IT, Security & Compliance Overview

1. Overview

LabHQ is a cloud-hosted LIMS (Laboratory Information Management System) provided by Broughton Software, a UK-based software company, and we support commercial and regulated laboratory environments.

This document provides a high-level overview of our IT, security and compliance practices. It is intended to support customer due diligence and does not replace contractual, legal or regulatory obligations. Additional information may be provided upon request where appropriate.

2. Platform & Hosting

LabHQ is delivered as a Software-as-a-Service (SaaS) platform.

The service is hosted on Amazon Web Services (AWS) and production systems are hosted in the European Union. Customer data is not transferred outside the hosting region without prior agreement with the customer.

LabHQ follows the AWS shared responsibility model, where AWS is responsible for the security of the underlying cloud infrastructure and LabHQ is responsible for the security of the application and customer data stored within the platform.

3. Data Segregation & Access Control

LabHQ is a multi-tenant platform. Customer data is segregated per tenant using application and database-level controls.

Access to customer data is restricted to authorized users based on role-based access control (RBAC).

Internal access to production systems is limited to authorized personnel and follows the principle of least privilege.

4. Data Protection & Privacy

LabHQ processes customer data in accordance with applicable data protection requirements, including the UK GDPR and EU GDPR.

LabHQ acts as a data processor for customer data. Data minimization principles are applied.

A limited number of third-party suppliers act as subprocessors where required to deliver the service. Subprocessors are assessed prior to use and are contractually required to implement appropriate safeguards.

5. Security Controls

LabHQ applies security controls aligned with industry best practices and the principles of recognized security frameworks, such as ISO 27001, proportionate to the size and risk profile of the organization.

Key controls include:

  • Secure authentication and password management
  • Centralized logging and monitoring
  • Secure software development and change management practices

6. Backup & Resilience

Production data is backed up daily using AWS-managed backup services. Immutable backups are used to protect against accidental or malicious deletion.

Backups are retained for defined periods based on operational and compliance needs. Backups are maintained in a warm state to support timely restoration.

7. Vulnerability Management & Security Assurance

LabHQ maintains a vulnerability management process that includes regular patching and dependence updates.

Independent third-party penetration testing is performed periodically. Identified findings are assesses, prioritized and remediated based on risk.

LabHQ does not currently hold ISO 27001 or SOC 2 certification.

8. Incident Management

LabHQ maintains documented procedures for identifying, managing and responding to security incidents.

Incidents are assessed and remediated in a timely manner.

Customers are notified of material security incidents affecting their data or service availability in line with contractual and regulatory requirements.

9. Compliance & Shared Responsibility

LabHQ supports customer compliance efforts by providing a secure and well-controlled platform. Customers are responsible for:

  • Managing user access and permissions
  • Ensuring appropriate use of the platform in line with their regulatory obligations
  • Securing their own devices and networks

10. Continuous Improvement

Security, reliability and compliance are reviewed on an ongoing basis. Controls and processes are enhanced over time in line with business growth, customer requirements and evolving risk.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us