Cyber threats are ever evolving, becoming more sophisticated in their tactics and techniques. We recognize the importance of continually improving our security and effectively managing the risks associated with using digital technology across our business.
By implementing cyber security standard requirements across our organization, we protect Ovintiv’s digital assets from security breaches that could negatively impact our business, reputation, team safety, compliance record and the environment.
Our Cyber Security, Audit and Compliance, and Corporate Risk Management teams work together as a multi-disciplinary group. This group is tasked with developing and implementing processes and technologies that assess risk and recommending new technologies or changes to our existing assets. We measure our IT infrastructure and information security management system against the National Institute for Standards and Technology (NIST) cyber security framework. Based on a scorecard organized by the categories identify, protect, detect, respond and recover we determine any areas that require additional resources to mitigate cyber security risk.
We also conduct an annual digital penetration test with a third-party specialist and other auditors. This test simulates an “attack” on our computer system and processes to identify security weaknesses. We report the results of this test to our Board Audit Committee and initiate any necessary changes.