Thermofisher.com Thermofisher.com

Data privacy and security 

We believe every colleague is responsible for safeguarding data and maintaining the trust our customers place in us. 

Internal Image

Data privacy

As a company engaging in the ethical collection, use, management and safeguarding of personal data, our global privacy program is designed to maintain adherence with core data privacy principles and to protect the fundamental rights and freedoms of any individuals, or data subjects, who entrust us with their information. These data subjects can include our colleagues, customers, patients, suppliers, business partners and visitors to our websites. 
 
Our Global Privacy Notice outlines how we handle any information that can directly or indirectly identify an individual. It is continually reviewed for compliance with applicable laws and regulatory guidance in jurisdictions where we operate. In addition, all colleagues are regularly trained and re-certified on our policies and applicable data protection laws. 
 
For effective implementation of our global policies and standards, our privacy Centers of Excellence (CoEs) support our businesses in collecting and handling data in a manner that protects our colleagues, customers and other data subjects. We apply the widely recognized Privacy by Design framework to our program, proactively incorporating privacy into the design and operation of information technology (IT) systems and networked infrastructure and business practices. For comprehensive program monitoring, our privacy management platform is used to document legal and compliance activities, including privacy assessments and investigations, contract reviews, individual rights requests and relevant due diligence of third parties. 

Cybersecurity  

Our commitment to cybersecurity emphasizes the use of a risk-based, “defense in depth” approach to assess, educate, block, identify, respond to and recover from cybersecurity threats. Recognizing that no single technology, process or control can effectively prevent or mitigate all risks, we incorporate cybersecurity into our overall risk management process. We employ a suite of technologies, processes and controls, all working independently and as part of a cohesive strategy, to manage or reduce risk. 
 
Our cybersecurity program has earned an ISO 27001 certificate, a globally recognized and annually renewed standard for information security management systems. Our program assists in the management of risks associated with the confidentiality, integrity and availability of data and systems both within the company environment and for our products and services to customers to effectively support our business objectives and customer expectations. We seek to routinely refine our cybersecurity approach to adapt to changes in the threat landscape and manage emerging security risks. 
 
To reinforce vigilance and raise awareness of cybersecurity threats, we regularly educate and share best practices with our colleagues. Our training program includes frequent exercises, periodic cyber event simulations and annual attestation to our Technology Acceptable Use Policy. 

More information on cybersecurity governance and risk management is available in our Annual Report on Form 10-K. 

Artificial intelligence 

The use of artificial intelligence continues to evolve and has the potential to advance our Mission and deliver value for our customers and colleagues. 
 
Our artificial intelligence and machine learning (AI/ML) is overseen by our AI Leadership Committee. Our Generative AI Center of Excellence (CoE), which comprises cross-functional leaders, advises on strategy, regulation, policies and frameworks. In addition, our Bioethics Committee continues to monitor the evolving landscape and technological implications of AI/ML.  
 
We have long harnessed AI/ML in our products and services. Our approach ensures solutions are designed, implemented and used fairly, ethically and safely. This includes the responsible use of data for model development and training as outlined in our Responsible AI (RAI) framework, which is underpinned by our global RAI policy, aligns AI use to our Mission and strategy and guides colleague conduct to manage AI-related risks. 
Our internal generative AI platform, introduced in 2023, has the flexibility to support multiple large language models today and will support other functionality in the future. As we strive for thoughtful and ethical AI use, we are optimistic these technologies can continue to enable colleague success that accelerates high-impact innovation and strengthens our customer value proposition.