Oil & Gas Project Assurance

Information Assurance for Asset Tracking System - Oil & Gas Sector

commissum worked closely with all stakeholders in this very complex project, to ensure the final security of the system.

Client

This was a flagship collaborative project to provide a web based asset tracking system that all members of the consortium and their suppliers would use to arrange and monitor transportation and location of assets (including people) on a global basis.

Client Requirement and Business Drivers

The system was required to provide a variety of access levels to the various user companies and individuals within them, but to at the same time ensure the protection of commercially sensitive and private data. Transportation was to be booked, training and health and safety records maintained, and the location of all individuals maintained while off-shore.

Enabling

• the systems used by all members of the consortium were different but essentially performed the same function - successful roll-out of the project would enable all to securely take advantage of the efficiencies introduced by adoption of a commonly hosted and supported system

• the system would provide a common set of processes for booking transportation, ensuring training and health and safety records were up to date, and recording the location of assets while off-shore – this could only be achieved if all consortium members and users were confident in the availability, integrity and confidentiality of the information held

Risk Reduction

• information held would be potentially commercially sensitive, relating to the movement of personnel around the globe

• personal data in the form of employee and contractor records led to a high priority being put on security to comply with data protection requirements of multiple countries

• a final concern related to terrorism, with locations of staff while on flights and at offshore locations being held within the system – also potential issues with availability through potential attacks from some more extreme environmental groups

commissum Services Provided 

commissum was engaged early in the project to provide a range of security related services. These included:

• early briefing of the 3rd party project development team on issues relating to development of secure applications

• audit of developer’s processes for development

• design review for security throughout the project lifecycle

• security testing at Factory Acceptance

• regression testing in the final phases prior to go-live

• final Site Acceptance Application and Infrastructure Security Testing

commissum worked closely with all stakeholders in this very complex project, to ensure the final security of the system. The management organisation that acted on behalf of the consortium, a major coordinator of collaborative projects in the oil and gas sector continues to be a valued partner with other collaborative ventures currently in progress.

• Case Study 1 - Online Banking Project Assurance
• Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
• Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
• Case Study 4 - Professional Institute - Strategic Security Review
• Case Study 5 - Government Agency - Business Continuity Exercise
• Case Study 6 - Government Agency - CLAS Services for Accreditation
• Case Study 7 - National Engineering Group - Security Programme
• Case Study 8 - Application Service Provider - Investor Due Diligence
• Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
• Case Study 10 - Investment Bank - Secure Application Development Training
• Case Study 11 - Manufacturing Company - Active Directory Review & ISO27001/27002 Gap Analysis