We prioritize industry-leading security standards and embrace technical innovation to protect the data that matters most.
Roche is committed to the highest data protection standards, implementing advanced security practices tailored to our digital systems:
Each device is configured with strict security settings to minimize vulnerabilities and prevent unauthorized access. This includes implementing security policies that restrict device functionality to only necessary operations.
We use encryption to protect data both at rest and in transit, ensuring that sensitive information remains confidential and secure against interception or tampering.
Our products undergo extensive security testing, including penetration testing and vulnerability assessments, to identify and address potential security gaps before products are released. Regular audits ensure ongoing compliance with these standards.
Roche employs a proactive cybersecurity approach grounded in zero-trust and threat-based methodologies:
We operate on a “verify first, then trust” basis. Every access request, whether for on-premise or cloud-based systems, undergoes thorough verification, minimizing the risk of unauthorized access. This includes continuous monitoring of access points and only allowing essential communication channels, especially in client network integrations.
We anticipate and mitigate potential attack vectors during the design phase of product development. This includes conducting thorough threat assessments, simulating potential attack scenarios and implementing robust countermeasures. For example, before deploying a new healthcare application, Roche simulates cyber-attacks to identify vulnerabilities and reinforce system defenses.
Roche’s defense-in-depth strategy adds multiple layers of security to protect patient and customer data across digital healthcare systems:
We employ strict access management, including role-based access controls, ensuring that only authorized personnel can access sensitive data, reducing the risk of data exposure.
MFA is required for all Roche applications and systems, preventing unauthorized access even if login credentials are compromised. This adds an extra layer of protection to our secure environment.
Our digital infrastructure is protected by firewalls, intrusion detection systems and continuous network monitoring, which actively detect and block suspicious activity. These protections ensure the integrity and confidentiality of our systems and data.
As Roche continues to advance its digital healthcare solutions, we are bridging the reliability of on-premises medical devices with the scalability of cloud-based systems. This hybrid approach enables the delivery of secure, resilient solutions tailored to evolving healthcare needs.
In cloud environments, we extend our defense-in-depth approach by incorporating multiple layers of security tailored to cloud infrastructure, including vendor-mandated firewalls, encryption protocols and strict access controls. Each layer ensures that data remains secure even in highly distributed and scalable cloud systems.
Roche’s commitment to security includes strict adherence to privacy laws and global standards such as GDPR, HIPAA and other relevant regulations. By staying current with evolving regulations and security expectations, we ensure our systems are ready for tomorrow’s challenges.
Secure remote support
Roche is committed to delivering top-tier support and implementation services to its customers worldwide. We strive to deliver exceptional support across various clinical settings, prioritizing trust and security in all interactions.
Proactively monitoring digital environments is a key aspect of our service organization's commitment to identifying and addressing potential issues before they arise. Our customer support organization is equipped with robust monitoring systems, supported by dedicated teams ready to take action when needed.
Only trained and authorized Roche personnel are permitted to access and support our digital products. This strict user management, governed by the certified Roche Information Security Management System (ISMS), ensures secure handling of customer data and system operations.
At Roche, quality is at the core of our service approach. We uphold stringent quality management practices to ensure every interaction is met with precision and reliability, reinforcing the trust customers place in our services.
Roche is dedicated to ensuring patient safety and compliance while addressing data privacy requirements through robust cybersecurity measures such as mandatory firewall implementation, data encryption and access control. Our comprehensive approach aligns with global standards, emphasizing the security and confidentiality of patient data.
Roche's extensive experience in the healthcare sector, combined with over 30 years in laboratory software development, ensures that our solutions are designed with the highest level of security and compliance in mind.
Since 2019, all Roche customers are required to use the Roche-provided firewall for all customer hardware installations. This critical component:
Acts as the primary defense against cyber threats, preventing malware from affecting patient-safe systems.
Establishes a secure, isolated zone for operations, enhancing system resilience.
Standardized network setups reduce the time needed for repairs and responses during cybersecurity incidents.