Information Security at Roche

We are committed to protect information, uphold data privacy and stay ahead of emerging cybersecurity threats.

Information Security is central to our goal of developing the medicines, diagnostics and insights that help people live longer, better lives. Our work revolves around data, and the integrity of that data must be protected.

Information Security allows us to proceed swiftly in developing medical advancements, unhindered by the kind of damaging attacks that might take companies offline for seconds or minutes, or even months.

Information Security preserves the security of our partners — healthcare organisations that can only collaborate with third parties whose systems they know won’t compromise their devices, products and, most importantly, patient data.

Patient safety and privacy

Patient safety and privacy are of the utmost importance to Roche, and we comply with applicable global, regional and local laws, regulations, standards and policies. Our robust list of certifications provide assurance that Roche is maintaining a comprehensive information security management (ISM) framework with strong security governance, state-of-the-art risk management, effective security controls and processes, appropriate IT and information security organisation operations, commitment at all levels of management, and very high employee awareness of best practices in cybersecurity,

Our certifications

  • ISO 27001

  • SOC2 Type 2


  • ISO 27701

  • Cyber Essentials (UK)

Constantly testing and improving

Cyber security threats are constantly evolving, as such our technical experts are constantly improving our security posture through a multipronged approach. We conduct penetration tests, web security vulnerability tests and daily network perimeter tests. We also benefit from external expertise through our Vulnerability Rewards Program, which invites hackers (yes, real hackers!) to search for bugs and security flaws at our websites. Contact us for more.

Growing our information security capabilities in-house

Embedding security into our business strategy means that, unlike many of our competitors, we don’t outsource the majority of our information security organisation. Instead, we prioritise growing our security capabilities in-house. “By cultivating a supportive, fulfilling work environment, we increase our ability to attract and retain top security talent,” says Tim Ehrhart, Chief Information Security Officer.  Learn more about a career in Information Security at Roche.

This website contains information on products which is targeted to a wide range of audiences and could contain product details or information otherwise not accessible or valid in your country. Please be aware that we do not take any responsibility for accessing such information which may not comply with any legal process, regulation, registration or usage in the country of your origin.

ContactLocationslinkedinfacebooktwitterinstagramyoutubeCovid-19Pharma solutionsRoche careersMedia libraryAnnual Report 2023Privacy policyLegal statement