Information security management

In an increasingly interconnected global environment, information is exposed to a rapidly growing variety of risks, threats, and vulnerabilities. OMV invests in information security to protect technology, assets, and critical information as well as to protect our reputation and avoid any damage or monetary loss resulting from unauthorized access to our systems and data.

We build the foundation for a secure environment on clear and actionable standards and processes, supported by well-defined organizational responsibilities in order to implement the increased requirements of cybersecurity. We achieve this with our integrated IT1Information Technology (IT) is a set of cybersecurity strategies that prevents unauthorized access to organizational assets such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers. and OT2OT Security is defined as Operational Technology (OT) hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise. OT is common in Industrial Control Systems (ICS) such as a SCADA System. security framework across Corporate, Upstream, and Downstream, which are continually aligning security standards, detailing security requirements, executing tools for security risk assessment and prevention, and setting up contract and incident management.

We rely on a stable foundation of four elements in order to ensure IT and OT security at OMV.

Information Security Management (model visualisation)

Strategy and governance are essential for setting our direction, providing the relevant security framework, building internal capabilities, pursuing the information security strategy, empowering the security organization, and creating awareness. We train and inform the workforce regarding potential risks and security issues in our everyday business. Furthermore, mandatory and optional trainings equip employees with the tools to handle problems such as phishing or ransomware attempts. In addition, these trainings support employees based on specific advanced information security solutions and processes.

Preventive measures are in place in order to lower the risk of security breaches by introducing new tools, detection strategies, and response plans in order to maintain a strong perimeter. We ensure the stability of our security system’s architecture.

Detective and reactive measures are designed to create transparency around existing risks, security gaps, and vulnerabilities. In order to protect our assets and eliminate intruders, we integrate reactive measures to mitigate possible damage and take remediation measures to ensure a fast and total recovery.

Technical “housekeeping” measures ensure a solid foundation with up-to-date hardware and software as well as adequate information security processes. Keeping OMV free from security gaps and potential security risks is essential for the whole business. To achieve this, we implement security patches and offer guidelines in order to provide consistent hardware and software life cycles.

1 Information Technology (IT) is a set of cybersecurity strategies that prevents unauthorized access to organizational assets, such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers.

2 OT Security is defined as Operational Technology (OT) hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise. OT is common in Industrial Control Systems (ICS), such as a SCADA system.