Product Privacy and Cybersecurity
Partnering with our customers to deliver secure products and services
At Werfen, we take product privacy and cybersecurity challenges very seriously and are committed to continuously transform our organization to address these. We strive to protect our clients against threats that could compromise our systems or patient data, and ultimately patient care.
Product Privacy and Security is a company-wide responsibility embedded within Werfen’s organization and processes. At Werfen, we have developed a Product Privacy and Cybersecurity Action Program based on four fundamental pillars.
We institutionalize the functions and culture related to privacy and cybersecurity.
POLICY & PROCESS
POLICY & PROCESS
We establish the standard policies and processes required in each functional area.
We implement privacy and security by design and by default and deploy mitigations for on-market products adapting to changing landscapes.
We communicate our approach to privacy and security and share critical vulnerabilities and mitigation actions.
Our commitment to continuous adherence to this Action Program enables us to deliver products that support client efforts to protect patient data and hospitals from cyberthreats, to ensure that patient care is never interrupted or compromised — now and in the future.
To better mitigate patient harm as a result of cybersecurity, in addition to post-market actives, we proactively address cybersecurity risks in the design stage.
User needs research
Privacy and security requirements are included in the user needs document.
Phase 1: Design inputs
Privacy and security design inputs are incorporated.
Phase 2: Design outputs
- Design output is inclusive of privacy and security requirements.
- Security testing starts as an ongoing activity in this phase.
Phase 3: Design verification
Security testing (including penetration and vulnerability testing) continues in this phase.
Phase 4: Design transfer
- SW Anti-Malware scanning is performed at this stage.
- Security Testing continues.
Phase 5: Design validation
- Privacy and Security Risk Assessment is conducted with Beta Customers.
- Privacy and Security Beta Labeling.
- Security Testing within the product design life-cycle ends at this phase.
Phase 6: Product launch
Final Privacy and Security Labeling (Whitepaper, SBOM, Cybersecurity Guide, MSD2).
* Product Lifecycle supported by continuous Medical Device Cybersecurity Risk Assessment and Threat Modeling.