Our approach to security

Table of Contents

Security by design Infrastructure security Organisational security Product security Internal security procedures Data and privacy Independent assurance Our commitment

At Reach Industries, security is at the heart of how we design, build and operate Lumi. We know that our customers rely on us to protect sensitive scientific data, and we take that responsibility seriously. You can read more about our approach here.

Please visit our Trust Center for more information.

Security by design

Lumi is built with security baked into every layer. From the way we architect our infrastructure to the policies we follow as a company, our goal is to safeguard both your data and the integrity of our platform.

We use industry-leading practices across five key areas:

Infrastructure security

Strict access controls for production systems, databases and networks
Multi-factor authentication and encrypted connections for all remote access
Continuous monitoring with intrusion detection, logging and performance alerts
Firewalls, network segmentation and system hardening aligned to best practice
Encryption is enforced across all production systems, with keys securely managed and access restricted to authorised personnel

Organisational security

Security awareness training for every employee, refreshed annually
Confidentiality agreements signed by all staff and contractors
Background checks for new hires
Formal asset disposal processes and encrypted portable media
Clear visitor procedures for secure areas
We use Vanta to continuously verify that antivirus protection, password management, and key access controls are active across all computers in our organisation, not just our production systems

Product security

Encryption of sensitive data at rest and in transit
Regular penetration testing and vulnerability assessments
Control self-assessments to validate that safeguards are working as intended
Lumi follows a regular maintenance and update schedule, with libraries and dependencies patched promptly when security notices or vulnerabilities are identified

Internal security procedures

Business Continuity and Disaster Recovery plans
Formal change management and configuration management processes
Role-based access requests and approvals
Documented security policies reviewed annually
Incident response policies to detect, track and resolve issues quickly
Vendor management and third-party agreements with confidentiality commitments

Data and privacy

Defined data classification policy to ensure the right level of protection
Formal retention and disposal procedures for customer and company data

Independent assurance

We maintain our security posture through a combination of continuous monitoring and independent review. Vanta continuously monitors our controls, while external penetration testing firms validate our defences through regular assessments. Our practices are aligned with recognised industry standards, including SOC 2 and ISO 27001 compliance.

Our commitment

By combining strong technical safeguards with clear policies and regular independent review, we ensure Lumi remains a trusted platform for scientific discovery and manufacturing.

If you’d like to learn more, please contact us at security@lumi.systems.