Information and Cybersecurity

In an increasingly interconnected global environment, information is exposed to a rapidly growing variety of risks, threats, and vulnerabilities. OMV invests in information and cybersecurity to protect technology, assets, and critical information as well as to protect our reputation and avoid any damage or monetary loss resulting from unauthorized access to our systems and data.

We build the foundation for a secure environment on clear and actionable standards and processes which are ISO 27001 certified, supported by well-defined organizational responsibilities in order to implement the increased requirements of cybersecurity. We achieve this with our integrated IT ¹  Information Technology (IT) is a set of cybersecurity strategies that prevents unauthorized access to organizational assets, such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers. and OT ²  OT Security is defined as Operational Technology (OT) hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise. OT is common in Industrial Control Systems (ICS), such as a SCADA system. security framework, through which security standards are continually aligned, security requirements are detailed, tools for security risk assessment and prevention are implemented, and contract and incident management is set up.

We rely on a stable foundation of four core elements in order to ensure IT and OT security at OMV.

Strategy and governance are essential for setting our direction, providing the relevant security framework, building internal capabilities, pursuing the information security strategy, empowering the security organization, and creating awareness of cybersecurity within OMV. We train and inform the workforce regarding potential risks and security issues in our everyday business. Furthermore, mandatory and optional trainings equip employees with the tools to handle problems such as phishing or ransomware attempts. In order to ensure that these trainings are effective, the various measures are monitored and adjusted if necessary.

Preventive measures are in place in order to lower the risk of security breaches by introducing new tools, individual detection strategies, and response plans in order to maintain a strong perimeter for our on-premise as well as our cloud environment. We ensure the stability of our operative processes through a holistic security architecture.

Detective and reactive measures are designed and executed on an ongoing basis to create transparency around existing risks, security gaps, and vulnerabilities. In order to protect our assets and eliminate intruders, we integrate detective and reactive measures to mitigate possible damage and take remediation measures to ensure a fast and total recovery.

Technical “housekeeping” measures ensure a solid foundation with up-to-date hardware and software as well as adequate information security processes. Keeping OMV free from security gaps and potential security risks is essential for the whole business. To achieve this, we implement security patches and offer guidelines in order to provide consistent hardware and software life cycles.