Okea – management of risks related to information security for the industrial ICT systems and integration with digitalisation solutions – Okea Draugen

The audit was conducted from 19 to 26 August 2021.

Objective

The objective of the audit was to verify how the company follows up the management of risk associated with information security for the industrial ICT systems. Furthermore, we wanted to verify that Okea has activities and processes to address risk resulting from integration between industrial ICT systems and digitization solutions, platforms for cognitive technology and decision support.

Result

The audit identified regulatory non-conformities and improvement points. The description of these matters is exempt from publication, with reference to Section 24 (3) of the Freedom of Information Act. They are accordingly not referred to under the non-conformities and improvement points headings in the audit report. 

What happens now?

We have asked Okea to report on how the non-conformities will be addressed. The company has also been asked for its assessment of the improvement points identified. The deadline for this is set at 15 October 2021.