Diagnostics Product Cyber Security Statement

for products and services in the UK and Ireland

Statement Principles

 

We strongly agree with the International Medical Device Regulators Forum (IMDRF) that information security in the operation of In Vitro Diagnostic (IVD) products and services is a shared responsibility between all members of the digital healthcare ecosystem.

With that in mind, we partner with you (our customers) together with:

●     Industry bodies: including NHS Digital, NHS England, NHS Improvement, Health and Safety Executive (HSE), Digital Health & Care Scotland (eHealth), Digital Health and Care Wales (NWIS), HSC Business Services Organisation, National Cyber Security Centre (UK and IE), ABHI, TechUK.

●     Regulators: Medicines and Healthcare products Regulatory Agency (MHRA), Health Products Regulatory Authority (HPRA)

●     Standards organisations (BSi)

●     Suppliers

●     Institutions, academicians, security researchers, and other stakeholders

to stay ahead of information security threats and risks, to implement appropriate mitigations, and meet the changes or additions to regulatory or certification requirements from the markets we serve.

We incorporate industry-standard security principles in the design and development of our products and services from day 1 (Privacy by Design). In doing so, we take a risk-based approach that recognises the intended use, user environment, and other important factors which impact the type and level of security controls required (Security by Default).

After product launch, we continuously monitor trusted sources of information about security threats, vulnerabilities and security incidents to identify security risks throughout the product life cycle. Then by the timely development of security updates or implementation of compensating controls we work with you to mitigate the impact to the intended use, safety, and effectiveness of our products and services, or to the confidentiality, availability, or integrity of the associated data.

It is our policy to hold our suppliers to the same standards to which we hold ourselves.

Should you, as our partners, become aware of potential vulnerabilities or incidents associated with any of our products we encourage you to contact us via our DIALog portal, or via email to “[email protected]” so that we can register your concern, analyse the risk and advise mitigation actions.

The security of your information is one of our top priorities and we work hard using a robust information security management system, to mitigate such risks and provide you with independent assurance of that via the NHS Digital Data Security and Protection Toolkit together with our certifications to ISO 27001:2013 and Cyber Essentials Plus.

Further details are available in our Product Cyber Security and Information Security brochures.