Threats to the confidentiality, availability and integrity of our systems and data are serious – and so are we about protecting our critical information. We place equal emphasis on responsibly collecting, processing and managing personal data entrusted to us.
Enterprise cybersecurity
Protecting our employees, intellectual property, systems and operations against cyber risk is fundamental to how we run our business.
- We employ robust prevention and detection capabilities, processes and tools to reduce cyber-related risks across the enterprise.
- Our digital risk management policy and framework is aligned to the National Institute of Standards and Technology SP 800-53 and SP 800-171, as well as other applicable frameworks as required by our customers.
- Our Security Operations Center is informed by cyber threat intelligence experts across the globe, helping them track and respond to enterprise cybersecurity issues 24/7.
- Several external organizations validate and assess our cyber program, including the U.S. Defense Contract Management Agency and Cybersecurity Maturity Model Certificate Third Party Assessment Organization. We’ve also created a Vulnerability Disclosure Program, enabling external stakeholders to submit good-faith reports of potential security vulnerabilities.
Product cybersecurity
Our customers count on us to be a leader in ensuring the resilience, trust and security of every RTX product. Through collaboration, innovation and proactive risk management, we safeguard the future of aerospace, defense and advanced technologies in an increasingly connected world.
- Product cybersecurity is a collaborative effort, bringing together members from our corporate team with engineers, supply chain specialists and legal experts across our business units.
- Our Product Cybersecurity Maturity Model assesses our process to develop secure products and services and drive continuous improvement in our cybersecurity approach.
- We incorporate industry best practices and new regulations into secure product development, such as vulnerability scanning, software composition analysis and static and dynamic analysis.
Data privacy
RTX is vigilant about ensuring any information we collect or systems that we access are protected and handled appropriately. We've also adopted rules authorizing the sharing of personal information between our businesses to comply with local regulations.
- Our efforts are guided by our data privacy policy, which embodies the requirements of our Binding Corporate Rules and covers other international and U.S. legal obligations, such as the General Data Protection Regulation and various U.S. state laws.
- Our data privacy compliance program is led by our chief privacy officer and is supported by a lead data privacy professional within each business unit, along with internal auditors and our data protection professionals around the world.
- We review the personal data that we collect and process to evaluate whether it meets the privacy principles set forth in our data privacy policy and Binding Corporate Rules.
- We have an in-depth security and privacy awareness program for RTX employees and contractors, which requires annual cybersecurity and data privacy training.