Security

Statkraft works systematically on issues linked to security, emergency preparedness and crisis management. The handling of security issues is based on internationally recognised principles.

Statkraft takes a comprehensive approach to security topics and aims to comply with good international practice. In Statkraft, the area of security encompasses personnel security, physical security, IT system security and information security.

The Group's guidelines for securing personnel and assets are based on national guidelines and internationally recognised principles.

Risk assessment

The security situation, as regards for example political instability, terrorism, sabotage and organised crime, is assessed continually in all areas where Statkraft has a presence. Such assessments are made both at the corporate level and by the individual unit. Statkraft’s interests in Turkey are followed up particularly, and the situation in the country and the region is continuously monitored and assessed.

Immediate measures will be considered upon changes in the security situation, for example reinforced security routines and travel restrictions.

Preparedness

All business units, country offices and operative units in Statkraft have established emergency preparedness plans in order to handle emergencies in a structured and systematic manner. In addition, there is an overall Group emergency preparedness plan describing procedures for notification, interaction, information sharing and communication in a crisis. The emergency preparedness plans are regularly revised, and regular drills are held on small and large scales.

Securing Statkraft's assets

All of Statkraft's buildings, plants and infrastructure are secured against unauthorised access. The purpose of this is to secure the Group's assets against external threats and vandalism, but also to protect third parties against any safety risks in connection with the Group's installations.

Statkraft is involved in development activities in countries and areas which can be politically unstable. This may result in an increased need for guards and security measures for people and assets. If the threat situation so warrants, this may involve armed guards. The provision of security will have to be in line with relevant principles of the Voluntary Principles for Security and Human Rights.

Information security

Statkraft’s work on information security will maintain confidentiality, integrity and access to the organisation's information. In 2015, Statkraft implemented a number of measures to strengthen security and improve the company's ability to detect and handle risks and incidents related to information security.

Statkraft has, along with other energy companies, decided to establish a new company, KraftCERT. KraftCERT cooperates with Norcert and other security authorities and its main objective is to strengthen the electric utility industry's ability to detect and resist cyberattacks on the industry's IT systems. In addition, Statkraft has established CSIRT (Computer Security Incident Response Team), with responsibility for following up notifications from for example KraftCERT, and operational handling of incidents related to IT security.