CLOSE
MENU
Banner Image of Privacy and AI
Banner Image of Privacy and AI

Cybersecurity

The Bausch + Lomb IT Security Department implements a Cybersecurity Program to manage Information Security risks through developing policies and guidelines aligned with laws and best practices to reduce information security risks through several key activities:

The Bausch + Lomb IT Security Department implements a Cybersecurity Program to manage Information Security risks through developing policies and guidelines aligned with laws and best practices to reduce information security risks through several key activities:

  • Policy Development: Creating cybersecurity policies, procedures, and guidelines based on laws, regulations, and industry best practices, all tracked in an IT Policy list on the IT Security SharePoint.
  • Risk Assessment: Conducting regular risk assessments to identify security gaps, recommending mitigation measures, and documenting unresolved risks in a central registry.
  • Safeguards: Applying physical and logical security controls across five core functions: Identification, Protection, Detection, Response, and Recovery. This includes measures such as vulnerability assessments, security training, penetration testing, multi-factor authentication, network monitoring, incident response plans, and business continuity solutions.
  • Incident Response: Managing security breaches according to established response processes.
  • Security Awareness and Communication: Promoting cybersecurity awareness and providing guidance on vulnerability remediation for IT staff.
  • Service Providers: Ensuring third-party providers comply with privacy and security requirements through contractual agreements and periodic security testing.
  • Periodic Review: Updating the program at least twice a year to address new cybersecurity threats, regulatory changes, and organizational developments.
  • Policy Compliance:Monitoring adherence to the program, with disciplinary actions for violations, and requiring users to report suspected breaches.
  • Exceptions:Allowing for exceptions to policies in certain cases with written approval and compensating controls documented via a formal risk acceptance process.

This comprehensive approach aims to maintain a strong and adaptive cybersecurity posture for
Bausch + Lomb.

  • Policy Development: Creating cybersecurity policies, procedures, and guidelines based on laws, regulations, and industry best practices, all tracked in an IT Policy list on the IT Security SharePoint.
  • Risk Assessment: Conducting regular risk assessments to identify security gaps, recommending mitigation measures, and documenting unresolved risks in a central registry.
  • Safeguards: Applying physical and logical security controls across five core functions: Identification, Protection, Detection, Response, and Recovery. This includes measures such as vulnerability assessments, security training, penetration testing, multi-factor authentication, network monitoring, incident response plans, and business continuity solutions.
  • Incident Response: Managing security breaches according to established response processes.
  • Security Awareness and Communication: Promoting cybersecurity awareness and providing guidance on vulnerability remediation for IT staff.
  • Service Providers: Ensuring third-party providers comply with privacy and security requirements through contractual agreements and periodic security testing.
  • Periodic Review: Updating the program at least twice a year to address new cybersecurity threats, regulatory changes, and organizational developments.
  • Policy Compliance:Monitoring adherence to the program, with disciplinary actions for violations, and requiring users to report suspected breaches.
  • Exceptions:Allowing for exceptions to policies in certain cases with written approval and compensating controls documented via a formal risk acceptance process.

This comprehensive approach aims to maintain a strong and adaptive cybersecurity posture for
Bausch + Lomb.