Franklin operates as a fully web-based Software-as-a-Service (SaaS) platform, eliminating the need for local installations or dedicated infrastructure. To ensure reliable access, optimal performance, and secure handling of sensitive genomic data, the following technical and security prerequisites must be met by the operating environment.
Supported Operating Systems and Browsers
Franklin is accessible through modern web browsers on standard desktop and laptop operating systems. The following configurations are supported:
Component | Requirement |
Operating System | Windows 10 or higher; macOS 11 (Big Sur) or higher |
Recommended Browser | Google Chrome (version 110 or above) |
Other Supported Browsers | Microsoft Edge, Safari, Firefox (latest stable versions) |
Browser Requirements | JavaScript and cookies must be enabled |
Note: Google Chrome is the recommended browser for optimal performance and full feature compatibility. Other supported browsers should be kept at their latest stable versions.
Display Requirements
A minimum screen resolution sufficient to support the proper display, readability, and usability of the user interface is required. The platform is designed for use on desktop and laptop displays; tablet or mobile device screens are not recommended for clinical workflow use.
IT Security and Authentication
Franklin enforces strict authentication and access control mechanisms to ensure that only authorized users can access the platform and its data.
Control | Description |
User Credentials | Each user must access the platform using individual, role-based login credentials |
Two-Factor Authentication | 2FA is available as a configurable security feature and can be enforced according to organizational policy |
Password Policy | Minimum 8 characters (organizational policies may enforce a higher minimum, such as 15 characters), including uppercase, lowercase, numerics, and special characters |
Session Management | Session timeout features are available; organizations using SSO have automatic session expiration. Manual logout is recommended when not using SSO |
Role-Based Access | Access permissions are assigned based on User Roles (Director, Analyst, Accessioner) and Organizational Roles (Admin, Member). Custom roles can also be configured |
See also: For detailed guidance on authentication, password policies, role definitions, and access control, refer to the Access Control and Authentication article.
Data Security
All data handled by the Franklin platform is protected throughout its full lifecycle using industry-standard encryption and access controls:
Measure | Details |
Encryption in Transit | AES-256 encryption via SSL/TLS for all data transmitted over the internet and internally within the cloud |
Encryption at Rest | AES-256 and SHA-256 encryption at the storage level for all stored data |
Access Permissions | Set on a per-user-per-sample basis; access depends on the context (analysis) in which files are used |
Data Sharing | Can only be performed via the platform itself, under administrator-defined permissions |
Audit Logging | Secure audit logs for all data access are maintained for six years |
Data Purging | Strict data purging policy ensures data is safely deleted when an authorized user requests deletion |
See also: For detailed information about data handling, privacy governance, and regulatory compliance, refer to the Technical and Procedural Security and Privacy Safeguards article.
Infrastructure Security
Franklin is hosted on Amazon Web Services (AWS), leveraging a comprehensive security, privacy, and compliance framework. The infrastructure is designed and managed in alignment with regulatory requirements and global security best practices:
All computation instances operate within Virtual Private Clouds (VPCs), which are logically isolated networks with minimal external and internal access.
Where possible, no multitenancy of physical resources is permitted; computations are performed on dedicated instances.
Computation instance reuse is limited to the same user and project to prevent data leakage. Bioinformatics applications run within containerized environments with restricted capabilities and strict firewall rules.
Strict stateful network firewalls protect all servers, including those processing confidential user data.
Regular software and infrastructure vulnerability assessments and periodic penetration tests are conducted.
A rigorous patch management policy and regular server updates are maintained based on criticality.
Availability and Disaster Recovery
Franklin is designed to provide high availability and resilience for clinical workflows:
Aspect | Details |
Data Durability | 99.999999999% durability over a given year |
Data Availability | 99.99% availability of objects over a given year |
Redundancy | All data is redundantly stored on multiple devices across multiple facilities, designed to sustain concurrent loss of data in two facilities |
Secure Facilities | Data is stored and processed in high-security data centers with backup power and strict physical access controls |
Disaster Recovery | Documented disaster recovery and incident response plans are in place to ensure appropriate recovery steps and timely stakeholder notification |
See also: For detailed backup procedures, recovery objectives, and incident restoration processes, refer to the Technical and Procedural Security and Privacy Safeguards article.
Regulatory Compliance
The Franklin platform and its underlying infrastructure are aligned with the following regulatory and compliance frameworks:
Standard | Description |
ISO 27001 | International standard for information security management systems (ISMS) |
HIPAA | Health Insurance Portability and Accountability Act compliance for protected health information |
GDPR | EU General Data Protection Regulation for data privacy and protection |
User Responsibilities
To maintain a secure operating environment, users and their organizations are responsible for the following:
Ensuring that workstations and browsers meet the minimum requirements specified above.
Keeping browsers and operating systems up to date with the latest security patches.
Ensuring that individual login credentials are not shared and that two-factor authentication is properly configured.
Complying with applicable organizational and regulatory data handling requirements.
See also: For user-level security responsibilities and cybersecurity warnings, refer to the Security-Relevant Warnings and Information article. For network configuration requirements, refer to the Network and Connectivity Guidance article.