Equinor – Åsgard B – central control room and information security for industrial ICT systems

The audit was conducted from 11 to 20 June 2025.

Objective

The objective of the audit was to monitor how Equinor meets the regulatory requirements for the design, development and operation of control rooms and the management of risk associated with information security for the industrial ICT systems.

The aim was to follow up on the current situation in the control room and verify which assessments and measures Equinor has implemented to ensure proper working conditions for the control room operators. The audit verified assessments and measures taken in respect of the connection of new subsea developments.

A further objective was to follow up on how Equinor has secured operational technology (OT), in all phases of its lifetime, and how selected technical solutions and organisational measures individually and collectively contribute to risk reduction. A key topic of the audit was how identified values, deficiencies, technical condition and risk assessments are used to implement and maintain ICT security measures as well as support the establishment of incident management plans.

Result

The audit identified non-conformities concerning:

• Inadequate HMI and alarm system
• Inadequate follow-up of control room

The audit also identified one factor that we have chosen to categorise as an improvement point. This concerned:

• Deficiencies in the follow-up of the alarm system for the mooring system

What happens now?

We have asked Equinor to report to us by 26 September 2025 on how the non-conformities will be addressed, and to give us their assessment of the improvement point observed.