Security and crisis management
We work in some challenging environments with fast-changing security issues.
Our aim is to protect our employees, partners and assets in a responsible manner, and to prevent any security-related disruption to our operations. Our security and crisis management teams are closely integrated into the wider HSE community. Our Security and Crisis Management Policies set out the responsibilities of our senior management team and our business units.
Cyber-security and data protection
In response to rapidly evolving data security risks, and to support Petrofac’s wider digitalisation initiatives, we have a strong focus on cyber-security and data protection.
We re-evaluated our controls, particularly those related to our cloud-based platforms and applications, and continued to monitor and address any supply chain risks. Meanwhile, we continued to align our information security management practice with the ISO27001 standard and other best practices.
Related initiatives included:
- Enhancing our internal awareness programmes, with particular attention on the risks posed by phishing and social engineering, drawing attention to the increased sophistication of such attacks, while also running simulation tests and enhancing our related controls
- Continuing to enhance our threat detection and threat-hunting capabilities
- Continuing the assessment of cyber-security risks with regular vulnerability assessments, penetration tests and Red Team exercises.
Cyber-security remains a key priority in all our digitalisation initiatives, and we ensure that appropriate security protection is embedded from the initial idea and conceptual phases.