User Profile
Select your user profile
Article

Our cybersecurity approach and guiding principles

Our cybersecurity and privacy principles guide and control Roche products. They are the foundational concepts that form the basis of secure system design, operation, and maintenance.

Patient Safety

 

This principle requires Roche Diagnostics products to be on-label, validated, and operated with patient safety as the primary focus. 

 

Cybersecurity: A Holistic Approach

 

Cybersecurity transcends IT, cybersecurity is an all-encompassing concept, covering physical security, IT components, privacy, laws, and more. Cybersecurity's essence lies in safeguarding our systems and protecting data, boosting confidence about the safety of our digital products.

 

“For over 125 years, Roche has been synonymous with safety and trust. The same holds true today as we develop digital solutions. Our cybersecurity and privacy program involves all the activities we do to shield our customers and patients from cyber threats." Tom Pendergast, Customer Security Assurance Lead at Roche Diagnostics

 

Segmentation Strategy

 

As part of our segmentation strategy, Roche meticulously limits communication, deploying hardware and software firewalls alongside a unique whitelisting agent.

 

Defense in Depth

 

Network-based security involves using multiple security measures and layers to protect information and devices.  This concept ensures that if one defense layer fails, another layer will be in place to prevent an issue. 

 

Zero Trust and Threat-Based Methodology

 

Our Zero Trust and Threat-Based methodologies bolster customer trust and system security. Roche's commitment to the "Zero Trust" approach, a philosophy of "verify first, then trust." The company requests specific access to customer networks, allowing only essential communication. Moreover, Roche employs a "threat-based methodology," proactively addressing potential attack vectors before a system reaches a customer environment.

 

Least Privilege

 

This principle mandates that the user of the Roche system must be provided the minimum levels of access – or privileges – necessary to perform the system’s intended function. Limiting access to what is necessary can reduce the potential damage caused by a security incident.

 

On Demand Support with Security Experts 

 

Roche employs talented security experts worldwide to ensure the entire portfolio of Roche systems can be supported 24/7/365.  Roche has created a layered control strategy to ensure only Qualified Roche individuals have the ability to connect to a customer and to provide customers with system support.