QS0025-03: Information Security Policy

Question 1

QS0025-01: Information Security Policy

How is Personally Identifiable Information (PII) defined?

Answer 1

Personally Identifiable Information, PII, is any information that can be associated with a unique individual or used to identify, locate, or contact a unique individual.

Question 2

QS0025-01: Information Security Policy

What are four information security classifications defined in the Information Security Policy?

Answer 2

Restricted, Confidential, Internal, and Public.

Question 3

QS0025-01: Information Security Policy

Who is responsible for protecting PII data hosted on behalf of Lablynx clients?

Answer 3

Any persons with access to, use or communicate any LabLynx information.

Question 4

QS0025-01: Information Security Policy

How is the “Restricted” information defined?

Answer 4

Information of a strategic nature that, if disclosed without authorization, would cause substantial, severe, or irreparable damage to LabLynx or its relationships.

Question 5

QS0025-01: Information Security Policy

How must the physical media, such as hard copy records, be protected?

Answer 5

Physical media, such as hard copy records, must be protected with locks or equivalent controls.

Question 6

QS0025-01: Information Security Policy

What actions may be taken if sensitive information is improperly disclosed?

Answer 6

Unauthorized disclosure of LabLynx information or failure to adequately protect that information may lead to disciplinary action, including termination or release.

Question 7

QS0025-01: Information Security Policy

Summarize the “Record and Information” Owner’s responsibilities?

Answer 7

Identify security classifications, periodic risk assessments, and access