BD announced today that it has secured ISO certification for its enterprise-level Information Security Management System.
The Franklin Lakes, New Jersey–based company said the ISMS meets a rigorous set of independently audited international standards. BD says the ISO/IEC 27001:2022 certification demonstrates its commitment to protecting the company, customers and patients from cybersecurity threats.
The International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) established the global ISO/IEC 27001:2022 standard. Certification means an organization is establishing, maintaining and continually improving on its information security systems.
“Cybersecurity continues to be a top priority for Merck and all of health care,” said Michael Harrison, associate director of supplier risk management for Merck.
Harrison added in the BD news release: “As an important supplier to Merck, BD’s ISO 27001 certification demonstrates it is aligned with Merck’s cybersecurity priorities and is committed to maintaining a cybersecurity program designed to protect medical devices, hospitals and patients.”
ISO/IEC 27001:2022 standards also include requirements for assessing and addressing information security risks.
“ISO 27001 certification provides fundamental assurance for customers that BD meets rigorous international standards for managing information security, including protected health information and personal identifiable information,” said Rob Suarez, BD’s chief information security officer. “This distinction validates that our system for managing information security is appropriately designed and implemented, which is especially critical as regulatory demands for effective cybersecurity controls increase around the world.”
Other BD cybersecurity efforts
BD has sought to make itself a leader when it comes to cybersecurity. Last year, the company said it was first medical technology company authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.
BD has developed a mature Coordinated Vulnerability Disclosure program for its customers. In 2020, it launched its BD Cybersecurity Trust Center and issued an inaugural cybersecurity annual report.