Product Cyber Security Policy

Principles

  • Product cyber security refers to the ability of our products to be resilient to cyber security threats throughout the product’s life.
  • Our products are Secure-by-Design. Security is designed-in rather than bolted-on.
  • We deliver Defence-in-Depth, harnessing multiple defence mechanisms to provide multi-layered protection.
  • Our approach to product cyber security is proportionate and risk-based, reconciling functionality and performance with appropriate levels of protection.
  • Our security measures are designed to prevent product safety from being compromised as a result of security threats.

We

  • integrate product cyber security into our working practices;
  • adopt an holistic approach to ensure our products (and the engineering tools/infrastructure which support them) are cyber resilient throughout their lifecycle;
  • mitigate product cyber risks to the lowest reasonable likelihood and consequence;
  • ensure our products meet or exceed the cyber security requirements for their respective legislative environments;
  • ensure appropriate cyber security measures and monitoring mechanisms are active before product delivery;
  • engineer our systems to minimise the impacts of a cyber security attack;
  • create products that can evolve and are designed to be resilient both now and in the future;
  • speak up about any concerns regarding the cyber security of a product; and
  • read the introduction to our Code and Group Policies to understand to whom they apply and the consequences for breaching them.

Leaders

In addition to the general expectations of leaders set out in the introduction to our Code and Group Policies, leaders:​​
  • help their teams understand and meet their obligations in respect of product cyber security;
  • ensure we have appropriate skills, tools and guidance to take account of product cyber security in our work; and
  • communicate good practice and lessons learned so that we can continually improve in this area.

Select Tabs

Our Code

Take a look back at our Code principles related to this policy:

Additional Guidance

Some of these are internal links and only available if accessing from a Rolls-Royce GAD network asset. 

Contacts

Some of these are internal links and only available if accessing from a Rolls-Royce GAD network asset. 

  • Local System Security Engineers/System Security Architects within your Business
    • For queries specific to your programme or area
  • Your Business Product Cyber Security team
    • For any specialist queries you might have
    • For advice on tools, skills and relevant training
  • Your Local Cyber Point of Contact
    • For general queries and advice

Take a look back at our Code principles related to this policy:

Our Code

Did you know our Code is available as an app. Our Code app is currently undergoing maintenance and will be available again by the end of 2024.

Download on the app store – link to website (opens in a new window)

Did you know our Code is available as an app. Our Code app is currently undergoing maintenance and will be available again by the end of 2024.

Download on the app store – link to website (opens in a new window)