Data Privacy and Cybersecurity | SLB

Data Privacy and Cybersecurity

SLB has implemented a global program to identify, assess, manage, and mitigate information security risks

Bergen Office
Bergen Office
Man looking at laptop screen with other people working in the background.

We take every available measure to preserve the security of all electronic records that are created or transmitted using company tools, whether the data belongs to us or our customers. We are committed to protecting and respecting the privacy of any employee or third-party personal information that we process. Specific internal data privacy requirements guide the collection, use, transfer—including transfer across international boundaries, release, disclosure, and security of such data. These requirements also describe our expectations for third parties who process such data on our behalf.

Managing information security risks

SLB has developed and implemented a comprehensive, risk-based, global cybersecurity management program that is designed to identify, assess, manage, and mitigate information security risks facing the company. The underlying controls of this program are based on industry cybersecurity and information technology best practices and standards, such as ISO 27001 and National Institute of Standards and Technology (NIST) SP 800-53. We verify and drive improvements using an annual external maturity assessment of our cybersecurity program against the NIST Cybersecurity Framework (CSF). In addition, our DELFI cognitive E&P environment has obtained System and Organization Controls (SOC) 2 Type 2 certification.

All our employees and contractors are required to complete annual training and certifications in information security best practices, phishing, software compliance, and data protection. We also conduct periodic phishing scenario learning experiences and cybersecurity awareness campaigns during the year. Depending on their specific job functions, certain SLB personnel may be required to take additional security awareness training.

The Board's Audit Committee is responsible for oversight of the company’s cybersecurity risk exposures and steps taken by management to monitor and mitigate such exposures. Several times per year, senior leadership, including our Chief Information Officer, briefs the Audit Committee on information security matters, including cyber audits performed by our internal audit function. In addition, cybersecurity risks are reviewed by the Board at least annually as part of the company’s annual corporate risk mapping exercise.

We maintain information security risk coverage in connection with certain assets and facilities.

Intellectual property rights protection

Intellectual property that is created when a SLB employee makes a new discovery or conceives an idea, device, technique, or process related to our business becomes the exclusive property of SLB. On joining the company, all employees agree to this concept as a condition of employment. The company also protects its intellectual property and confidential information by using nondisclosure agreements and confidential disclosure agreements before giving third parties access to such information. In addition, we require compliance with restrictions on the installation and use of third-party software on company computers.