The audit was conducted between 7 and 10 September 2020.
The objective of the audit was to verify how the company follows up the management of risk associated with information security for the industrial ICT systems. The purpose of the audit is to verify the participant’s processes and systems that are used to ensure the follow-up of these systems and how such follow-up is performed for each individual unit. We also wanted to verify the correlation between overarching procedures and the follow-up of the systems on the facility.
The audit identified one regulatory non-conformity, as well as two improvement points. These issues are exempt from public disclosure, with reference to section 24, 3rd paragraph of the Freedom of Information Act, and they are not described under non-conformities.
What happens next?
We have asked Altera to report on how the non-conformity will be addressed, and for their assessment of the improvement points observed. The deadline for feedback is set at 13 November 2020.