For GRTgaz, the security of its facilities and information systems is a permanent and crucial objective. This is a key factor in performance and risk prevention and management within the company.
POLICIES AND RESOURCES IMPLEMENTED
There is a risk of industrial accidents occurring during third-party works near the network or following a pipeline inspection and maintenance failure. Industrial risk is controlled through the implementation of prevention, maintenance and monitoring policies under the ministerial order governing the integrity of gas transmission pipelines. The integrity of GRTgaz’s structures is ensured by an inspection of structures carried out every 10 years, followed by any necessary repairs to ensure that they are suitable for service over time.
The cybersecurity risk is managed right at the top of the company, by the information systems department. A cybersecurity management system based on ISO2700x is currently being deployed. The topic is regularly discussed at GRTgaz Executive Committee meetings. Employee awareness is at the heart of the cybersecurity policy. A network of cybersecurity contacts has been organised at the management level of each GRTgaz division to implement the policy.
“In 2022, we took part in security forums alongside various companies. These forums are an opportunity for discussion and sharing good practice with around 70 companies involved in the projects carried out by GRTgaz.”
“In 2022, we worked on eight ‘phishing’ campaigns. These campaigns provide practice for employees to make them active players in the security of the information system, confronting them with attempts to breach our systems.”
