Cyber Security Requirements
 

Rolls-Royce places great importance on protecting the confidentiality, integrity and availability of its data and information systems. Due to the ever-evolving threat landscape, increasing supply chain complexity and regulatory pressure, it is our responsibility to maintain measures to control and manage the security within our supply chain system.

As part of those measures, Rolls-Royce requires our suppliers to adhere to a set of cyber security standards, which is determined on a supplier impact assessment.

There are two cyber security standards, the Rolls-Royce Supplier Baseline Cyber Security Standard and the Rolls-Royce Supplier Enhanced Cyber Security Standard, which are accessible below. The results of the impact assessment enable Rolls-Royce to determine the most appropriate cyber security standard that best suits the suppliers risk profile, for example, a supplier of strategic importance or a supplier handling highly confidential Rolls-Royce data will warrant a greater level of cyber security maturity and compliance with the Rolls-Royce Supplier Enhanced Cyber Security Standard.

If you are unable to comply with any measures contained in the cyber security standard applicable to your contract then Rolls-Royce will agree with you in good faith a remediation plan to achieve compliance with the measures as part of the incorporation of the relevant cyber security standard into the supplier contract.

As all companies are potential targets, working together to minimise the risk of cyber incursion is important. Threat actors are indiscriminate in their use of supply chains to access networks and therefore we would request that all our suppliers support us in preventing any malicious activity and immediately contact Rolls-Royce on UK.SOC@rolls-royce.com if you identify anything that causes you concern or suggests that anything untoward has occurred on your network.

If you have any questions about the mandated cyber security requirement then please send your questions to RRITSecurityCompliance@rolls-royce.com. For all other queries, please contact your Rolls-Royce Procurement point of contact.



.