Security Overview

At LabLynx, our security plan is currently based on NIST 800-53 v4. We must comply with HIPAA as a business associate for many clients. State privacy programs apply for clients with privacy laws, such as NY and CA. Security and privacy controls are maintained such that our clients are capable of complying with their many security, privacy, and laboratory standards, frameworks and regulations.

We have a cross-organizational committee that meets regularly on cybersecurity issues. We ensure policy training during onboarding, policy issuance, and randomized security tests. All LabLynx organizations, departments, and activities are responsible for ensuring that their programs are in compliance with LabLynx policies. Organizations must actively monitor management practices and controls, and take remedial action when significant deficiencies are encountered or improvements needed. We keep our server operating systems up to date with scheduled maintenance tasks, weekly reviews for vulnerabilities and periodic reviews of infrastructure.

This document describes the overall LabLynx security plan and can be used when evaluating the security of your supply chain for a LIMS. The hosted applications such as ELab are designed to be configurable to comply with your specific security requirements. Clients are capable of making many such configurations such as, but not limited to: users and profiles, access controls such as password complexity and history, session length, login info banners, and auditing of user account changes.