At BD, we are on a journey toward advancing cybersecurity maturity in our products, manufacturing operational technology (OT), and enterprise information technology (IT). Patient care can be interrupted, and even compromised, when a medical device cannot be used or trusted because of a cyberattack. Partnering with our suppliers is of utmost importance in the effort to reduce the possible exploitation of information security vulnerabilities and preserve patient safety. Therefore, suppliers who access, manage, operate, administer, or process BD information or assets, regardless of where the information and assets reside or where they are accessed from, are subject to the BD Information Security requirements in their contractual terms and conditions.
In addition, suppliers to BD will
- Immediately notify BD of any information security incidents involving any BD Data or BD systems by contacting their account representative or infosec@bd.com
- Cooperate in any investigation in connection with an Information Security Incident, in accordance with any such terms set forth in their contract.
Suppliers are expected to comply with all applicable Legislative and local regulations concerning protection of information and information assets. Compliance to these expectations is applicable to supplier personnel and subcontractors who service BD.
If you have questions about our practices for Supplier Cybersecurity Risk Management or supplier information security expectations, please contact: Supplier_Cyber_Risk_Mgmt@bd.com