Skip to main content

23andMe Achieves ISO/IEC 27001:2013 Certification

September 30, 2019

SUNNYVALE, CA – September 30, 2019 – 23andMe, the leading consumer genetics company, is pleased to announce that it has achieved ISO 27001:2013 certification for its Information Security Management System (ISMS). 23andMe’s ISMS supports all the processes related to saliva-based direct-to-consumer (DTC) genetic testing business unit, Research/Clinical Trial Recruitment business unit, and Therapeutics business unit.

ISO/IEC 27001:2013 is an internationally recognized standard used to ensure companies have security measures and countermeasures that protect against unauthorized access or compromise. 

Achieving the ISO 27001 compliance certifies that 23andMe has the required information security policies, procedures and controls in place to protect sensitive information. A formal audit performed by the accredited certification body A-LIGN,  showed 23andMe has successfully met a rigorous standard for establishing, implementing, maintaining and continually improving its ISMS; including 114 technical information security and privacy controls such as:

  • Systematically conducting the information security assessments and examining the risks, taking account of threats, vulnerabilities, and impacts
  • Encrypted communications between all platform components
  • Restricted access control (granting access on a need-to-know basis)
  • Comprehensive security & privacy review of the vendors
  • Increased information security awareness through ongoing training 
  • Ongoing third party security assessments & audits 

“23andMe believes that everyone deserves a secure, private place to explore and understand their genetics. Obtaining ISO 27001 certification is a tremendous recognition showing that we are providing exactly that,” said Ashutosh Agrawal, Sr. Security & Privacy Compliance Manager. “This certification underscores our commitment to implementing industry leading security practices and safeguarding our customers’ data.” 

About 23andMe

23andMe, Inc., headquartered in Sunnyvale, CA, is a leading consumer genetics and research company. Founded in 2006, the company’s mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA clearances for genetic health reports. The company has created the world’s largest crowdsourced platform for genetic research, with 80% of its customers electing to participate. The 23andMe research platform has generated more than 180 publications on the genetic underpinnings of a wide range of diseases. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics across a spectrum of disease areas, including oncology, respiratory, and cardiovascular diseases, in addition to other therapeutic areas. More information is available at