Security Team in Houston

The security and protection of our people, assets, information and reputation are cornerstones of our business. While risk can never be eliminated, we continuously strive to mitigate it by prudently anticipating, preventing and responding to internal and external security threats.

As an operator of critical infrastructure and facilities in challenging locations worldwide, we work closely with governmental agencies, nongovernmental organizations, our peers and local communities on initiatives to identify, deter, prevent and mitigate a range of potential threats to company personnel, facilities and operations. We manage our facilities consistent with national and international security standards and regulations including:

  • U.S. Customs-Trade Partnership Against Terrorism standards
  • Department of Transportation
  • Transportation Worker Identification Credential (TWIC)
  • Hazmat Transportation Security requirements
  • Chemical Facility Anti-Terrorism Standards
  • International Ship and Port Facility Security Code
  • Maritime Transportation Security Act
  • Maritime Transport and Facilities Security Regulations (Australia)
  • Bureau of Land Management
  • All other applicable governmental security requirements

We maintain a “Tier III” status in the Customs-Trade Partnership Against Terrorism program by demonstrating effective security that exceeds the minimum program criteria. This effort is conducted through our partnership with U.S. Customs and Border Protection who assess the overall effectiveness of our security processes.

We remain an active, participating member of the U.S. State Department Overseas Security Advisory Council (OSAC), the Domestic Security Alliance Council (DSAC), Voluntary Principles on Security and Human Rights (VPSHR) and other national and international security organizations.

Cybersecurity

Our business has become increasingly dependent on digital technologies, some of which are managed by third-party service providers on whom we rely to help us collect, host or process information. Among other activities, we rely on digital technology to estimate oil and gas reserves, process and record financial and operating data, analyze seismic and drilling information and communicate with employees and third parties. As a result, we may face various cybersecurity threats including:

  • Attempts to gain unauthorized access to, or control of, sensitive information about our operations and our employees.
  • Attempts to render our data or systems (or those of third parties with whom we do business) corrupted or unusable.
  • Threats to the security of our facilities and infrastructure as well as those of third parties with whom we do business.
  • Attempted cyberterrorism.

The Information and Operational Technology Security team is responsible for cybersecurity strategy and planning. The team reports to the Chief Digital and Information Officer who reports to the Executive Vice President, Strategy, Sustainability and Technology. Information security requirements for all employees, contractors and partners are detailed in the ConocoPhillips Information Security & Protection policy, which is approved by senior leaders. Our ongoing information security management strategy is to align the company’s program with the NIST Cybersecurity Framework.

0 Reportable Cybersecurity Incidents infographic

While our management team is responsible for the day-to-day management of risk, the ConocoPhillips Board of Directors has broad oversight responsibility for our risk management programs. In order to maintain effective board oversight across the entire enterprise, the board delegates certain elements of its oversight function to individual committees. The Audit and Finance Committee (AFC) assists the board in fulfilling its oversight or enterprise risk management (ERM) regarding the effectiveness of information systems and cybersecurity. In addition, the board delegates authority to the AFC to manage the risk oversight efforts of the various committees. As part of this authority, the AFC regularly discusses ConocoPhillips’ ERM policies and facilitates appropriate coordination among committees to ensure that our risk management programs are functioning properly.

2022 Cybersecurity Pie chart

To help reduce the likelihood of cybersecurity incidents, employees and contractors are required to complete information security training annually, and we frequently communicate with our workforce about best practices to avoid cyberthreats. We annually review our security awareness training to ensure that it is up to date on current security challenges and the company’s security objectives.