How We Manage Our Security Practices
At ONGC, we have our own dedicated security team and personnel with key tasks within the business to ensure our systems are secure and protected. This is regularly tested and evaluated to ensure any sensitive data is secure and inaccessible to any unauthorised parties.
Incident Response Plans
In the event that a security incident is identified, we have clearly defined Security Incident Response Plans that are tested regularly. This involves in-depth reviews and verification processes to confirm the severity of an incident, alongside detailed steps to ensure the event is appropriately managed.
24/7 Monitoring
Our systems are monitored 24/7 to ensure the highest level of security is maintained. We leverage industry leading AI driven solutions that also monitor telemetry and behaviours which in many cases highlight potential risk areas enabling us to address the risks before they are exposed.
Industry Standard Security Framework
Our security framework is aligned with industry compliance standards which are assessed annually. This ensures our practices remain aligned with the latest best practices and recommendations set by industry.
ACSC MSP3 Member
ONGC is registered with the Australian Cyber Security Centre’s MSP3 program which is primarily focused on ensuring MSP’s have the correct policies in place when managing the technology for not only themselves but also their clients.
Ahead of Cyber Attacks
By being part of the ACSC MSP3 program, ONGC is regularly included in threat bulletins and alerts released by the ACSC before they are made available to the public. This enables us to act quickly and evaluate potential vulnerabilities for our clients with the view to address relevant areas before they are exploited.
Shared Responsibility Security Model
Whilst we will always aim to do what is best for our clients when protecting their organisation from cyber-attacks, ONGC and our partners provide various levels of coverage that is important for you to consider. You, as the client, are responsible for ensuring the relevant security practices are implemented within your own business which may or may not include services from ONGC. Customers that primarily leverage cloud technologies can reference the following Shared Responsibility Model which illustrates what Microsoft is accountable for compared to their customers. This is a very common accountability model shared across most cloud service providers.
Whilst ONGC may supply services that provide certain levels of coverage, it is important that you understand your industry and legislative obligations. Additionally, every business needs to evaluate their own acceptable level of risk and ensure that you have the relevant processes, procedures and systems in place to manage it.
If you require further information around the services provided to you by ONGC and confirmation of the Cyber Security services included in our engagement, please reach out to our team today.