Audit of IT security within Statoil
Over a number of years, the PSA has been monitoring the industry’s work to safeguard IT systems that manage processes, monitor potential gas leaks or fires and perform safe shutdowns for plant and facilities.
In October 2016, the PSA became aware that maintenance work on a server at Mongstad had caused disruption to an ongoing loading operation. As a result, the PSA carried out an audit of Statoil’s handling of incidents involving IT and information security.
The audit was conducted in the form of meetings with Statoil’s organisation at Forus and a document review in the period 3 November to 9 December 2016. For this audit, the PSA used resources from PwC in addition its own internal expertise.
No regulatory non-conformities were identified during the audit.
However, one improvement point was detected relating to the notification obligation for this type of incident.