23andMe Achieves ISO/IEC 27001:2013 Certification

SUNNYVALE, CA – September 30, 2019 – 23andMe, the leading consumer genetics company, is pleased to announce that it has achieved ISO 27001:2013 certification for its Information Security Management System (ISMS). 23andMe’s ISMS supports all the processes related to saliva-based direct-to-consumer (DTC) genetic testing business unit, Research/Clinical Trial Recruitment business unit, and Therapeutics business unit.

ISO/IEC 27001:2013 is an internationally recognized standard used to ensure companies have security measures and countermeasures that protect against unauthorized access or compromise. 


Achieving the ISO 27001 compliance certifies that 23andMe has the required information security policies, procedures and controls in place to protect sensitive information. A formal audit performed by the accredited certification body A-LIGN,  showed 23andMe has successfully met a rigorous standard for establishing, implementing, maintaining and continually improving its ISMS; including 114 technical information security and privacy controls such as:


  • Systematically conducting the information security assessments and examining the risks, taking account of threats, vulnerabilities, and impacts
  • Encrypted communications between all platform components
  • Restricted access control (granting access on a need-to-know basis)
  • Comprehensive security & privacy review of the vendors
  • Increased information security awareness through ongoing training 
  • Ongoing third party security assessments & audits 


“23andMe believes that everyone deserves a secure, private place to explore and understand their genetics. Obtaining ISO 27001 certification is a tremendous recognition showing that we are providing exactly that,” said Ashutosh Agrawal, Sr. Security & Privacy Compliance Manager. “This certification underscores our commitment to implementing industry leading security practices and safeguarding our customers’ data.” 


About 23andMe

23andMe, Inc. is the leading consumer genetics and research company. Founded in 2006, the mission of the company is to help people access, understand, and benefit from the human genome. 23andMe has millions of customers worldwide, with more than 80 percent of customers consented to participate in research. 23andMe, Inc. is located in Sunnyvale, CA. More information is available at www.23andMe.com.

Media Contact(s)

For press inquiries, please contact [email protected]

For healthcare professionals, please contact [email protected]