You are on our international English website. This site features our entire product portfolio worldwide. The products featured may not be available in the US. If you are a citizen from the US, please visit your country website for local information and contacts.
Medical Technology for healthcare professionals
Global website (English)
back
Medical Technology
recommended searches
popular searches
Information protection and cyber security. Modern safety digital background
CYBERSECURITY & DATA PRIVACY

Cybersecurity at ZEISS Medical Technology

Protecting products and data
Cybersecurity Support Center on MyZEISS
Cybersecurity
Contact us

ZEISS Cybersecurity and Data Privacy Governance Program

As the digitalization of healthcare evolves, the landscape of cybersecurity threats is also evolving. Securely protecting products and data across the connected care environment is critical.

At ZEISS Medical Technology, just as innovation is part of our DNA, so is cybersecurity readiness. We design and manufacture our products with security built in. Through our ZEISS Cybersecurity and Data Privacy Governance Program, we manage security risks across the product lifecycle and monitor the digital landscape to protect the security of our products from emerging threats and vulnerabilities.

  • Cybersecurity experts

  • 360° Secure product lifecycle

  • Secure development lifecycle processes

ZEISS Cybersecurity and Data Privacy Governance Program

ZEISS Cybersecurity experts

Behind every product

Working across our organization, and in collaboration with our partners and customers, our global team of information security experts is dedicated to protecting your products and your data.

Their expertise in secure product lifecycle development processes helps to prevent, detect and respond to cyber threats and to ensure our products adhere to quality standards. 

Our security experts work closely with business and product management to integrate information security and data privacy within our products embedding “Secure by Design” and “Privacy by Design” principles and processes throughout the product lifecycle. With our developers and suppliers, the team enhances the security of our products and monitors the product lifecycle and cybersecurity landscape for potential risks, vulnerabilities and threats, acting quickly to mitigate.

360° Secure Product Lifecycle management and mitigation of security risks

360° Secure product lifecycle

Management and mitigation of security risks

Our products are designed, tested and maintained based on industry standards and best practices to manage security risks across the product lifecycle. Our products are equipped with integrated security features and controls, allowing our customers to securely deploy, operate, and ensure compliance to standards and regulations such as, HIPAA, GDPR and ISO 27001 within their specific environments. Within our product generation and product lifecycle processes, we address:

  • Authentication and authorization
  • Access controls
  • Auditing and logging
  • Data backup and recovery
  • Data encryption (at rest & in transit)
  • Malware detection/protection
  • Secure configuration and hardening

With a 360° cybersecurity risk management process across our products, we can identify, assess, mitigate and effectively manage security risks against the evolving cybersecurity threat landscape in a timely and consistent manner.

Dedicated cybersecurity team

Secure development lifecycle processes

Security and data privacy are at the heart of our product development lifecycle processes, with security designed in at each step.
  • Planning & requirements

    Security requirements

    Baseline requirements

    Cybersecurity and data protection requirements are defined in the first steps of our product generation process.

    In addition to compliance with international standards, laws and regulations, ZEISS has established standards to ensure state-of-the-art cybersecurity across our product portfolio. These standards are based on best practices, the current threat landscape, international security frameworks and other sources, such as customer requirements, or product-specific security objectives.

  • Architecture & design

    Secure design

    Threat modeling

    As an essential part of product design and defining product architecture, threat modeling is used early in the product design process to identify security threats, risks and potential vulnerabilities.

    In threat modeling, we systematically analyze applicable threats to a product, assessing and rating the criticality to that product. Based on this criticality rating, in combination with known weaknesses and vulnerabilities, the design and/or architecture of a product is adapted accordingly to tackle threats before they become risks.

    Additionally, as an important part of our “Security by Design” approach, the product design and architecture are reviewed by dedicated security experts.

  • Development

    Secure development

    Secure Coding

    Secure code reviews are performed throughout the product development process to ensure critical security flaws or potential vulnerabilities are identified early within the lifecycle.

    Additionally, specially trained security engineers are mandatory members of the product development teams to ensure best practices and state-of-the-art cybersecurity in coding. A team of dedicated, highly qualified security experts are also available for consultation on any security questions.

  • Testing

    Security testing

    Static & Dynamic Application Security Testing (SAST/DAST)

    Static application security testing, with a white-box approach and focus on source code content, as well as dynamic application security testing, with a black-box approach and focus on vulnerabilities is performed throughout the development process to identify potential vulnerabilities and errors which could impact software quality.

    Software Composition Analysis (SCA)

    Monitoring of third-party software components regarding known vulnerabilities is performed across the lifecycle to minimize risks from open source software.

    Vulnerability testing

    Products are scanned for vulnerabilities across the lifecycle to proactively identify vulnerabilities which may pose a risk.

    Penetration testing

    Products are penetration tested by trusted third-party entities to identify potential threats or vulnerabilities.
     

  • Monitoring & maintenance

    Security monitoring & maintenance

    Continuous threat and vulnerability management

    We monitor software and conduct assessments to detect, identify and prioritize threats and risks of our supported products in the market. Threat and vulnerability scans are conducted, and based on the results, assessments are done to identify new threats and risks. Subsequently, actions to maintain appropriate levels of cybersecurity are defined, according to the level of criticality.

    Security patch management

    Security patches are developed, tested and released according to the level of criticality to mitigate risks to customers’ products and their infrastructure.

ZEISS Cybersecurity FAQs

  • Yes. Our ZEISS Cybersecurity and Data Privacy Governance Program is designed to support and protect our products and services, ensuring the confidentiality, integrity, and availability of our customers’ data and systems.

    Through our ZEISS Cybersecurity and Data Privacy Governance Program, our dedicated team of security experts work across the organization to integrate information security and data privacy within our products and across the product lifecycle. They provide governance, guidance and oversight of information security and data privacy. They establish policies, processes and procedures, fostering a culture of best practices, to ensure our products adhere to quality standards, and to prevent, detect and respond to cyber threats.

    Our team of experts, addressing product security throughout the product lifecycle, consists of:

    • Business Information Security Officers (BISO)
    • Information Security Managers (ISM)
    • Information Security Officers (ISO)
    • Product Security Officers (PSO)
    • Security Engineers
    • Cloud Security Specialists
    • Data Privacy Experts
    • Threat and Vulnerability Managers

    These experts address security topics in our product generation process, such as:

    • Authentication and authorization
    • Access controls
    • Auditing and logging
    • Data backup and recover
    • Data encryption (at rest & in transit)
    • Malware detection/protection
    • Secure configuration and hardening

  • Yes. We review of our policies and procedures regularly and update them, as needed.

  • Yes. We have a vendor management program in place which includes a thorough evaluation of third-party vendors’ cybersecurity practices before engagement. We assess their security controls, conduct audits, and require their adherence to our cybersecurity policies.

  • We utilize a risk assessment framework that considers the potential impact as well as exploitability and likelihood of various cybersecurity risks. This helps prioritize and allocate resources effectively to address the most critical risks first. We stay up to date on emerging threats and vulnerabilities which helps to ensure our risk assessments remain comprehensive.

  • Yes. Threat modeling, according a recognized method, is required and is performed per process.

Contact us

Sales and product inquiry

Form is loading...

For more product information or making a sales request.
Please indicate your product interest and information requirement.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.

Service inquiry

Form is loading...

For assistance or questions regarding your ZEISS product.
Please fill in this form and we will get back to you.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.

General inquiry

Form is loading...

For general inquiries related to careers, press, company information.
Please provide details to your request.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.