Our Enterprise Risk Management (ERM) program is designed to identify, mitigate, and manage enterprise-level risks to our organization, including in the areas of risk control, global IT infrastructure, physical security, and cybersecurity. Our Board of Directors oversees the assessment process, which relies on a consistent, systematic, and integrated approach. It includes a review of items that may impact Company strategy, business continuity, and crisis management.
Enterprise Risk Management
Ethics and Compliance, and Anti-Bribery
Streamline risk categories, risk identification, and risk management to ensure the best alignment with Halliburton strategy and place a critical focus on what matters most.
Enhance cross-functional visibility to and collaboration among key stakeholders throughout the organization to ensure consistency, uniformity, and a strategic approach to risk assessment, identification, and mitigation.
In 2022, the Company retained a global leader in ERM programs to refresh our annual risk-assessment process. This valuable partnership resulted in a more dynamic, streamlined, and collaborative approach to assessing strategic risk.
In workshop settings, 70 Company executives openly discussed, evaluated, and scored strategic risks based on their potential impact, likelihood of occurrence, and risk-mitigation preparedness. Results provided valuable feedback for focusing risk-mitigation attention, opportunities for process optimization, and higher risk areas that will continue to receive attention and ongoing auditing efforts.
Results are reported to relevant internal stakeholders and the Board of Directors' Audit Committee. They are equally incorporated into strategic planning for the coming years.
The Company has invested substantial resources in Information Technology (IT) infrastructure to migrate Halliburton's computing, storage, and business applications from on-premise data centers to the cloud. This allows us to further advance and expand our digitization strategy, and to provide agility, scalability, and flexibility to our business and customers. It also enables the Company to optimize IT infrastructure cost and eliminate capital expenditures.
Halliburton's data centers reduction and consolidation project aims to reduce the number of data centers from 12 to 5, and to reduce their overall combined footprint by around 75% — from 15,380 sq. ft. to 3,880 sq. ft. In 2022, we completed 68% of our targeted reductions and the remainder will be completed during 2023.
In 2022, we migrated a significant number of applications and computing and business data from the Company's data centers to cloud-based digital platforms. This allowed Halliburton to meet our digital strategy and on-premise infrastructure reduction goals, leading to reduced power and energy use as well as an associated environmental impact.
Global attacks on corporate IT and operational technology (OT) are increasingly frequent and sophisticated. Halliburton takes every threat to cybersecurity seriously. We invest significant resources to protect Company systems and data, and do so in alignment with industry standards, including the International Organization for Standardization (ISO) 27001, the National Institute of Standards and Technology (NIST) 800-53, NIST 800-82, and International Electrochemical Commission (IEC) 62443. The Company's Board of Directors was an early adopter among companies to call for an every-meeting update on cybersecurity. They receive quarterly cybersecurity updates, and our Audit Committee receives an in-depth annual review.
The Company's Defense-in-Depth design philosophies for IT and OT systems include the following techniques:
We perform periodic compliance activities for relevant product lines. In 2022, the Halliburton Landmark iEnergy® platform (an innovative hybrid cloud that deploys, integrates, and manages cloud applications in the exploration and production industry) completed a System and Organization Controls (SOC) 2 Type 2 assessment and audit. It evaluates and certifies that cybersecurity controls are in place and working as they are designed to work. The infrastructure component of iEnergy®, in addition to a suite of Halliburton Landmark applications, received recertifications and/or new certifications of their SOC 2 Type 2 compliance.
The Company used OT-specific training and standards and security assessments to increase employee and contractor knowledge about cybersecurity best practices and good cyber hygiene. This also helped elevate employee awareness of the importance of keeping these systems secure. In 2022, the Company enforced additional OT security-specific standards and policies, further enhancing our OT security posture. We also performed OT security self-assessments of all product lines to promote proper governance over cyber controls and to evaluate evolving cyber risks, and we improved product line network segmentation and endpoint security management. Additionally, we regularly evaluate advanced cybersecurity technologies that can help expand the Company's OT security portfolio.
The Company implemented an Identity and Access Management upgrade in 2022 to strengthen our security posture and improve user experience and productivity. Our Identity and Access Management system is a next-generation solution that provides flexible, reliable access control for on-premise and cloud services. It provides a modern user interface to request, approve, and re-certify access to IT resources, including systems, applications, and network resources. It also helps reduce operational overhead with its enhanced self-service and delegated administration capabilities.
In 2022, we enhanced our annual cybersecurity training with updates addressing the latest cybersecurity topics and threats. Halliburton is reducing cyber risk by requiring this annual training of all employees and contractors.
Halliburton protects the physical safety of employees. The Company has safety procedures and infrastructure in place to minimize the risks posed to employees' physical security by their work responsibilities.
Employee safety is paramount at Halliburton, and secure and safe workplace maintenance is one of our key priorities. The Company's commitment to our Code of Business Conduct (COBC) and established security controls is fundamental to workplace safety.
We regularly communicate with employees and managers on how to recognize, report, and manage threats of violence. In 2021, the Corporate Security team developed and delivered targeted training modules for key staff members to enhance the Company's ability to respond to threats of violence. The Company delivered this training again in 2022. Early identification and pragmatic management of these incidents are crucial factors to reduce and mitigate the risk of violence in the workplace.
Halliburton maintains a constant focus on the security of Company personnel and assets, especially in light of changes happening in the countries and environments where we work.
One difficulty involved in operating a global business is that employees and contractors who travel may be subject to dynamic security-oriented risks and threats, including interstate war, armed conflict, criminal behavior, activism, civil unrest, and terrorism. Prior to business travel, Halliburton personnel are required to review applicable security and health information, observe Company-mandated controls for their destination country, and have travel to certain high-risk destinations approved. We monitor worldwide security conditions and associated risks with Halliburton's network of security specialists and 24-hour Global Security Operation Center (GSOC) based in Houston. This enables us to warn our travel population of threats, incidents, or local developments that may affect them.
In 2022, Halliburton implemented a series of autonomous robotic security technologies in North America to reduce energy consumption and improve operational efficiency and potency. Most notably, the Company integrated unmanned aerial vehicles into a protective security role. This improved our ability to deter, detect, and disrupt threats to critical assets.
Sustainability means serving our customers, employees, stakeholders, and communities in an environmentally, socially, and ethically responsible way.VIEW OVERVIEW
Providing customers with safe, reliable, and efficient products and services is the core of our business.VIEW ENVIRONMENTAL
Our goal is to provide an inclusive, safe, and fulfilling workplace — because our people are at the center of everything we do.VIEW SOCIAL