BD announced its enterprise-level Information Security Management System (ISMS) has been certified to a rigorous set of independently audited international standards for information security.

ISO/IEC 27001:2022 is a globally recognized set of information security standards established by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC). Certification provides assurance that an organization conforms with specific requirements for managing information security, including establishing, implementing, maintaining, and continually improving its Information Security Management System (ISMS).

“Cybersecurity continues to be a top priority for Merck and all of health care,” says Michael Harrison, associate director of supplier risk management for Merck. “As an important supplier to Merck, BD’s ISO 27001 certification demonstrates it is aligned with Merck’s cybersecurity priorities and is committed to maintaining a cybersecurity program designed to protect medical devices, hospitals and patients.” 

ISO/IEC 27001:2022 standards also include requirements for assessing and addressing information security risks. During the two-stage external audit process, auditors verified the company’s Information Security policies, Statement of Applicability (SoA) and Risk Treatment Plan (RTP) to certify that BD meets ISO/IEC 27001:2022 requirements.

“ISO 27001 certification provides fundamental assurance for customers that BD meets rigorous international standards for managing information security, including protected health information and personal identifiable information,” says Rob Suarez, chief information security officer for BD. “This distinction validates that our system for managing information security is appropriately designed and implemented, which is especially critical as regulatory demands for effective cybersecurity controls increase around the world.”