2024 McDermott Sustainability Report - Report - Page 28
Our Path
Our Approach
Environment
Social
Governance
Framework Alignment
Performance Data
2 0 2 4 S u st a i n a b i l i t y Re p o r t
DATA PRIVACY AND CYBERSECURITY
Protecting our data and systems
DATA PRIVACY
CYBERSECURITY
We have a robust program based on speci昀椀c internal data
privacy requirements that guide the collection, use, transfer,
release, disclosure, and security of sensitive internal data. These
requirements also apply to third parties who process such data on
our behalf.
We maintain a cyber risk management program based on the
ISO 27001 Security Information System management framework.
We approach cybersecurity through a risk-based approach to
threats and vulnerabilities. We strive for layers of prevention and
protection, ensuring backup if an individual system is violated. We
stress detection and quick and decisive responsiveness.
Additionally, we continuously work to assess and improve the
identi昀椀cation and protection of sensitive information, including
company and customer information. We deploy intellectual
property protection technology to monitor and prevent sensitive
data from being errantly disclosed or stolen. We regularly conduct
employee awareness training to improve protection of critical
customer and project data.
McDermott closely monitors the opportunities and related risk
of adopting new technologies, such as arti昀椀cial intelligence. We
recently formed an Arti昀椀cial Intelligence (AI) Governance Council
to guide safe and effective implementation of AI solutions that can
improve our success. Our processes protect and categorize data
to protect intellectual property of the company and our customers.
Cybersecurity privacy data is more important than ever for our
customers. Accordingly, we have made signi昀椀cant investments in
cyber tools to protect our company and our customers.
Employee education remains a major focus, as we try to ensure
that all our people recognize threats posed by social engineering.
These threats include phishing and deepfakes or impersonation.
Each October, we escalate our activity during Cyber Month,
conducting training in different time zones and having outside
experts discuss relevant topics. We also provide videos for our
employees to educate themselves on cybersecurity risks.
Our Cyber Security program is integrated into our AI Governance
process and includes conducting cyber reviews of our AI solutions.
We are backed up 24/7 by a managed service with expertise in our
endpoint defense tool. Our approach to incidents is aggressive. If
we feel a system is being attacked, we will take it off the network
immediately, contain it, analyze it, and proceed to maintain safe
operations.
28
