Zimmer Biomet maintains a comprehensive industry standard Global Product Security Program that includes secure total product lifecycle and secure product development framework (SECURE-TPLC/SPDF) for our portfolio of digital health technologies. Our Secure-TPLC/SPDF includes security-by-design, risk management & threat modeling, secure coding, vulnerability & patch management, application security testing, software composition analysis, penetration testing, quality assurance, formal change management, continuous monitoring & post-market surveillance, MDS2s, et al.
Product Security
Zimmer Biomet is committed to protecting the security of our patients and customers.
Our mission is to alleviate pain and improve the quality of life for people around the world. One of our guiding principles is our commitment to the highest standards of patient safety, quality and integrity in our products and services.
Commitment to Product Security
Leadership
Our top leadership continuously demonstrates commitment to product security. This includes ensuring that our strategies align with industry standard product security policies, objectives, and requirements at the forefront of initiatives and throughout. ZB leaders foster a culture of proactive security and continuous improvement throughout everything we do, including separation of duties, role-based access control, the least-privilege principle, and always applying a risk-based approach to prioritization. Zimmer Biomet has a dedicated CISO to oversee its Global Information Security Program and a Global Product Security Officer to oversee its Global Product Security Program.
Team Members
Our team members are committed to continuously improving security in our portfolio of digital health technologies. This includes annual training and awareness across the ZB enterprise as well as specialized role-based training. Our team members uphold the highest standards of patient safety and quality in our digital health products and services. Our product teams are required to perform product security risk assessments that bi-directionally triage with safety risk assessments in accordance with industry standards.
Policy & Governance
Zimmer Biomet maintains a set of information security programs, policies, and procedures, approved by management, published, and communicated to stakeholders. Policies are reviewed at planned intervals and as necessary to ensure their continuing suitability, adequacy, and effectiveness. Zimmer Biomet’s Information Security program has adopted the ISO 27001 standard for information security governance.
Please direct any/all communications
associated with our Digital Health Product Security to product.security@zimmerbiomet.com;
including any Coordinated Vulnerability Disclosure (CVD).