Skip to main content

Policies & Information Security

You can view our privacy statement here. Privacy within client applications would utilize the client privacy statements and links.

Information Security

LabLynx's information security standard governs the security, protection, and handling of LabLynx information and records, and defines four broad information security classifications:

  • Internal: Data is made available to internal company personnel as appropriate for their role.
  • Public: Data is freely available to the public.
  • Confidential: Access to data requires special qualifications or is covered by legal agreements. Examples include PII, PHI, the "special" GDPR categories, PCI-regulated data, data covered by NDAs, and so on.
  • Restricted: Data that could lead to irreparable harm, criminal charges, or similar if accessed without Authorization.

Access to data must be restricted to users or information systems with a legitimate business need and authorized by the data owner or an authorized delegate of the owner. Authorization is on a need-to-know basis. Access is restricted to performing a specific job task. This requires that access is permissible to only the data, programs, or portions of the operating system to perform assigned functions or explicitly required for system functionality. Systems shall be configured to enforce access privileges based on job classification and function.

Policies

  • Change Management Policy
  • Access Control Policy
  • Configuration Management Policy
  • Data Management Policy
  • Development Integration and Maintenance Policy
  • End-User Messaging Policy
  • End-User Computing Policy
  • Malicious Software Policy
  • Password Control Policy
  • Information Security Policy
  • Laptop Encryption Policy
  • Log Management Policy
  • Problem and Incident Management Policy Server
  • and Host Security Policy
  • Separation of Duties Policy
  • Incident Response Plan
  • Third Party Services Policy
  • Disaster Recovery Policy
Back to top