Secure processes and procedures
Information security is more than just installing the latest security tools or patching systems. Secure business processes and procedures are paramount to the security of our environment. Thermo Fisher Scientific maintains robust procedures in several key areas, including: Change Management, Data Backup, and Security Incident Management.
Change management
All changes to production systems, whether they are software, hardware, or network, are required to utilize a standardized change management process. The process is maintained within a change management system validated to 21 CFR Part 11 Electronic Document Management standards.
Data backup
Performing backups is an effective way to safeguard against the risk of losing data due to technical, human, or environmental factors. All critical systems are regularly backed up according to industry best practices based on the criticality and security requirements of the information involved. Backups are comprised of a combination of on-site, off-site, and cloud-based solutions providing a comprehensive backup strategy for our data.
Security incident management
100% prevention of security incidents is the ideal standard, but the reality of information security today is security incidents can occur due to new or unforeseen circumstances. Our fully staffed Security Operations Center continuously monitors our environment through a variety of automated and analyst-driven processes, resulting in quick detection and response to potential security incidents. Our security incident management processes include:
- Threat intelligence gathering and analysis
- Aggregation and analysis of system logs
- Emergency response management
- Email/phone support for reporting incidents
- Proactive threat hunting
Governance and monitoring
The information security program and its policies are aligned with the International Organization for Standardization (ISO) framework. Input has also been incorporated from the National Institute of Standards and Technology (NIST) Cyber Security framework. Audits are conducted both internally and externally on an annual basis to ensure program adequacy.
Regulatory responsibility and program compliance
Thermo Fisher Scientific has information security compliance requirements that span several regulations, regions, and countries, and include the following:
- The Sarbanes-Oxley Act of 2002 (SOX)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Payment Card Industry (PCI) Data Security Standard, Version 3.2
- Regulation (EU) 2016/679 of The European Parliament and of the Council (General Data Protection Regulation)
Back to top
About Thermo Fisher Scientific
Thermo Fisher Scientific Inc. is the world leader in serving science, with annual revenue exceeding $30 billion. Our Mission is to enable our customers to make the world healthier, cleaner and safer. Whether our customers are accelerating life sciences research, solving complex analytical challenges, improving patient diagnostics and therapies or increasing productivity in their laboratories, we are here to support them. Our global team of more than 80,000 colleagues delivers an unrivaled combination of innovative technologies, purchasing convenience and pharmaceutical services through our industry-leading brands, including Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific, Unity Lab Services and Patheon.
For more information, please visit
© Copyright 2021 Thermo Fisher Scientific Inc. All rights reserved.
