Managing information security risks
Schlumberger has developed and implemented a comprehensive, risk-based, global cybersecurity management program that is designed to identify, assess, manage, and mitigate information security risks facing the company. The underlying controls of this program are based on industry cybersecurity and information technology best practices and standards, such as ISO 27001 and National Institute of Standards and Technology (NIST) SP 800-53. We verify and drive improvements using an annual external maturity assessment of our cybersecurity program against the NIST Cybersecurity Framework (CSF). In addition, our DELFI cognitive E&P environment has obtained System and Organization Controls (SOC) 2 Type 2 certification.
All our employees and contractors are required to complete annual training and certifications in information security best practices, phishing, software compliance, and data protection. We also conduct periodic phishing scenario learning experiences and cybersecurity awareness campaigns during the year. Depending on their specific job functions, certain Schlumberger personnel may be required to take additional security awareness training.
The Board's Audit Committee is responsible for oversight of the company’s cybersecurity risk exposures and steps taken by management to monitor and mitigate such exposures. Several times per year, senior leadership, including our Chief Information Officer, briefs the Audit Committee on information security matters, including cyber audits performed by our internal audit function. In addition, cybersecurity risks are reviewed by the Board at least annually as part of the company’s annual corporate risk mapping exercise.
We maintain information security risk coverage in connection with certain assets and facilities.
Intellectual property rights protection
Intellectual property that is created when a Schlumberger employee makes a new discovery or conceives an idea, device, technique, or process related to our business becomes the exclusive property of Schlumberger. On joining the company, all employees agree to this concept as a condition of employment. The company also protects its intellectual property and confidential information by using nondisclosure agreements and confidential disclosure agreements before giving third parties access to such information. In addition, we require compliance with restrictions on the installation and use of third-party software on company computers.