Security

The Security area of our Organization ensures the following:

• Risk analysis of the geopolitical situation of the countries where Galp has stakes in, per country and on a regular basis;
• Regular analysis of the security risk per location where Galp operates;
• Analysis of health risks and regular monitoring of their evolution, per location where Galp operates;
• Active promotion of employee awareness, by issuing alerts with the main care to be carried out at each location and by each travelling employee;
• Support in planning and managing crisis situations.

We ensure the effective management of the security risk by performing assessments that allow the identification of countermeasures appropriate to their minimization. Galp is a member of The Voluntary Principles on Security and Human Rights, ensuring follow-up and alignment with the best practices of the industry.

Security risk analysis and control in our facilities

We assess the security risk levels of our facilities. We define and implement active and passive measures in order to reduce that risk.

We follow the API standard Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, which is based on an evaluation in four vectors: consequences/hazards, attractiveness, vulnerability and likelihood of occurrence. The year 2020 was mainly dedicated to reviewing the Security risk level in Galp's main facilities, ensuring that their risk is low.

Due to its nature, the Oil & Gas industry is constantly exposed to political and, consequently, security risks. The way to mitigate them is through direct collaboration with international experts in the field, which guides our strategic actions for providing accurate and timely information on the situation at any time in countries and regions where we operate.

At the same time, we maintain close contact with the authorities and we participate in the Security Committee of the International Association of Oil and Gas Producers (IOGP).

In addition, we take several actions to pro-actively address security, namely:

• We promote that each employee is responsible for their own protection, ensuring that they act in line with the criteria defined by the company.
• We investigate all security incidents in a systematic way, integrating the lessons learned.
• We ensure a dialogue with communities, governments and other entities on security and on acting responsibly, ethically and with respect for human rights.

From 2020, all employees travelling on business or expatriates will have access to a mobile application that enables access to medical assistance, security services and crisis management support - International SOS Assistance App.

Cybersecurity

We work to protect our assets, creating the necessary security conditions, namely in information technologies, cybersecurity and cyber resilience.

Here are some of the actions we have developed:

• We implement and maintain mechanisms and procedures that ensure the due integrity, confidentiality and availability of information in our information systems, business management and meeting the needs of our clients.
• We ensure periodic risk exposure assessments of our information systems.
• We promote the training of our employees towards adopting safe behaviors in the management of information technologies and information security.
• We carry out specific awareness actions for senior staff and risk groups.

The company has recently created the function of Chief Information Security Officer, within the Risk Management Department, with the responsibility for defining and monitoring cybersecurity risks. In addition, Galp has implemented information security policies, regular cybersecurity surveys and audits, which are performed by Galp or by independent experts representing Galp, in order to better understand the level of the potential threats. These include monitoring the potential fragilities of (critical) suppliers.