Cybersecurity and in particular the protection of personal data are major challenges for a group the size of ENGIE at the heart of the energy transition and the digital revolution.
Cybersecurity concerns the IT security of individuals, tangible and intangible IT assets and organizations. This has become a crucial issue for the company and its stakeholders.
A number of systems are in place to counter the risk of a cyberattack or fraud:
- A cyber security monitoring centre keeps a constant eye on our networks and critical infrastructure. It includes monitoring of security patches
- User awareness campaigns
- Regular testing of the security systems in place, including tests against hacking and phishing, and crisis management testing
- Monitoring online attacks and fraud
- Additional special actions are taken according to cybersecurity regulations, like Europe’s Directive Network and Information Security (NIS)
- For some service parameters, certifications covering cybersecurity have either been obtained or are being worked towards (ISO, SOC2)
ENGIE also has cyber insurance.
All of these systems are regularly updated to adapt to new cyberattacks.
Below are links to the ENGIE Insight (United States) website on Security and Compliance, the site of the Agence Nationale de la Sécurité des Systèmes d'Information or ANSSI (France) and the site of the National CyberSecurity Centre or NCSC (United Kingdom): Personal data protection
- Security & compliance at ENGIE Insight to USA (ex-Ecova - SOC2 certification)
- Transport of the NIS Directive in France
- European Directive Network and Information Security (NIS)
- Agence National CyberSecurity Centre (NCSC) in UK for Cyber essentials
Protection of personal data
Binding Corporate Rules
ENGIE handles personal data, including those related to its employees as part of human resources management. Aware of the sensitivity of these data, the Group has set up Binding Corporate Rules (BCR) to ensure their protection in case of transfer outside the European Union. With these BCR, approved by all European data protection authorities, ENGIE joined the circle of companies that pay particular attention to the protection of personal data.