Threats to the confidentiality, availability and integrity of our systems and data are serious – and so are we about protecting our critical information. We place equal emphasis on responsibly collecting, processing and managing personal data entrusted to us.
Enterprise cybersecurity
Protecting our employees, intellectual property, systems and operations against cyber risk is fundamental to how we run our business.
- We employ robust prevention and detection capabilities, processes and tools to reduce cyber-related risks across the enterprise.
- Our digital risk management policy and framework is aligned to the National Institute of Standards and Technology SP 800-53 and SP 800-171, as well as other applicable frameworks as required by our customers.
- Our Security Operations Center is informed by cyber threat intelligence experts across the globe, helping them track and respond to enterprise cybersecurity issues 24/7.
- Several external organizations validate and assess our cyber program, including the U.S. Defense Contract Management Agency and Cybersecurity Maturity Model Certificate Third Party Assessment Organization. We’ve also created a Vulnerability Disclosure Program, enabling external stakeholders to submit good-faith reports of potential security vulnerabilities.
Product cybersecurity
Our customers count on us to ensure our products are resilient, trustworthy and secure. By working together, innovating and staying ahead of risks, we safeguard the future of aerospace, defense and advanced technologies in an increasingly connected world.
- We promote a cyber-aware culture with a range of services, training and resources that integrate cybersecurity throughout our product lifecycle.
- We bring together experts from engineering, product safety, product artificial intelligence, program management, operations, supply chain, global security and legal to execute our product cybersecurity strategy.
- We create products with cybersecurity at their core, ensuring they meet the latest regulations, industry standards and best practices.
- We ensure proactive and consistent risk management through governance, compliance, incident response, threat identification and vulnerability management.
Data privacy
RTX is vigilant about ensuring any information we collect or systems that we access are protected and handled appropriately. We've also adopted rules authorizing the sharing of personal information between our businesses to comply with local regulations.
- Our efforts are guided by our data privacy policy, which embodies the requirements of our Binding Corporate Rules and covers other international and U.S. legal obligations, such as the General Data Protection Regulation and various U.S. state laws.
- Our data privacy compliance program is led by our chief privacy officer and is supported by a lead data privacy professional within each business unit, along with internal auditors and our data protection professionals around the world.
- We review the personal data that we collect and process to evaluate whether it meets the privacy principles set forth in our data privacy policy and Binding Corporate Rules.
- We have an in-depth security and privacy awareness program for RTX employees and contractors, which requires annual cybersecurity and data privacy training.