You are on our international English website. This site features our entire product portfolio worldwide. The products featured may not be available in the US. If you are a citizen from the US, please visit your country website for local information and contacts.
Medical Technology for healthcare professionals
Global website (English)
back
Medical Technology
recommended searches
popular searches
Information protection and cyber security. Modern safety digital background

Cybersecurity at ZEISS Medical Technology

Protecting your products and your data
Cybersecurity Support
Cybersecurity
Contact us

As the digitalization of healthcare evolves, the landscape of cybersecurity threats is also evolving. Securely protecting products and data across the connected care environment is critical.

At ZEISS Medical Technology, just as innovation is part of our DNA, so is cybersecurity readiness. Through the ZEISS Cybersecurity and Data Privacy Governance Program, we manage security risks across the product lifecycle and monitor the digital landscape to protect the security of our products from emerging threats and vulnerabilities.

ZEISS Cybersecurity and Data Privacy Governance Program

ZEISS Cybersecurity and Data Privacy Governance Program

Through the ZEISS Cybersecurity and Data Privacy Governance Program, our global team of data security experts is dedicated to protecting your products and your data.

Working proactively across our organization, and in close collaboration with our partners and customers, our security experts work to foster a culture of best practices, embedding “Secure by Design” and “Privacy by Design” principles and processes throughout the product lifecycle. They closely monitor the cybersecurity landscape for potential risks, vulnerabilities and threats, acting quickly to mitigate.

ZEISS Cybersecurity Experts

ZEISS Cybersecurity Experts

Behind every product is the ZEISS Cybersecurity Expert Team. Our global team of dedicated data security experts serve as trusted advisors across the organization, working closely with business and product management to integrate information security and data privacy within our products and across the product lifecycle.

The ZEISS Cybersecurity Team works in close collaboration with our developers and suppliers to enhance security in our products, monitoring the product lifecycle and cybersecurity landscape to address potential vulnerabilities and protect against threats.

The team provides guidance, governance and oversight of information security and data privacy, establishing policies, processes and procedures, and fostering a culture of best practices. Their expertise in secure product lifecycle development processes helps to ensure that our products adhere to quality standards and to prevent, detect and respond to cyber threats.

Our team of experts includes:

  • Business Information Security Officers (BISO)
  • Information Security Managers (ISM)
  • Information Security Officers (ISO)
  • Product Security Officers (PSOs)
  • Security Engineers
  • Cloud Security Specialists
  • Data Privacy Experts
  • Threat and Vulnerability Managers

Dedicated cybersecurity team

360° Secure Product Lifecycle

Our products have security capabilities and controls built in, enabling our customers to safely deploy, operate and manage compliance to standards and regulations such as, HIPAA, GDPR and ISO 27001 within their respective environments.

Our products are designed, tested, and maintained based on industry standards and best practices to manage the security risks of our products across the product lifecycle.

By establishing and implementing a 360° cybersecurity risk management process across our products, we can identify, assess, mitigate and effectively manage security risks against the evolving cybersecurity threat landscape in a timely and consistent manner.

Secure Development Lifecycle Processes

Security and data privacy are at the heart of our product development lifecycle processes, with security designed in at each step.
  • Planning & requirements

    Planning & requirements

    Baseline requirements

    We establish security controls and guidances so appropriate safeguards are designed into the product.

  • Architecture & design

    Architecture & design

    Threat modeling

    We use threat modeling early in the product design process to identify security threats, risks and potential vulnerabilities.

  • Development

    Development

    Secure coding

    We perform secure code reviews to identify security flaws and potential vulnerabilities early in the product development process.

  • Testing

    Testing

    Static & dynamic application security testing (SAST/DAST)

    We perform analysis testing to identify potential vulnerabilities and errors which could impact software quality.

    Software composition analysis (SCA)

    We monitor third-party software components to minimize risks from open source software.

    Vulnerability testing

    We scan products to proactively identify vulnerabilities which may pose a risk.

    Penetration testing

    Trusted third-party entities perform penetration testing to identify potential threats or vulnerabilities.

  • Monitoring & maintenance

    Monitoring & maintenance

    Continuous threat and vulnerability management

    We monitor and conduct assessments to detect, identify and prioritize threats and risks.

    Product patch management

    We develop, test and release patches to mitigate risks to customers’ products and their environment.

ZEISS Cybersecurity FAQs

  • Yes. Our ZEISS Cybersecurity and Data Privacy Governance Program is designed to support and protect our products and services, ensuring the confidentiality, integrity, and availability of our customers’ data and systems. Through our ZEISS Cybersecurity and Data Privacy Governance Program, our dedicated team of security experts work across the organization to integrate information security and data privacy within our products and across the product lifecycle. They provide guidance, governance and oversight, establishing policies, processes and procedures to ensure our products adhere to quality standards, and to prevent, detect and respond to cyber threats.

  • Yes. We review of our policies and procedures regularly and update them, as needed.

  • Yes. We have a vendor management program in place which includes a thorough evaluation of third-party vendors’ cybersecurity practices before engagement. We assess their security controls, conduct audits, and require their adherence to our cybersecurity policies.

  • We utilize a risk assessment framework that considers the potential impact and likelihood of various cybersecurity risks. This helps prioritize and allocate resources effectively to address the most critical risks first. We also stay up to date on emerging threats and vulnerabilities to ensure our risk assessments are comprehensive.

  • Yes. Threat modeling is required and is performed per process.

Contact us

Sales and product inquiry

Form is loading...

For more product information or making a sales request.
Please indicate your product interest and information requirement.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.

Service inquiry

Form is loading...

For assistance or questions regarding your ZEISS product.
Please fill in this form and we will get back to you.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.

General inquiry

Form is loading...

For general inquiries related to careers, press, company information.
Please provide details to your request.

The information entered in the contact form will be used to answer your request by Carl Zeiss Meditec AG, our local Carl Zeiss Meditec sales companies via email or phone. If you want to have more information on data processing at ZEISS please refer to our data privacy notice.