Information Security at Fresenius Kabi

At Fresenius Kabi, we recognize that information security is essential to maintaining the trust of our customers, patients, and business partners. We are committed to protecting information through responsible governance, appropriate use, and strict adherence to legal and regulatory requirements. 

 

Our Approach to Information Security

We take information security seriously and have implemented a range of organizational, technical, and procedural safeguards to protect the data entrusted to us.

We maintain a published Cybersecurity Policy that defines clear roles and responsibilities within our organization. Our dedicated security team oversees global security auditing and compliance while defining and maintaining the controls necessary to protect Fresenius Kabi’s data, applications, and infrastructure.

To stay ahead of emerging threats, the team continuously monitors relevant security notifications and shares alerts across the organization to ensure awareness and a proactive response.

Secure Data Management

We follow a structured approach to data classification, applying appropriate safeguards based on sensitivity. Sensitive data is encrypted both in transit and at rest whenever feasible. We manage access to information systems through clearly defined processes to ensure data is only accessible to those who need it.

Access Control Management

We implement role-based access controls, ensure each user has a unique account with strong password requirements, and follow the principles of least privilege and need-to-know access. Administrative rights are restricted to dedicated accounts. Remote access to internal systems is secured using VPN connections with multi-factor authentication (MFA).

Vulnerability & Patch Management

We actively manage vulnerabilities through a structured patch management process, promptly applying updates across endpoints, operating systems, and infrastructure. Regular internal and external vulnerability scans, alongside bi-annual penetration testing with our independent partner, Cobalt Labs Inc., help us identify and address potential weaknesses.

Incident Response 

We take a proactive and structured approach to cyber defense to ensure the security of our systems, data, and operations. Our dedicated Cybersecurity Emergency Response Team (CERT) continuously monitors, detects, and responds to cyber threats, while also preventing incidents before they occur. In the event of a security incident, we act swiftly and in a coordinated manner to contain and resolve the situation.

Endpoint Protection

All company laptops are fully encrypted and equipped with centrally managed antivirus software. Devices automatically lock after periods of inactivity, and mobile devices are managed through a Mobile Device Management (MDM) system that enforces PIN protection and remote wipe capabilities in case of loss or theft.

Network and Email Security

We protect our network and email systems through network segmentation, traffic filtering, and controlled wireless access. Corporate and guest networks remain separated, with regularly rotated wireless keys for security. We block inappropriate or malicious websites and filter phishing emails and other harmful content through secure email gateways.

Logging and Monitoring

To support monitoring and rapid threat detection, we store and analyze logs from applications and infrastructure systems. Centralized log analytics and alerting platforms help us detect anomalies and respond promptly, in line with regulatory requirements.

Employee Training and Awareness

We believe people are central to cybersecurity. That’s why we conduct regular training using engaging, easy-to-understand formats to strengthen awareness across the organization. Under our motto “Cybersecurity is a team sport,” we empower every employee to be part of our defense strategy. We also run quarterly phishing simulation campaigns to help employees identify and report suspicious emails.

Physical Security

We maintain robust physical security across all Fresenius Kabi offices and production sites, including badge-based access controls and strict visitor registration procedures.

Through these combined measures, we work to protect sensitive information and maintain the trust of our customers, patients, and partners worldwide.