Skip to main content

Privacy and Cybersecurity Policies & Information Security

You can view our privacy statement here. Privacy within client applications would utilize the client privacy statements and links.

Information Security

LabLynx's information security standard governs the security, protection, and handling of LabLynx information and records, and defines four broad information security classifications:

  • Internal: Data is made available to internal company personnel as appropriate for their role.
  • Public: Data is freely available to the public.
  • Confidential: Access to data requires special qualifications or is covered by legal agreements. Examples include PII, PHI, the "special" GDPR categories, PCI-regulated data, data covered by NDAs, and so on.
  • Restricted: Data that could lead to irreparable harm, criminal charges, or similar if accessed without Authorization.

Access to data must be restricted to users or information systems with a legitimate business need and authorized by the data owner or an authorized delegate of the owner. Authorization is on a need-to-know basis. Access is restricted to performing a specific job task. This requires that access is permissible to only the data, programs, or portions of the operating system to perform assigned functions or explicitly required for system functionality. Systems shall be configured to enforce access privileges based on job classification and function.

Encryption

Data at rest will be encrypted for all systems of moderate or higher risk impact and will be considered for systems of low impact. All data in transit will be encrypted with modern algorithms appropriate to the software. For web traffic, this is currently TLS version 1.2 or higher.

Data Sharing & Retention

LabLynx holds all client electronic data and records for at least 6 years unless directed otherwise. Clients can request adherence to their internal retention policy. Clients are responsible for providing such a policy upon agreement between both parties. LabLynx is responsible for data and records of clients that are hosted and maintained on LabLynx servers.

Back to top