Information Security at Bruker
In an increasingly connected world, information security has become a cornerstone of responsible corporate conduct. It is no longer just a technical requirement, but a key factor in protecting assets and maintaining reliable operations. Protecting those assets is essential for building trust, ensuring stability, and enabling long term business success.
At Bruker we are committed to protect information assets in all its forms and therefore follow a holistic security approach.
Our Goals
- Safeguarding confidential information
- Maintaining the integrity of our systems
- Ensuring the availability of our services at all times
Our Security Approach
We take a proactive, risk based approach that includes continuous improvement, regular employee training, and the use of advanced security technologies. This allows us to stay ahead of evolving threats and technological changes while maintaining a resilient and secure environment‑based approach that includes continuous improvement, regular employee training, and the use of advanced security technologies.
Learn More
Discover additional details about our standards and frameworks:
- Guiding Principles of Information Security: Our framework for a strong and sustainable security culture
Information Security - Guiding Principles
At Bruker, protecting information is a core part of how we operate. Our Information Security Guiding Principles ensure that we safeguard data, maintain trust, and uphold the highest standards of security across all our activities. These principles are built on globally recognized best practices, including ISO/IEC 27001, and provide a framework of standards, procedures, and guidelines that help us:
- Keep information confidential and secure.
- Ensure data remains accurate and reliable.
- Guarantee information is available when needed.
The availability, confidentiality and integrity of information held and processed by Bruker is essential to the organization functioning in an effective manner as well as for providing products and services to our customers. By following these principles, we demonstrate our commitment to quality, excellence, and compliance with all relevant security requirements.
The Information Security Guiding Principles is a high-level document that acts as the overarching Information Security Policy. It defines several controls to protect information.
Responsibilities for Information Security
Chief Executive Officer (CEO)
holds ultimate responsibility for information security at Bruker, supported by the executive management team.
Chief Information Security Officer (CISO)
is responsible for managing and enforcing the policy on a day-to-day basis.
All Bruker Corporation employees – including those at all its direct and indirect subsidiaries, as well as contractors, consultants, temporary staff and other workers – must comply with the current security requirements. They must also ensure that the confidentiality, integrity and availability of the information they use is maintained to the highest standard.
Contracts with external service providers allowing access to Bruker's information systems must be signed by authorized Bruker employees and enforceable before access is permitted. Each contract must ensure that staff and subcontractors of the external organization comply with all relevant Bruker security policies.
Applicability/Scope
The Guiding Principles apply to all employees, contractors and external entities processing information on behalf of Bruker and all information that Bruker is a custodian or controller of (Bruker, employee, customer or third parties).
Governance
Information Security is governed, and effectiveness is measured by the following methods:
- Internal Audits of governance framework and controls.
- External audits/certifications, e.g. regulators, ISO/IEC 27001 International Standard for Information Security.
- Business continuity and service continuity exercises.
- Management review, e.g. risk assessments, results of awareness training, lessons learned from security incidents and identified improvement opportunities.
The results from these processes enable Bruker to review the effectiveness of the controls and to continually develop and improve the Information Security Management System.
The Information Security Guiding Principles are reviewed annually or in case of significant changes.
Policy Statements
Our Information Security Guiding Principles help us meet key policy objectives by following recognized standards and best practices, including ISO 27001; These included but are not limited to:
Compliance - Adhere to all applicable regulations, legislation, organizational policies, and contractual obligations related to Information Security.
Access Control - Ensure information is accessible only to authorized individuals.
Availability - Maintain the availability of information and associated assets for those with proper authorization.
Incident Reporting - Report any Information Security breaches promptly to the Bruker Information Security Organization.
Testing & Assurance - Regularly assess the effectiveness of technical and organizational measures.
Risk Management - Address Information Security across all services and processes by identifying risks and implementing documented controls.
Secure Environment - Provide a protected working environment.
Third-Party Compliance - Require all third parties acting on our behalf to meet confidentiality, integrity, and availability standards for business systems.
Cloud Services - Vet and approve cloud service providers before adoption, ensuring they meet Bruker’s security requirements.
Information Classification - Define and apply an information classification scheme to govern storage, access, transmission, sharing, and disposal.
Training & Awareness - Deliver appropriate Information Security training to staff and promote awareness throughout Bruker.
Policy Promotion - Actively communicate and reinforce this policy to foster a strong security culture.