Responsibility
Information security: We have a certified management system.
We operate an information security management system (ISMS) which meets the requirements of the IT security catalogue pursuant to section 11 (1a) of the German Energy Industry Act (EnWG) (08/2015).
Our modern society is reliant on a well-functioning supply of energy, so a lack of natural gas could jeopardise public life. Under the Regulation on Critical Infrastructure of the Federal Office for Information Security (BSI), we have therefore been declared an ‘operator of critical infrastructures’ in Germany.
We have a special responsibility to provide our services uninterrupted and in line with requirements. For this, our information values must be very secure, meaning that the information we use for our business processes is available promptly at any time, and that it is processed correctly and used solely by authorised persons and systems.
The security of the information values is exposed to numerous threats, which we counter with appropriate technical and organisational measures.
These include the development of an effective information security management system (ISMS), which meets the minimum standards of the Federal Network Agency. These are set out in an IT security catalogue for power and gas networks.
Certification
For gas network operators, certification in accordance with the IT Security Catalogue of the Federal Network Agency, as stipulated in Section 11 (1a) of the German Energy Industry Act (EnWG, version 08/2015), is mandatory.
In 2017, TÜV Rheinland, as an accredited body, issued OGE its first certificate confirming the operation of an effective Information Security Management System (ISMS).
The certification covers gas transmission, including all associated tasks such as operation, control, maintenance, and expansion of transmission networks, as well as the operation, control, and maintenance of pipelines, facilities, and natural gas storage systems owned by third parties.
Since 2017, OGE has undergone recertification every three years, with surveillance audits conducted by TÜV Rheinland in the intervening years.
An ongoing task
Information security (including IT security) requires ongoing efforts and continual adaptation to developing requirements. We will therefore consistently implement and further develop all measures for the protection of our information and communication technology.
The maintenance and continual improvement of our management system is verified through internal audits and annual external audits.
