82

Our Cybersecurity standards and proce- dures enable us to effectively manage the security of the data handled by our IT systems and by the assets involved in our business processes.

This management model is based on best practice in Cybersecurity implemented by our Security Services. Our informa- tion and communication technology (ICT) and security processes therefore have ISO 27001 and ISO 20000 certification. The Cybersecurity department is also

responsible for reporting and manag- ing technological risks in line with corpo- rate Enterprise Risk Management (ERM) Methodologies.

In 2018 we launched a global initiative comprising six strategic lines aimed at ensuring the organization can adapt to the new digital environment. The key milestones under this initiative, which are being implemented according to the timetable set, are as follows:

CYBERSECURITY

LAUNCH OF AN INDUSTRIAL SYSTEMS CYBERSECURITY PROGRAMME Updating policies, procedures and design principles and rolling new Cybersecurity services.

ADJUSTMENTS TO MEET THE REQUIREMENTS OF THE NEW GENERAL DATA PROTECTION REGULATION (GDPR).

UPDATING OF THE SPECIFIC PROTECTION PLAN FOR REFINERIES In line with the Law on the Protection of Critical Infrastructure.

COMPULSORY PROGRAMME TO RAISE CYBERSECURITY AWARENESS Among office and plant staff (approximately 64% of the workforce), with the following content: use of the internet, protection from external threats, use of computers and mobile devices, personal data protection, the classification and protection of information.

THE ADDITION OF A CYBERSECURITY RISK Assessment to the approval process for suppliers and contractors.

IMPROVEMENTS TO CYBERSECURITY TECHNOLOGIES Identity management and account privileges, two-stage authentication.

CHAPTER 5 Our responsible management in 2018 Safety

AF_CEPSA_IARC19_ENG_V9.indd 82 17/5/19 11:45