SYNTHIA™ Retrosynthesis Software has successfully transitioned to the latest ISO/IEC 27001:2022 certification, marking an important update in our information security management practices. This certification is a globally recognized standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

By achieving ISO 27001:2022 certification, Synthia reinforces its commitment to maintaining robust security protocols and protecting user data. This update assures our users, particularly those in the field of chemistry, of the reliability and security of our platform as we continue to support innovative research and development in digital chemistry solutions.

The ISO 27001:2022 standard introduces several updates from the 2013 version, reflecting the evolving landscape of cybersecurity and technological advancements. It emphasizes on addressing current threats on cloud security, data protection, and cyberattacks. The updated controls are categorized into themes such as organizational, people, physical, and technological security measures, allowing for a more focused approach to managing information security.

Additionally, the 2022 version places a stronger focus on risk management, encouraging organizations to adopt a risk-based approach to information security. This ensures that security measures are tailored to address specific threats effectively, which is crucial in today's digital environment.

The ISO 27001:2022 update introduced 11 new controls to enhance information security management systems. These controls are designed to address contemporary cybersecurity challenges and improve the overall security framework:

• Threat Intelligence: Procedures for collecting and analyzing information about security threats.
• Information Security for Cloud Services: Principles for using cloud services and managing associated risks, including criteria for selecting secure providers.
• Information and Communication Technology (ICT) Readiness for Business Continuity: Identifying continuity requirements for key ICT services.
• Physical Security Monitoring: Establishing surveillance systems for facilities with critical systems.
• Configuration Management: Using standard templates for secure configurations of data systems and networks.
• Information Deletion: Procedures for deleting data from systems and storage devices when no longer needed.
• Data Masking: Implementing techniques to hide sensitive data, such as masking or anonymization.
• Data Leakage Prevention: Measures to prevent data leaks from systems and networks.
• Monitoring Activities: Procedures for monitoring networks and systems for abnormal behavior and managing security incidents.
• Web Filtering: Managing access to websites to reduce exposure to malware.
• Secure Coding: Establishing rules for secure coding to reduce technical vulnerabilities in software.