Cyber Security Requirements

Rolls-Royce places great importance on protecting its information, and to operate Cyber Safe systems, services, and products for our customers.  We depend on our suppliers to provide Rolls-Royce the same.

Collectively, it is our responsibility to maintain good standards of security and protect our businesses and customers from harm.

The Rolls-Royce Baseline and Enhanced Cyber Security Standards have been withdrawn and replaced by the Rolls-Royce Supplier Minimum Cyber Security Standard.  The Minimum Cyber Security Standard sets out the minimum or baseline security measures Rolls-Royce suppliers or third parties must implement and maintain for the protection of Rolls-Royce data on their systems, and for the provision of any services and/or goods to Rolls-Royce.

If you are unable to comply with any Standard security measures applicable to your contract, then Rolls-Royce will agree with you in good faith a remediation plan to achieve the required protections to Rolls-Royce data, systems, services, and products.  Rolls-Royce encourages suppliers to be open and transparent, so we can understand the cyber risks and take appropriate action to protect our businesses.

The Rolls-Royce Supplier Minimum Cyber Security Standard is incorporated into the Global Conditions of Purchase which are found in the Terms of Business section in the Supplier Documents tab of the Rolls-Royce Global Supplier Portal.

If you have any questions about the mandated cyber security requirement then please send your questions to For all other queries, please contact your Rolls-Royce Procurement point of contact.