Case Study

NOV sets high bar for compliance standards within the oil and gas industry

Blog Images 2023 Coalfire Case Study NOV 814x460 FINAL

NOV, a Houston-based, multinational energy company, has been in business for more than a century. But when it came to modern IT compliance needs, their IT and security teams required help responding to customers’ growing demands for cyber assurance.

CHALLENGE

In 2010, security teams in the energy industry got an alarming wake-up call. Nation state cyberwar was accelerating, and international attackers began aggressive industrial espionage campaigns. Operational technology systems are typically built to last 20 years, but it wasn’t until recently that customer and regulatory requirements became so top of mind. The Colonial Pipeline cyber incident in 2021 propelled the energy industry into the spotlight.

NOV builds digital products that handle large amounts of customer data. Certification insistence from regulators and customers was on the uptick, and higher expectations were rapidly increasing across the entire ecosystem among buyers, sellers, and supply chains. Prior to selecting Coalfire, NOV interviewed several firms and found their approaches to be draconian. NOV needed a modern IT compliance program, and Coalfire was the firm to help them with this transformation.

“Coalfire was selected because they are the best at what they do in helping transform NOV’s IT compliance program with strategy and assessment, on our continuous journey toward cybersecurity improvement.”

– JOHN MCLEOD, CHIEF INFORMATION SECURITY OFFICER (CISO), NOV

APPROACH

Working together is key to a successful compliance program. Coalfire’s approach comprised working with the security team and conducting an initial gap assessment, followed by a three-year audit to ensure continuous improvement. The in-scope frameworks were ISO 27001, ISO 27018, and SOC 1 Type 2. NOV also required risk assessments for the Cybersecurity Capability Maturity Model (C2M2), ISO 27001, and NIST Cybersecurity Framework (CSF).

NOV’s goal was to bring higher customer confidence to the company’s growing digital product cloud. Working smarter was the prerequisite to streamlining operations and gaining market advantage for the expected growth over the next few years. Because of the multi-engagements and certifications, Coalfire worked to understand NOV’s business and recommended combined assessments to leverage evidence across teams, which ultimately reduced costs.

“Our relationship with Coalfire helped us improve our posture, mature our credentials, and get us ahead on our compliance journey.”

– IRENE LAGUARDIA, INFORMATION SECURITY AND COMPLIANCE, NOV

RESULTS

NOV successfully achieved certifications across SOC and ISO, bringing their 34,000 employees and industrial controls, digital products, and endpoints into the new era of cloud-driven, digital transformation.

The Coalfire compliance team assessed gaps and helped shepherd security to give NOV a competitive advantage. The partnership enhanced the energy company’s ability to deliver proprietary technologies that help operators reduce the cost of supply and employ a capital-light business model with the ability to scale quickly. “We looked at other companies,” said Laguardia. “Coalfire’s team and methodology were, hands down, the best approach for us.”

With their updated compliance posture, NOV’s customers can get much-needed reassurance. NOV now sets the competitive bar for compliance transformation.

 
 
 

Related Resources