Fortum Power and Heat provides customers around the world with electricity, gas, heat, and cooling, as well as intelligent solutions that enable more efficient resource use.
Fortum is a Nordic energy company with the goal of providing energy for a world where people, businesses, and nature thrive together. The company considers itself one of the cleanest energy producers in Europe, and its actions are driven by ambitious environmental goals. They reliably generate and supply clean energy, supporting industry in their development and decarbonization. In response to climate change, the company has committed to achieving climate neutrality and protecting biodiversity, with plans to phase out coal from its operations by 2027 and achieve climate neutrality by 2030.
Facts and figures
Full name
Grupa Fortum
Employment
5 000
Industry
Energy sector
What did the client expect?
Due to its continuous development, Fortum sought consultancy in the areas of cybersecurity and information security. The request was not for a single service, but for comprehensive support, including necessary audits, documentation updates, and training. PBSG provided all of this. During our meetings, we presented a comprehensive offer and reassured them of the availability of our consultants, which was a key factor in our advantage. Our extensive experience, particularly in the energy sector, and the guarantee of executing the project in a thorough and non-disruptive manner for the organization’s daily operations, were also crucial factors.
The project was carried out in 2022 and 2023. It involved conducting a security audit of the information system used for providing critical services, as well as cybersecurity training. We divided the project into logical steps to ensure both operational continuity and compliance with ISO 27001 and the KSC Act.
What did we do?
WE CONDUCTED A PRE-IMPLEMENTATION ANALYSIS
First, we focused on identifying the information systems used to provide critical services and conducted an initial analysis of their security status. We examined the procedures and documentation.
WE CONDUCTED AN AUDIT
We assessed the compliance status of the systems and infrastructure with the requirements of the KSC Act and related standards. Through extensive analysis, thorough evaluation, and numerous consultations, we were able to identify gaps that needed to be addressed.
WE DELIVERED THE AUDIT REPORT
We prepared a practical and clear report, including recommendations and identifying areas for improvement in cybersecurity. The audit findings were used to update the KSC documentation.
WE CONDUCTED CYBERSECURITY TRAINING
We conducted the cybersecurity training online, with approximately 100 participants. We focused on practical topics to genuinely enhance the participants’ knowledge in the field of cybersecurity.
What were the results?
The project involved an audit of the information security system used to provide a critical service, followed by cybersecurity training.
The services included:
- 2023 – training on a practical approach to cybersecurity;
- 2022 – conducting a security audit to ensure compliance with the requirements of the National Cybersecurity System Act;
- Improving existing documentation and processes related to information security, business continuity, and cybersecurity.
We conducted the project in accordance with the highest standards, as evidenced by the positive references from the client. Thanks to our consultancy and the dedicated team, the security audit was carried out effectively. Additionally, thanks to our excellent knowledge of the law and best practices in cybersecurity, Fortum Power and Heat Sp. z o.o. and Fortum Silesia SA employees gained practical information and knowledge, taking into account the client’s administrative requirements.
All the actions taken allowed us to enhance the organization’s security level as an operator of a critical service, as well as increase awareness and broaden knowledge in the areas of information security and cybersecurity.
What did the client gain?
Optimized and improved operational processes related to information security.
Customized documentation and procedures compliant with the requirements of the KSC Act.
Compliance of the information security system with ISO 27001.
Increased awareness and knowledge of employees in the field of cybersecurity.
