The Baker Hughes Security Team is committed to protecting our people, our workplaces, our operations, and our communities globally through intelligence based risk mitigation measures. Our approach extends from mitigating site security risks to supporting traveler safety, as well as broader situational awareness and incident/crisis preparedness and response.
In 2020, the Baker Hughes Security function was ranked number one in the energy sector in Security Magazine’s annual ratings list, the Security 500. This is an annual ranking of the top 500 enterprise-security programs across 20 sectors. Companies are ranked on a variety of factors and metrics, including progressiveness of their security programs, efficiency of costs, security spend as a percentage of revenue, and other attributes that are gained from interviews and independent research.
Horizontally structured to support product companies, functions, and regions, the team is organized in accordance with global risk and operational structure. Our Code of Conduct establishes principles that require our employees to act in a manner that is compliant with all applicable laws and expects our employees to do what is right, safe and considers the wellbeing of communities in which we operate. Our business partners, vendors, suppliers, and contractors are also expected to abide by these principles, including our contract security personnel. In addition, our security team is currently building a process and training to ensure all contractors not only follow our Code of Conduct, but are better prepared to assess and mitigate human rights risks in any situation.
The Security team monitors global developments and educates and equips employees to recognize, report, and prevent an array of potential risks at our workplaces, while traveling, or across our operations. Workplace violence, natural disasters, terrorism, and broader socioeconomic or geopolitical risks are just a few of the potential risks monitored and managed. In addition, the Security team oversees the governance and implementation of the crisis management and business continuity programs for Baker Hughes through global standards and processes, training, exercises, resources, and ongoing engagement.
At the center of Baker Hughes’s security operations is the Global Intelligence & Travel Security Operations Center (GITSOC) focused on: 1) monitoring global developments and issuing timely updates; 2) administering the travel security program for high-risk locations; and 3) operating the emergency-notification system for critical communications and operational impact.
In 2020, we conducted virtual town halls, security-awareness campaigns, and webinars. We also introduced a new tool to capture security-related concerns and incidents/potential incidents that are escalated to the regional security team to address. This enables the Security team to respond quickly and track trends over time to improve the effectiveness of its programs and better support employees.
Security activated and provided ongoing support of the global, regional, and local crisis-management teams (CMTs) charged with leading the company’s global COVID-19 response. Since structures and processes were in place prior to the pandemic, our CMTs were able to scale up quickly to support our employees and operations in an unprecedented environment. In addition, the security team supported a number of subsequent CMT activations and drills to support other events outside of the pandemic such as extreme weather, civil unrest, and geopolitical conflicts, among others. The team has now learned lessons from the last year and is further refining our approach in 2021 and beyond.
After its launch in early 2020, the GITSOC quickly adapted its approach to monitor the evolving COVID-19 regulatory landscape along with other key risk areas. This team, along with the broader security organization, played a key role in helping employees affected by border closures or other travel restrictions return home safely. In addition, they disseminated timely updates related to a myriad of other situations through security advisories, notifications, or alerts.
Privacy and cybersecurity
Baker Hughes takes security and data privacy very seriously, and we are committed to individual’s rights to data protection and privacy. We protect our digital systems and data through a comprehensive cybersecurity management program, and we operate a comprehensive Cyber Fusion Center to coordinate resources, reduce incident response time, and shift toward a proactive cyber-defense model. Following the National Institute of Standards and Technology cybersecurity framework, we conduct third-party reviews of our program.
Baker Hughes has a Global Data Privacy Program in place which is designed to ensure that personal data will be protected and handled in accordance with applicable law and applicable contractual obligations. In 2020, we replaced our existing data-privacy management system and updated our cookie consent process to assess and record data processing activities efficiently, while ensuring compliance with data privacy regulations. We also modernized our identity and access management infrastructure and implemented new capabilities including secure and seamless federation authentication capabilities for customers and suppliers.
Baker Hughes’ Product Security approach spans three critical cornerstones: people, process, and technology. It is based on international standards, regulations and industry best practices, such as:
- NIST Cybersecurity Framework (CSF) — Framework for management of cybersecurity risks
- ISO 27001 - Information technology — Security techniques
- IEC-62443 suite – Industrial Network and System Security
This holistic approach ensures that organizational and technical security measures are integrated into the product development lifecycle at all stages, from requirements specification, to design, implementation, operation and maintenance. Methods and tools commonly accepted by both the security and industry communities are used to ensure products are shipped free of known vulnerabilities. Baker Hughes serves as a trusted partner to energy-related operators willing to keep or improve their operational security posture.