Objective
The objective of the audit was to verify how the company follows up the management of risk associated with data security for the industrial ICT systems.
The purpose of the audit is to verify the operator’s processes and systems that are used to ensure the follow-up of these systems and how such follow-up is performed for each individual unit. We also verify compliance between the overarching procedures and the follow-up of the systems on the facility.
Result
The audit identified regulatory non-conformities and improvement points. The description of these matters is exempt from publication, with reference to Section 24 (3) of the Freedom of Information Act. They are accordingly not referred to under the non-conformities and improvement points headings in the audit report.
What happens next?
Vår Energi has been given a deadline of 25 January 2020 to report on how the non-conformities and improvement points will be addressed.