Is your procurement team evaluating our products? You might need more detailed security documentation. Below is a list of key documents and standards we can provide to help you stay organised and on track:

MDS2 – Manufacturer Disclosure Statement for Medical Device Security: This is a standardised form detailing security features and specifications of our medical devices. The MDS2 provides a structured summary of how the device handles security. We can provide the latest MDS2 for any of our devices upon request. Please contact your local Sysmex representative.

Security Whitepaper: A comprehensive whitepaper that outlines the overall security approach. This will assist your IT team in understanding how to integrate the device into your network. The whitepaper is available on request.

Company security:

• ISO27001 Certification: Sysmex Europe is certified to ISO27001, the international standard for Information Security Management Systems. We follow globally recognised practices to safeguard information. You can find the certification details here: ISO Certified Management Systems
• NIS2 Compliance: For our EU customers, we comply with the NIS2 directive’s requirements as an affected entity.

GDPR compliance: The General Data Protection Regulation is key when personal data is involved. We support the principles of GDPR and strive to ensure our products handle personal data responsibly.

ISO 14971: At Sysmex, safeguarding patient data and ensuring device security are fundamental to our mission. Our design and engineering teams apply the principles of ISO 14971 across all in-vitro diagnostic (IVD) products from the earliest stages of product development, analysing and evaluating risks and implementing effective risk controls to deliver uncompromising safety and compliance throughout the entire lifecycle.

Want to learn more? For an in-depth view of the documents mentioned above, feel free to reach out to your local Sysmex representative. We’ll be more than happy to process your document requests as soon as possible to help you complete your vendor assessment with confidence and ease.

Product integration in your IT or OT environment should be smooth and effortless, so your lab can operate worry-free and optimise your time and energy. Below are several resources that can help you to ensure a smooth and secure integration:

MDS2: The Manufacturer Disclosure Statement for Medical Device Security is equally useful for integrations. It details device security features (such as network ports used, encryption and user management), which helps in network planning.

Product Security Whitepaper: Our security whitepaper can guide your IT team on how the product is secured and highlight important considerations for installation.

IT/OT guide: We provide a comprehensive IT security whitepaper offering essential guidance for the installation, configuration, maintenance and operation of Sysmex in-vitro diagnostic (IVD) devices. As IT components are integral to device functionality, they must align with the regulatory requirements for in-vitro diagnostic (IVD) devices. While conventional IT security standards represent best practices within their domain, they do not fully address the specific needs and operational context of our industry, where classification as Operational Technology (OT) also applies. Therefore, network integration requirements should consider both IT and OT perspectives to ensure compliance, performance and safety.

Vulnerability assessment: We conduct vulnerability assessments on our products referencing common vulnerabilities and exposures (CVE) to identify and address potential security risks. This helps IT teams ensure that devices are deployed in a secure state and integrated safely into their network environment.

Optional security controls: In addition to built-in protections, we provide multiple additional security controls that can be activated based on your environment. These may include firewalls, smart locks, remote monitoring and management software, and other configurable safeguards. Such measures allow IT teams to further harden devices, restrict unauthorised access and maintain stronger operational oversight.

The specificity of cyberattacks is increasing at extraordinary rates and remains an active threat at all stages of the product lifecycle. That’s why we emphasise early security measures in our products and continuously evaluate and re-evaluate security and safety in collaboration with you.

This is crucial for identifying new vulnerabilities through our coordinated vulnerability disclosure (CVD) programme, allowing us to respond to real issues and provide tailored support for maintaining your security operations. Sysmex aims to empower everyone to take initiative in defining their security and reporting vulnerabilities.

Sysmex does not intend to engage in legal action against individuals who:

• test or research our products without causing harm or damage
• obtain customer consent before conducting vulnerability tests on their equipment or software
• adhere to CVD and do not disclose vulnerability details before the end of a mutually agreed timeframe
• avoid compromising the security or privacy of individuals or patients

For additional communication via email, please use our public PGP key for encryption. You can contact us at psirt@sysmex-europe.com and use our public PGP key (Fingerprint: DADD76C08E4D5A88896A0CF13DEE9B98827A0846). Please provide us with the same information as requested in the form.