Privacy and data security

We aim to build trust with stakeholders, including patients and healthcare providers, to support our business. We respect individuals’ privacy and implement measures to help protect their personal information.

Our approach

Two women holding hands representing support

Our multilayered information security and data privacy programs and practices are designed to foster the safe, secure and responsible use of the information and data our stakeholders entrust to us. We have created programs designed to comply with global privacy and data protection laws and regulations that align with the stringent EU General Data Protection Regulation standard for personal privacy. 

To prevent unforeseen data breach incidents, we use a third party to conduct data impact assessments and assess privacy risk. When gaps are found, we implement remediation activities to address them. We commit to reporting privacy incidents or breaches within the timelines outlined by local regulations. 

Independent third parties test our cyber capabilities and audit our cloud security, and we continually test our systems to discover and address any potential vulnerabilities. In addition, we provide training on data privacy throughout the year to parts of our supply chain. Our employees receive annual cybersecurity and data privacy training. 

Governance

The Global Privacy Data Protection Board (GPDPB), composed of cross-functional leadership members named by their executive leaders, provides high-level guidance and direction to the privacy program and receives regular updates. The General Counsel and the Audit Committee of our Board of Directors receive regular updates on data privacy via the Chief Ethics and Compliance Officer. 

Our Chief Information Security Officer (CISO) is responsible for cybersecurity across Organon, including implementation of our policies, risk management, overseeing the technologies that support data protection and incident management. Our cybersecurity program is aligned with industry standards, including the National Institute of Standards and Technology cybersecurity framework. 

The CISO and the Chief Ethics and Compliance Officer provide an annual report to the Board on managing information security risks, including cyber readiness, security controls and cybersecurity investments. The CISO also regularly briefs the Audit Committee on information security. Our directors are informed of incident simulations and response plans, including those for cyber and data breaches. 

Learn more about our work on corporate governance, ethics and compliance, procurement and supply chain practices