflows. ; ; Current limitations are associated with the cloud account settings. The user is not allowed to change the cloud account configuration from API, or retrieve relevant information but this is designed like so, as a security measure.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is charged at day rate, included in the implementation package. The customised package is discussed before engagement between Lifebit and the organisation looking for a custom solution. ; ; (a) Choice of public, private, hybrid cloud, or use of on-premise computing ; ; (b) Live intercom, chat and email support delivered by bioinformatics team during business hours ; ; (c) Advanced Auditing ; ; (d) Automated recommendations on best resources and data to be used for each analysis, and prediction of analysis costs and duration

Scaling

• Independence of resources: Since each user's personal cloud account is linked to the Lifebit Platform, the demand they place on the service is provided by their own cloud provider and not through the Lifebit Platform. This ensures infinite scalability through either AWS, Azure, and Google cloud providers.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can refer to the start time, execution time, cost, and computational resources (instances) used for all jobs deployed through the Lifebit Platform. Furthermore, after job completion, users can also access job monitor analytics (i.e. CPU and RAM usages per process in the pipeline). For team accounts, administrators have a detailed overview of what each team member has used in terms of resources, and can also implement different spending caps for each member of the team.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: No physical media exist where the data are stored within Lifebit's premises. Data protection of the cloud providers' policies apply, where data is encrypted at rest by applying full-disk encryption policies.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The Lifebit Platform utilises Identity and Access Management (IAM) authentication, allowing the user to manage their cloud and data in a secure way. With the Lifebit Platform, users' data never leaves their secure cloud environment, as the Lifebit Platform does not ingest or transfer any data, metadata, or log information out of the user's environment. The Lifebit Platform only manages the allocation of user resources and never processes any information from the user's analysis or datasets.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Healthcare data, metadata in standard formats (json, other structured formats)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • TXT
  • VCF
  • FASTA/FASTQ
  • GFF
  • ZIP
  • GZIP
  • JSON
  • BAM
  • BED
  • Lifebit Platform is agnostic, any data type can be used.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: The Lifebit Platform encrypts data-in-transit using NIST approved open-source cryptographic libraries.
• Data protection within supplier network: Other
• Other protection within supplier network: Not applicable because the Lifebit Platform never transfers data.

Availability and resilience

• Guaranteed availability: Lifebit commits to 99.5% uptime for the Lifebit Platform. Details related to penalties for non-performance will be covered in the contract between Lifebit and the client.
• Approach to resilience: This information is available on request.
• Outage reporting: Any outages can be reported through an API, email alerts and/or web chat support.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Identity and Access Management (IAM) credentials for linked cloud account. Further information available on request.
• Access restrictions in management interfaces and support channels: Management interfaces require authentication in the form of username and password.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Identity and Access Management (IAM) credentials. Further information available on request.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SOCOTEC Certification UK Ltd
• ISO/IEC 27001 accreditation date: 03/02/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Gap Assessment
  • HIPAA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: One key benefit of the Lifebit Platform Trusted Research Environment is clients will maintain full ability to react to changing regulatory and legal requirements and implement security and governance changes to remain compliant. Lifebit guarantees a full working platform with all controls and security governance adapted to the client’s needs.
• Information security policies and processes: Information security policies provide Lifebit with a framework and standards for information security programs and assurance activities. Important attributes: ; ; (a) management engagement in security governance for alignment with overall organisation policies and goals; ; (b) integration of security architecture with enterprise architecture; ; (c) continuous evaluation of the information security strategy to ensure alignment with business needs and the organisation’s risk appetite; ; (d) regular review of the organisation’s risk appetite to ensure it continues to be appropriate for the environment in which the organisation operates. ; ; Management formally approves the information security strategy, policy, and architecture to ensure appropriate implementation, coverage and maturity for security controls and processes. Lifebit has an Information Security Officer responsible for all aspects of security for the Lifebit Platform. Policies are published and employees are mandated to sign up to the adherence of these policies on an annual basis.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Lifebit's Platform SaaS Services change management process aligns with ITIL v3 ITSM best practices. All the changes will be tested before deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess vulnerability and potential threats by performing annual penetration testing and frequent reviews by an Information Security Officer. ; ; We follow a model of continuous integration and deployment. New patches are scheduled to be deployed daily but in urgent occasions of threats Lifebit might proceed in deploying the changes as soon as possible. ; ; Penetration testing feedback (outsourced) and reviews from an Information Security Officer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Lifebit leverages the cloud provider's security tools as the first layer of defence against unauthorised access. Audit logs of user activity are transferred to our protective monitoring solution, the Security Operations Centre (SOC), with a real-time view of cloud (infrastructure) activity and tools to identify suspicious behaviour such as suspected instances of unauthorised data access or data leaks. Alerts in response to malicious activity are reported directly to the client through services like AWS CloudWatch Service. ; Alerts are reviewed on a daily basis and appropriate action is taken upon review.
• Incident management type: Supplier-defined controls
• Incident management approach: Lifebit has an incident management process in place. Further details are provided in the master service agreement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Lifebit pledges to adhere to our carbon reduction plan and ensure that our operating services create minimal environmental impact. In recognition of how important it is to mitigate the detrimental impact of our actions on the environment, Lifebit’s policy is to ensure that, wherever reasonably practicable, we work together to try and reduce the negative impacts our actions can have, for example, the impact of our travel. Our net zero target is to reduce our greenhouse gas emissions to net zero emissions on or before our target by 2040.

  Covid-19 recovery

  The Lifebit Platform supports organisations working on COVID-19 vaccines and treatments by providing a secure research environment that brings analysis and researchers to the data. Our clients have used the Lifebit Platform to create a research environment for COVID-19 data and analytics, providing world-class patient data security as the data never leaves the environment, while also allowing flexible research access. Therefore harnessing the potential of genomic data research to continue developing vaccines and treatments, ultimately helping communities to manage and recover from the impact of COVID-19. Lifebit believes that data should never be an obstacle to curing diseases and saving lives. We strive to improve the health of individuals globally by enabling research and scientific discoveries through advanced technology and access to data.

  Tackling economic inequality

  Lifebit’s Economic Pledges: We pledge to facilitate collaboration between data custodians and pharmaceutical companies that will help alleviate funding constraints for data custodians. We pledge to support start-ups and SMEs through our supply chain to support new talent and innovation. Lifebit’s Education and Skills Pledges: We pledge to provide educational and knowledge-sharing opportunities for people working or studying in the global life sciences sector on topics relating to health informatics and genomics. We pledge to raise awareness of the role of data in curing disease amongst the science and research community. We pledge to provide our staff with opportunities to expand their knowledge and skills beyond mandatory training to support their career development.

  Equal opportunity

  We are committed to promoting equal opportunities in employment and creating a workplace culture in which diversity and inclusion are valued and everyone is treated with dignity and respect. As part of our zero-tolerance approach to discrimination in any form, all job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or parental status, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (protected characteristics). We are also committed to providing equitable treatment to all those we deal with as an organisation, including customers and suppliers. Employment and Volunteering Pledges : We pledge to create and retain an inclusive and diverse workforce that attracts people from all genders, races, ages, abilities, sexual orientation, religions and cultures. We pledge to use our skills, knowledge, and resources to empower and support people living in some of the underrepresented communities we serve.

  Wellbeing

  Lifebit’s Wellbeing Pledges: We pledge to enable our partners around the world to improve the quality of life for those living with disease through our technology by making data needed for research accessible. We pledge to continue to provide resources and opportunities that promote the social, physical and mental well-being of our employees. Lifebit’s Remote Working Policy: Lifebit is a remote-first company. Recognising the importance of mental health, Lifebit supports and values its employees' well-being and fosters an environment where individuals can thrive working remotely. By following this policy, we can maintain a harmonious relationship between personal well-being and professional growth. The benefits of remote working include job satisfaction, flexibility, and savings on travel costs, which reduce stress.

Pricing

• Price: £0 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@lifebit.ai. Tell them what format you need. It will help if you say what assistive technology you use.