Certifications
The foundation of trust
Roche uses certifications to validate our high security standards.
Ensuring ongoing compliance and business continuity
Customers trust in Roche solutions for clinical and business decisions requires confidence in our ability to secure data and the critical infrastructure managing it, supporting reliable operations and business continuity. Roche aims to build this trust and confidence by complying with recognized industry standards and best practices for security and quality.
For navify® solutions we have chosen to certify our information security management system to the ISO/IEC 27k series (27001 / 27017 / 27018) as the foundation adding local certificates as required to operate in those markets. For solutions that comply with this framework cybersecurity and data privacy is implemented based on the following key tenants:
Security controls
Based on risk assessments navify solutions implement various technical, physical and administrative controls to mitigate risk.
Systematic management
Access to structured policies for continuous improvement and a leadership team to create, manage and deploy policies.
Protecting CIA
Safeguards the confidentiality, integrity and availability of data and systems.
Risk-based security
Manages security threats using risk assessment.
Global certifications
Below are a few available industry certifications Roche complies with.
For information regarding standards relevant to specific products or services, please consult a Roche representative.
Global certifications
ISO 27001:2022
The standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). This internationally recognized framework helps organizations of any size or sector manage and mitigate their information security risks in a systematic, holistic way, focusing on the confidentiality, integrity and availability (CIA) of their data. Achieving certification demonstrates to customers and partners that the organization adheres to global best practices for protecting its sensitive information.
ISO 27017:2015
The certification is supplemental to the ISO/IEC 27001 standard and helps organizations manage and mitigate cloud-specific information security risks, fostering trust and compliance in cloud environments.
ISO 27018:2019
The standard is a code of practice specifically for the protection of personally identifiable information (PII) within public cloud computing services. It provides cloud service providers (acting as PII processors) with controls and guidance to assess risks and implement measures for data privacy. Certification demonstrates a commitment to transparency and adherence to international best practices for safeguarding personal data in the cloud environment.
ISO 27701:2019
The international standard for privacy information management. It functions as an extension to the widely known ISO 27001 (information security), expanding its scope to specifically address the protection of personally identifiable information (PII).
While ISO 27001 focuses on keeping data secure (confidentiality, integrity, availability), ISO 27701 focuses on keeping data private (rights of the individual, consent and purposeful processing).
Data governance
At Roche, we follow strict data governance principles and privacy policies to ensure your information is secure and used only for its intended purpose. Our systems are designed to comply with global regulations and to safeguard your data at every step.
- Not every digital product is available in all markets. The use of any third-party app is subject to a separate license agreement with the respective third-party app developer. Roche gives no warranties (express or implied) with regard to any third-party app. Third-party apps might not be available in your country. This website and its content may be accessible worldwide, Roche assumes no liability with regard to the access to the information, which may not be compatible with legislations or regulations in force in your country.
- MC--19863