The audit was conducted from 14 to 18 June 2021.
The objective of the audit was to verify how the company follows up the management of risk associated with data security for the industrial ICT systems. The audit’s aim was to verify the processes and systems that the company used to ensure follow-up of these systems and how such follow-up was implemented in respect of each individual unit. We also wanted to verify the correlation between overarching procedures and the follow-up of the systems on the facility.
The audit identified regulatory non-conformities. The description of these matters is exempt from publication, with reference to Section 24 (3) of the Freedom of Information Act. They are accordingly not shown under non-conformities in the audit report.
What happens next?
We have asked KCA Deutag to report on how the non-conformities will be addressed. The deadline for feedback is set at 24 September 2021.