Information security: We have a certified management system.
We operate an information security management system (ISMS) which meets the requirements of the IT security catalogue pursuant to section 11 (1a) of the German Energy Industry Act (EnWG) (08/2015).
Our modern society is reliant on a well-functioning supply of energy, so a lack of natural gas could jeopardise public life. Under the Regulation on Critical Infrastructure of the Federal Office for Information Security (BSI), we have therefore been declared an ‘operator of critical infrastructures’ in Germany.
We have a special responsibility to provide our services uninterrupted and in line with requirements. For this, our information values must be very secure, meaning that the information we use for our business processes is available promptly at any time, and that it is processed correctly and used solely by authorised persons and systems.
The security of the information values is exposed to numerous threats, which we counter with appropriate technical and organisational measures.
These include the development of an effective information security management system (ISMS), which meets the minimum standards of the Federal Network Agency. These are set out in an IT security catalogue for power and gas networks.
For power and gas network operators, certification according to the Federal Network Agency’s IT security catalogue is mandatory. The TÜV Rheinland, as an accredited company, verified OGE’s operation of an effective ISMS as part of this certification in 2017, stating its validity “for gas transmission including all the tasks associated with this such as operations, control, maintenance and expansion of transmission networks as well as the operations, control and maintenance of pipelines, plants and natural gas storage facilities owned by third parties.”
An ongoing task
Information security (including IT security) requires ongoing efforts and continual adaptation to developing requirements. We will therefore consistently implement and further develop all measures for the protection of our information and communication technology.
The maintenance and continual improvement of our management system is verified through internal audits and annual external audits (re-certification every three years, two monitoring audits).