Data Privacy and Security
We have a comprehensive information security program. Our Corporate Privacy Office manages our global commitment to respect the personal information of our employees, customers and other individuals. We continue to enhance our Privacy Governance Framework that includes privacy training and awareness initiatives, effective privacy notices, access controls, international and third-party supplier risk assessments, compliant cross-border transfers of data, and other risk mitigation measures. We take care to comply with the privacy regulations in the countries in which we operate. This year, we certified under the EU—U.S. Privacy Shield framework and are preparing for the new European Union general data protection regulation that will take effect in May 2018.
Vital to Northrop Grumman’s business operations is the successful protection from cyber threats to our products and computing environments. Our comprehensive Information Security Governance framework includes policies and standards governing computing environments and company-wide services that strengthen our overall security posture, including:
Information Sharing and Collaboration:
Information sharing and engaging with government, customer, industry and supplier partners helps protect our own networks and the overall security of those partners. We participate in multiple cybersecurity information-sharing programs to address cyber threats.
We deploy multi-layered defenses to protect our computing environments and products from cyber threats. We regularly evaluate new technologies to maintain our security posture.
To safeguard against the potential theft and misuse of intellectual property and other sensitive information, we maintain an insider threat program designed to identify, assess and investigate risks. Our program evaluates potential risks consistent with industry leading practices, customer requirements and privacy considerations.
Supply Chain Cybersecurity:
We continue to enhance the cyber security posture of the entire Northrop Grumman global supply chain by focusing on program risk awareness, supplier oversight, subsystem acceptance and secure supplier connectivity. We work in partnership with our suppliers to implement safeguards for protecting sensitive content, whether stored on company and supplier networks, or embedded in Northrop Grumman platforms, products and services. We work with our government and industry partners to ensure the use of secure standard processes for receiving supplier deliveries and for exchanging and protecting sensitive data throughout the supply chain.
Third-Party Risk Assessments:
Before hosting sensitive data in a computing environment managed by a third party, we conduct an information security assessment and implement contractual provisions that mandate security protections.
Training and Awareness Program:
We understand that our employees’ ability to identify, avoid and mitigate cyber threats is a crucial element of our information security program. Among the elements of our training and awareness program are mandatory annual training and email spear phishing exercises.