Protecting the data, information and systems that underpin our technology advantage enables Devon to live our core value to deliver results.
With Devon’s increasing reliance on information technology in our operations, cybersecurity is a growing area of focus and our board of directors is directly engaged. The Audit Committee of the board, which oversees the company’s enterprise risk-management program, considers information and cybersecurity risks in the course of its regular reviews. The Audit Committee chairman has completed the NACD Cyber-Risk Oversight Program and earned Carnegie Mellon’s *CERT Certificate in Cybersecurity.
Our corporate information security policy guides our work, including implementation of an industry-leading program aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework for risk management, which is assessed by third-party experts. We exercise and test our incident response and disaster recovery plans as part of Devon’s corporate-level emergency preparedness program.
Our information systems, risk and security are managed by a team of highly trained information security professionals. The team develops, uses and shares cyberthreat intelligence as a proactive measure, augmenting human intelligence with appropriate levels and layers of automation.
To protect our data and systems, we encourage a culture of prevention through cybersecurity awareness training for all employees and contractors, specific training for teams that have access to sensitive data, and recognition of employees who help us avoid potential cybersecurity events. In addition, we enforce responsible use of information systems as described in our Code of Business Conduct and Ethics, the Information System General Usage Policy and other related policies.