Patient Safety
This principle requires Roche Diagnostics products to be on-label, validated, and operated with patient safety as the primary focus.
Cybersecurity: A Holistic Approach
Cybersecurity transcends IT, cybersecurity is an all-encompassing concept, covering physical security, IT components, privacy, laws, and more. Cybersecurity's essence lies in safeguarding our systems and protecting data, boosting confidence about the safety of our digital products.
“For over 125 years, Roche has been synonymous with safety and trust. The same holds true today as we develop digital solutions. Our cybersecurity and privacy program involves all the activities we do to shield our customers and patients from cyber threats." Tom Pendergast, Customer Security Assurance Lead at Roche Diagnostics
Segmentation Strategy
As part of our segmentation strategy, Roche meticulously limits communication, deploying hardware and software firewalls alongside a unique whitelisting agent.
Defense in Depth
Network-based security involves using multiple security measures and layers to protect information and devices. This concept ensures that if one defense layer fails, another layer will be in place to prevent an issue.
Zero Trust and Threat-Based Methodology
Our Zero Trust and Threat-Based methodologies bolster customer trust and system security. Roche's commitment to the "Zero Trust" approach, a philosophy of "verify first, then trust." The company requests specific access to customer networks, allowing only essential communication. Moreover, Roche employs a "threat-based methodology," proactively addressing potential attack vectors before a system reaches a customer environment.
Least Privilege
This principle mandates that the user of the Roche system must be provided the minimum levels of access – or privileges – necessary to perform the system’s intended function. Limiting access to what is necessary can reduce the potential damage caused by a security incident.
On Demand Support with Security Experts
Roche employs talented security experts worldwide to ensure the entire portfolio of Roche systems can be supported 24/7/365. Roche has created a layered control strategy to ensure only Qualified Roche individuals have the ability to connect to a customer and to provide customers with system support.