Corporate security
Increasing security threats urge us to take all possible measures to keep our IT network, products and data - particularly personal data - secure from inadvertent transfers, leaks and cyberattacks. Moreover, legislative initiatives in this area have increased with the GDPR, the directive on security of network and information systems (NIS 2.0 Directive), both the EU Cybersecurity and Cyber resilience Act, MDR, HIPAA, among others.
Cybersecurity program
Barco’s Security Office activities driving the corporate cybersecurity program are led by the chief information security officer (CISO). At the core of this program is the corporate cybersecurity roadmap developed in line with Barco’s security objectives. To identify new and remaining security gaps, we regularly perform cybersecurity maturity assessments using the NIST Cybersecurity Framework (CSF). Our roadmap is continuously evolving due to ever-changing threats (e.g. ransomware attacks) and findings from internal and external security audits and security tests conducted using a risk-based approach. In addition, we take into account (potential) security incidents reported by Barco employees.
Information security management system
Barco’s information security management system (ISMS) complies with the ISO 27001 standard, covering policies, management involvement, business processes, technology, compliance with local laws, security awareness and security best practices. In collaboration with the data protection officer, we assess a growing number of high-risk third parties based on security and privacy requirements. In addition, we continuously monitor our key vendors’ external security activities. We are gradually working to contain all processes, locations and products within the scope of our ISMS and ISO/IEC 27001:2013 certification.
Barco’s ISO 27001, ISO/IEC 27017:2015 and ISO/IEC 27018:2019 certificates can be found at https://www.barco.com/en/about/trust-center/certificates
Integrated reports
More information on corporate security can be found in our yearly integrated report https://ir.barco.com/
Product security
Given the risk of cybersecurity attacks Barco has a clear commitment to deliver secure products and services. We see this also translated in the increased interest in product security from our customers. Deploying Barco’s digital products/services includes cybersecurity risks which need to be properly identified and addressed across their lifetime:
- Exposing Barco’s intellectual property embedded in the product/service;
- The product/service can be used as a pivot point to further penetrate the customer’s network;
- Exposure of (personal) data processed by the product/service.
Barco’s Security Office activities driving the product security program are led by the chief product security officer (CPSO). At the core of this program is the product security roadmap developed in line with Barco’s security objectives, this roadmap focuses on following domains:
- Continuous improvement of the secure development lifecycle to embrace the shift left principle with focus on people, processes and technology;
- Focus on compliance to fully understand the impact of emerging industry and regional regulations related to security and privacy worldwide;
- Focus on product security certifications and assessments;
- Create transparency and assess the maturity of Barco’s products/services to define improvement strategy.
Security Whitepapers
For more security whitepapers concerning Barco products/services visit:
Security Advisories
Security advisories are published when issues have been reported and confirmed, with updates taking place in a timely manner.
Report a Security Vulnerability / Incident
As a global technology leader, Barco is committed to delivering secure solutions, products and services. We are constantly working on improving our security processes.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our products and our systems.
In the event that we identify a bug or other vulnerability in our product or system that could lead to a personal data breach within your environment, we will notify you as soon as possible in accordance with applicable laws and regulations.
We encourage all researchers and customers to adhere to the following guidelines: responsible disclosure.
Wall of Thanks
We’d like to publicly extend our thanks to the following people that alerted us to possible issues in our products or services. Their contributions are greatly appreciated.