Data Security in the New Lab--ISMS as a Systematic Approach

Protecting laboratory data is of paramount importance, and it is an organization-wide responsibility that involves the creation of an Information Security Management System (ISMS). In a new lab that utilizes software such as Laboratory Information Management System (LIMS), an organization’s ISMS is a centrally managed framework that enables the organization to manage, monitor, review and improve its security practices in a systematic and structured manner. The ISMS contains the policies, procedures and controls designed to ensure the confidentiality, integrity and availability of laboratory data. It is designed to ensure that (1) only those people with proper authorization have access, (2) data is kept accurate and complete, and (3) data can be accessed when it is needed. This talk will review the elements of an effective ISMS, including the following policy areas: information security, change management, incident management, access control, disaster recovery, backup and restore, software development, communications, risk assessment, acceptable use, human resources, administration, vendor management, privacy, monitoring and audit, and cloud system life cycle.