LC-MS-IQ Security Overview
Version 1.0
LCMS IQ, LLC
Purpose
This document provides a high-level overview of security practices, system architecture, customer responsibilities, and data handling within LC-MS-IQ.
This document is informational only and does not constitute a warranty, guarantee, certification, audit report, service level commitment, or regulatory compliance statement.
Product Overview
LC-MS-IQ is a web-based laboratory analytical review and decision-support platform designed to assist laboratories in reviewing LC-MS/MS analytical data.
The platform provides:
- Peak validation
- Calibration review
- Quality control review
- Health monitoring
- Trend analysis
- Engineering diagnostics
- Reporting support
LC-MS-IQ is not intended for storage or processing of Protected Health Information (PHI).
Shared Responsibility Model
Security is a shared responsibility between LCMS IQ, LLC and the customer.
LCMS IQ, LLC is responsible for:
- Software development
- Application security controls
- Authentication mechanisms
- Infrastructure configuration under its control
- Security updates under its control
Customer is responsible for:
- User management
- Password management
- Access control decisions
- Uploaded content
- Device security
- Network security
- Data retention
- Regulatory compliance
- Backup procedures
PHI Restriction
LC-MS-IQ is not designed, marketed, or intended for storage, transmission, processing, or management of:
- Protected Health Information (PHI)
- Electronic Protected Health Information (ePHI)
- Patient-identifiable information
Users should not upload:
- Patient names
- Medical record numbers
- Dates of birth
- Social Security numbers
- HIPAA-regulated identifiers
Any upload of such information is unauthorized unless covered by a separate written agreement.
Authentication
Access to LC-MS-IQ requires authenticated user accounts.
Authentication controls may include:
- Username and password credentials
- Session management
- Account-based access controls
- Company-level access segregation
Users are responsible for maintaining the confidentiality of their credentials.
Password Security
Users are responsible for:
- Maintaining strong passwords
- Protecting account credentials
- Preventing unauthorized account access
Users should not:
- Share credentials
- Reuse compromised passwords
- Store passwords insecurely
Access Controls
LC-MS-IQ is designed to restrict access based upon authenticated user accounts.
Users should only access information for which they are authorized.
Customers are responsible for:
- User account creation
- User account removal
- User role assignment
- User access review
Data Segregation
LC-MS-IQ is designed to logically separate customer information by organization.
Users should only have access to data associated with their authorized organization.
Data Storage
LC-MS-IQ stores information necessary to provide software functionality.
Examples may include:
- User accounts
- Configuration settings
- Uploaded analytical files
- Historical trend information
- Generated reports
- Audit information
- System logs
Customers remain responsible for determining whether use of the platform is appropriate for their environment.
Encryption
LCMS IQ, LLC may utilize encryption technologies where appropriate.
However, no security technology can guarantee complete protection from unauthorized access, interception, disclosure, alteration, or destruction.
Customers acknowledge these inherent risks.
Logging and Monitoring
System activity may be logged for:
- Security purposes
- Troubleshooting
- Operational monitoring
- Error investigation
- System maintenance
Logs may include:
- User activity
- Login activity
- Error events
- System events
- Administrative actions
Software Updates
LCMS IQ, LLC may periodically release:
- Security updates
- Bug fixes
- Feature updates
- Infrastructure updates
Customers are responsible for evaluating updates and determining whether continued use remains appropriate.
Third-Party Services
LC-MS-IQ may rely upon third-party services including:
- Hosting providers
- Authentication providers
- Database providers
- Monitoring providers
- Email providers
Availability and security of third-party services are outside the direct control of LCMS IQ, LLC.
Customer Security Responsibilities
Customers should maintain:
- Strong passwords
- Secure workstations
- Current operating system updates
- Current browser updates
- Appropriate antivirus protection
- Appropriate network security controls
- Appropriate backup procedures
Customers remain solely responsible for their local security environment.
Incident Response
Customers who become aware of suspected security concerns relating to LC-MS-IQ should promptly notify LCMS IQ, LLC.
LCMS IQ, LLC may investigate reported incidents at its discretion.
No specific response time, remediation time, or investigation timeline is guaranteed.
Backup Responsibility
Customers remain responsible for maintaining copies of information necessary for their operations.
LCMS IQ, LLC does not guarantee:
- Backup availability
- Data recovery
- Historical data retention
- Disaster recovery outcomes
Customers should maintain independent copies of any information required for regulatory, operational, quality, or business purposes.
Availability
LCMS IQ, LLC does not guarantee:
- Continuous availability
- Continuous operation
- Continuous accessibility
- Error-free operation
- Uninterrupted service
Customers must maintain contingency plans sufficient to continue operations in the event LC-MS-IQ becomes unavailable.
Regulatory Compliance
Use of LC-MS-IQ does not transfer responsibility for:
- HIPAA compliance
- CLIA compliance
- CAP compliance
- COLA compliance
- State regulations
- Federal regulations
- Accreditation requirements
Customers remain solely responsible for compliance activities.
Security Limitations
No software system, cloud platform, network, authentication system, database, or internet-connected service can be completely secure.
Customers acknowledge that security risks are inherent in all information systems.
LCMS IQ, LLC makes no warranty that unauthorized access, disclosure, interruption, corruption, or loss of information will never occur.
Contact Information
Questions regarding security may be directed to:
LCMS IQ, LLC
Email: ___________________
Website: __________________
Revision History
| Version | Date | Description |
| 1.0 | __________ | Initial Release |