Security

Galp recognises the importance of assessing the threat level in countries where it holds assets, particularly in geographies where political and social instability is on the agenda.

The Security area of our Organisation ensures the following:

• risk analysis of the geopolitical situation of the countries where Galp has stakes in, per country and on a regular basis;
• regular analysis of the security risk per location where Galp operates;
• analysis of health risks and regular monitoring of their evolution, per location where Galp operates;
• active promotion of employee awareness, by issuing alerts with the main care to be carried out at each location and by each travelling employee;
• support in planning and managing crisis situations.

We ensure the effective management of the security risk by performing assessments that allow the identification of countermeasures appropriate to their minimisation.

In 2017, Galp was accepted as a member of The Voluntary Principles on Security and Human Rights, ensuring follow-up and alignment with the best practices of the industry.

Security risk analysis and control in our facilities

We assess the security risk levels of our facilities. We define and implement active and passive measures in order to reduce that risk.

We follow the API standard Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, which is based on an evaluation in four vectors: consequences/hazards, attractiveness, vulnerability and likelihood of occurrence.

Due to its nature, the Oil & Gas industry is constantly exposed to political and, consequently, security risks. The way to mitigate them is through direct collaboration with international experts in the field, which guides our strategic actions for providing accurate and timely information on the situation at any time in countries and regions where we operate.

At the same time, we maintain close contact with the authorities and we participate in the Security Committee of the International Association of Oil and Gas Producers (IOGP).

In addition, we take several actions to pro-actively address security, namely:

• We promote that each employee is responsible for their own protection, ensuring that they act in line with the criteria defined by the company.
• We investigate all security incidents in a systematic way, integrating the lessons learned.
• We ensure a dialogue with communities, governments and other entities on security and on acting responsibly, ethically and with respect for human rights.

Cybersecurity

We work to protect our assets, creating the necessary security conditions, namely in information technologies, cybersecurity and cyber resilience.

Here are some of the actions we have developed:

• We implement and maintain mechanisms and procedures that ensure the due integrity, confidentiality and availability of information in our information systems, business management and meeting the needs of our clients.
• We ensure periodic risk exposure assessments of our information systems.
• We promote the training of our employees towards adopting safe behaviours in the management of information technologies and information security.
• We carry out specific awareness actions for senior staff and risk groups.