navify® digital solutions⏐Digital trust⏐Process and procedures Security Advisory.

Home

Threat-based methodology

Roche aims to apply a proactive security methodology across the entire product lifecycle, beginning pre-launch.

During the design phase, we anticipate and mitigate potential security risks via risk assessments and various testing techniques to identify vulnerabilities. Depending on the solution, this approach may include threat-based techniques to address attack vectors.

Vigilance continues post-deployment. Before full deployment of version updates (which may include security or vulnerability related patches), potential attack scenarios may be conducted to ensure the product remains robust against emerging threats.

Risk management

Roche maintains the resilience of its solutions against evolving healthcare threats by using a structured process to proactively identify, evaluate and mitigate risk, ensuring customers benefit from reliable consistency throughout the lifecycle of each product.

Incident response

When an incident arises, Roche affiliates serve as the first customer contact, escalating the issue to the Product Team if needed. The Product Team activates response mechanisms, analyzes the root cause and implements necessary fixes/patches.

For escalated incidents, the central point of contact is the Product Security & Privacy Organization (PSPO). The PSPO confirms the incident, provides severity-based playbooks, coordinates the overall response and manages compliant communications and reporting with the affiliate.

Report an incident

Secure remote support

Trained and authorized Roche personnel provide customer support using remote access technologies for troubleshooting, patch updates and incident investigations.

For advanced 2nd/3rd level support, sensitive data may be accessed by Roche approved service providers and collaboration partners.

Trusted data use

Penetration testing

As part of our multi-layered defense strategy, Roche conducts extensive penetration testing. Our goal is to identify and resolve potential security risks – safeguarding our products from their first release through their entire lifecycle.

We anchor this strategy in three values: comprehensive coverage, expert verification and transparent remediation.

Vulnerability management

Vulnerability management and reporting

Roche engages in vulnerability management in the following ways:

Input from intrusion protection and detection systems
Industry information
Internal employees
Customers and other external actors

Roche encourages internal and external resources to notify Roche of potential threats and or vulnerabilities.

Report a vulnerability

Roche provides transparent communication on known vulnerabilities.

Learn more about Product Security Advisory

Disclaimer

Not every digital product is available in all markets. The use of any third-party app is subject to a separate license agreement with the respective third-party app developer. Roche gives no warranties (express or implied) with regard to any third-party app. Third-party apps might not be available in your country. This website and its content may be accessible worldwide, Roche assumes no liability with regard to the access to the information, which may not be compatible with legislations or regulations in force in your country.
MC--19864