Information security is becoming an increasingly important area for the oil and gas industry. Information security threats raise the risk of accidents as well as the scale of their impact. LUKOIL-Technologii has established an information security unit that is staffed with highly qualified specialists. In accordance with the Federal Law “On the Security of the Critical Information Infrastructure of the Russian Federation,” LUKOIL Group entities have categorized critical information infrastructure facilities. A qualitative assessment has been made of potential damage due to the loss of integrity, confidentiality, or accessibility.
A monitoring center works continuously to detect weaknesses at an early stage, depending on the degree of criticality of an information resource, and risk mitigation measures are elaborated and implemented.
Requirements related to compliance with information security rules are included in contracts with contractors (violations constitute grounds for imposing penalties) as well as in the job descriptions of employees. Non-compliance with the rules represents a serious violation of work discipline and work duties. Each incident is investigated.
To ensure the reliability of information systems, vulnerability analysis is carried out before commissioning and during operation, and methods of safe software development are being introduced.
Ensuring the protection of personal data is an important area of the Company’s client-oriented policy. The Company uses access control to internal networks, application and system-wide levels, means for recording and keeping a log of users’ activity, antivirus software, password systems for networks and information systems that process personal data, firewalling tools, and physical access controls. The safeguarding of personal data is also ensured through trainings and methodological support for employees.