Security

We work in some challenging environments with fast-changing security issues.

Our aim is to protect our employees, partners and assets in a responsible manner, and to prevent any security-related disruption to our operations.

Our security team is closely integrated into the wider HSSEIA community, and our Security Policy sets out the responsibilities of our leadership and each of our business units.

The success of our approach is demonstrated by the fact that, in 2018, there were no significant security incidents to report.

Enhancing protection

To reflect the fast-changing security environment, we continue to review and refine our approach to security. Developments in 2018 included:

  • Extending our Security Focal Point training to cover additional site personnel and new geographies (India and Thailand).
  • Rolling-out our Managing Our Security Risks Handbook across the Group.
  • Implementing a series of Security Assurance visits across all project sites to conduct independent security assurance and validation surveys, and identify improvements.
  • Enhancing Emergency Response capabilities – our Group Crisis Management Standard was updated, supported by a programme of Emergency Response and Crisis  Preparedness training.
  • Implementing new travel policies – new travel policies were developed for roll out across the Group in 2019.

Improving our cyber-security and data protection capabilities

In response to rapidly evolving data security risks, and to support Petrofac’s wider digitisation initiatives, a new Chief Information Security Officer was appointed, who led several initiatives, including:

  • Enhancing cyber-security governance – a new Information Security Policy was created, supported by a suite of six information Security Standards. An Information Security Council was also established, and cyber-security became a regular agenda item at all Executive Committee meetings and Board meetings.
  • Increasing awareness of cyber-security – to support the new Policy and Standards, a Group-wide cyber-security awareness campaign was introduced.
  • Investing in secure infrastructure – as well as replacing ageing equipment and bringing enhanced security to the infrastructure,
  • Petrofac’s back-up capabilities were also improved through the increased use of cloud-based storage systems.

In support of the introduction of the EU General Data Protection Regulation (GDPR) we focused on updating our policies, evaluating systems and processes that we use to handle personal data, and raising staff awareness of their responsibility to adopt compliant practices and behaviours in managing such data. This programme of initiatives will be stepped up in 2019 and the aim going forward will be to operate at the same standard as ISO270017.