Cybersecurity hero image

Cybersecurity

  

Our commitment to cybersecurity

Security is a foundational and fundamental aspect of Stryker's technology programs and is led by Alan Douville, our Chief Information Officer and Chief Information Security Officer, as established in Corporate Policy 11 Global Privacy and Data Protection. Alan, along with our senior leadership team, meets with our Board of Directors quarterly and the Corporate Compliance Committee multiple times a year to provide cybersecurity updates. Alan is certified in information security and leads the Corporate Security Sub-committee.

We have a thorough global security programme encompassing both corporate and product security that is committed to attaining and retaining external certifications including Global ISO 27001 and the SOC 2 certification of Stryker’s health cloud. Stryker has not entered into an information security risk insurance policy.

  

Cybersecurity overview

Our cybersecurity programme leverages a defence-in-depth strategy that is supported by a highly experienced team of cybersecurity experts. Our team follows leading industry cybersecurity practices and methodologies and leverages Artificial Intelligence and Machine Learning to provide state-of-the-art global cybersecurity protection.

We have strong relationships with government partners, cybersecurity industry partners and security researchers to enhance our cybersecurity profile across our highly regulated and controlled infrastructure for facilities, data and assets. Some of our key memberships include:

  • Gartner Institute Research Board (IRB) for Enterprise Risk Executives and CISO’s Health-ISAC
  • CISO Coalition
  • Critical Manufacturing Sector
  • Sector Coordinating Council
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • Department of Homeland Security (DHS)
  • Anti-Terrorism Advisory Council (ATAC)
  • Cincinnati CISO Roundtable
  • Infragard Chicago HealthCare ISAC

Cybersecurity at Stryker is a multi-faceted programme. Our programme includes a Tier 1 and Tier 2 Security Operations and Cyber Fusion Centre that monitors and detects threat activity 24/7 to proactively gather, analyse and act upon relevant intelligence to defend Stryker, including risk management, compliance assurance, regulatory and audit. The programme also includes teams dedicated to digital product security and traditional product security and a global incident response plan.

Our programme conducts security-related exercises quarterly to improve our ability to provide coverage for our digital products and corporate infrastructure, the safeguarding of data and incident response. In addition, our Quality Management Programme includes internal and external security reviews of products and systems, and security and privacy by design.

  

Our certifications

Our security team holds approx. 120 security, risk and compliance certifications including:

  • 2 Cloud Security Professionals (CCSP)
  • 1 Certified Protection Professional (CPP)
  • 33 Certified Ethical Hackers (CEH)
  • 9 Certified Information System Security Professional (CISSP)
  • 4 Certified Chief Information Security Officer (C|CISO)
  • 1 Certified IT System Risk (CRISC)
  • 2 ISO 27001 (International Security Standards)
  • 3 Certified Information System Auditors (CISA)
  • 2 Certified Information System Manager (CISM)

  

Training and awareness 

We have implemented annual mandatory security education to help employees understand security risks and comply with our policies. Additionally, we provide frequent communications around pertinent security topics and policies to all employees. These include formal and awareness training such as newsletter articles, direct email, posters, digital signage, town halls and presentations. We provide additional security and data protection training and awareness of specific topics consistent with employee roles.

  

Third-party security

We conduct cybersecurity and privacy assessments on all third parties who integrate with Stryker’s data, network, systems and products. We use a combination of our Security Operations Centre and external tools to help ensure that these third parties meet security requirements. We leverage standard industry threat model and privacy impact assessment concepts to help ensure data minimisation and adequate data protections are in place.

We perform supplemental reviews commensurate with the risk associated with each vendor.

  

Product security 

Product security is dedicated to the safety and security of our global products. Product security is an integral part of our holistic global security programme.

We utilise a continuous improvement approach focused on enhancements to the software development lifecycle and new technical capabilities that reinforce the effectiveness of defence-in-depth security controls used to protect our products.

For more information on Product security, advisories and notifications, please follow this link.

SYK CORP 2021-03-13