Rolls-Royce places great importance on protecting its
information, and to operate Cyber Safe systems, services, and products for our
customers. We depend on our suppliers to provide Rolls-Royce the same.
Collectively, it is our responsibility to maintain good
standards of security and protect our businesses and customers from harm.
The Rolls-Royce Baseline and Enhanced Cyber Security
Standards have been withdrawn and replaced by the Rolls-Royce
Supplier Minimum Cyber Security Standard. The Minimum Cyber
Security Standard sets out the minimum or baseline security measures
Rolls-Royce suppliers or third parties must implement and maintain for the
protection of Rolls-Royce data on their systems, and for the provision of any
services and/or goods to Rolls-Royce.
If you are unable to comply with any Standard security
measures applicable to your contract, then Rolls-Royce will agree with you in
good faith a remediation plan to achieve the required protections to
Rolls-Royce data, systems, services, and products. Rolls-Royce encourages
suppliers to be open and transparent, so we can understand the cyber risks and
take appropriate action to protect our businesses.
The Rolls-Royce Supplier Minimum Cyber Security Standard is
incorporated into the Global Conditions of Purchase which are found in the Terms of Business section in the Supplier Documents tab of the Rolls-Royce Global Supplier Portal.
If you have any questions
about the mandated cyber security requirement then please send your questions
to RRITSecurityCompliance@rolls-royce.com. For all other queries, please contact your
Rolls-Royce Procurement point of contact.