Safeguarding our networks, systems and information

The Colonial Pipeline ransomware attack in 2021 certainly highlighted the vital role cybersecurity plays in the global energy system. At Devon, we know that cybersecurity is crucial to our ability to sustain our business.

Every day, we collect, use, share and store a significant amount of data to run our business. We invest in sophisticated tools and processes to protect our technology advantage, strengthen our business continuity capabilities, manage risk and deliver results.

Safeguarding our networks, systems and information starts with our highly skilled digital security professionals who apply artificial intelligence, process automation, data analytics and other techniques in the field and the office. We require and pay for each member of our security operations team to earn SANS Institute certifications for security essentials and incident handling.

Our security professionals meet weekly to discuss cyberthreats, incidents and effective prevention measures. They also proactively develop, use and share information on cyberthreats, enhancing human intelligence with appropriate levels and layers of automation.

At the highest governance level, three members of the Devon board of directors have technology or cybersecurity experience. The board and its Audit Committee take an active interest in cybersecurity as part of their risk management oversight role and receive regular updates on our information security program and cyberattack trends from the Devon management team.

To mitigate cybersecurity risk, we maintain an industry-leading corporate information security policy and program aligned with the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework for risk management. Our policy and program are assessed by third-party experts, and we internally exercise and test our incident response and disaster-recovery plans as part of Devon’s corporate emergency preparedness program.

A culture of prevention is important to our digital security. Devon provides cybersecurity awareness training for all employees and contractors during onboarding and through annual refresher training. Teams that have access to sensitive data receive specific training and employees who help us avoid cybersecurity events receive recognition. Responsible use of our information systems is covered in our Code of Business Conduct and Ethics, the Information General Usage Policy and related policies.

As part of its role to protect data and technology appropriately, our digital security team evaluates technologies that Devon builds, buys or deploys and provides recommendations to the business owners. This risk assessment role is essential as Devon increasingly develops our own patented technologies, deploys mobile apps in the field, and partners with other innovators to commercialize and scale technology solutions.