82 2021 ESG Report Healthy workforce and communities Appendices Responsible supply chain Product impact Climate change Introduction Transparency Cybersecurity program BD products and systems are designed to be secure and are developed using industry-leading cybersecurity standards, including those from ISO and NIST. BD products and systems are secured and maintained throughout their intended life cycle, across all technologies and sites. BD maintains a culture of transparency and collaboration with customers and industry stakeholders to establish industry best practices. Security by design Security in use Security through partnership “In healthcare, the cybersecurity threat landscape is dynamic and interconnected. We strive to protect BD products from vulnerabilities and risks that could impact patient safety and privacy, while also safeguarding the company’s ability to manufacture and distribute quality medical technologies. By protecting the confidentiality, integrity and availability of our products, manufacturing and IT systems, BD is helping to improve the resilience of healthcare around the world.” Rob Suárez Vice President, Chief Information Security Officer Our commitment to cybersecurity includes the protection and resilience of BD products, manufacturing operational technology and enterprise information technology. BD Information Security, which is part of the company’s risk management organization, is responsible for our: • Global c ybersecurity strategy • C ybersecurity governance • C ybersecurity operations • C ybersecurity engineering • Pr oduct cybersecurity • R egional cybersecurity • C ybersecurity awareness training Cybersecurity strategy Our strategic approach to cybersecurity incorporates regulatory requirements for medical device cybersecurity, including the U.S. Food and Drug Administration’s pre- and post-market cybersecurity guidance , as well as emerging cybersecurity reporting and disclosure requirements pursuant to Executive Order 14028 on Improving the Nation’s Cybersecurity , which was issued in May 2021 by U.S. President Joe Biden. We also incorporate threat intelligence from organizations like the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which issued numerous communications in 2021 about potential cyber threats aimed at critical infrastructure. To protect the cybersecurity and resilience of BD and our products, our cybersecurity strategy is built on three guiding principles: