0-1 Guideline for Risk Assessment is not referring to any industry standard and is not quantifying the consequence

Update procedure for risk assessment
according to industry standard and quantify
probability and consequence.

After sending several emails to get feedback on the findings i received an answer that they will not update their procedure. This is not satisfactory but I will close the action. Email is attached.

0-2 The Business Risk Register does not have specified actions with action responsible and deadline. The business risk should be evaluated continuously.

Update Business Risk register with specific
responsible position/person and deadline

Responsible person and deadline are included in the Business Risk Register. See attached

0-3 Several goals did not have an action plan.

The Goals should have an
action plan. Suggest
making a HSEQ Plan that
includes KPIs and
activities

Action plans are included in the HSEQ plan

IMP-1 Follow up of actions

Recommend using one system for follow up of actions from audits, customer feedback, deviations, and
improvements suggestions.

They will not follow the recommendation.

N/A

Bugs and software updates should be continuously communicated to the clients

A quarterly report is received with information, updates, etc. In addition, information and updates are given directly in the software application (documentation.oliasoft.com)

N/A

Formalise industry standards and regulations – Summary slides

Received in the TRL slides

N/A

Description of Security Management

The contract includes security and how this is managed

N/A

Send a description of the Equinor TRL process (1-4)

Attached to the report

0-1 Guideline for Risk Assessment is not referring to any industry standard and is not quantifying the consequence

Update procedure for risk assessment
according to industry standard and quantify
probability and consequence.

After sending several emails to get feedback on the findings i received an answer that they will not update their procedure. This is not satisfactory but I will close the action. Email is attached.

0-2 The Business Risk Register does not have specified actions with action responsible and deadline. The business risk should be evaluated continuously.

Update Business Risk register with specific
responsible position/person and deadline

Responsible person and deadline are included in the Business Risk Register. See attached

0-3 Several goals did not have an action plan.

The Goals should have an
action plan. Suggest
making a HSEQ Plan that
includes KPIs and
activities

Action plans are included in the HSEQ plan

IMP-1 Follow up of actions

Recommend using one system for follow up of actions from audits, customer feedback, deviations, and
improvements suggestions.

They will not follow the recommendation.

N/A

Bugs and software updates should be continuously communicated to the clients

A quarterly report is received with information, updates, etc. In addition, information and updates are given directly in the software application (documentation.oliasoft.com)

N/A

Formalise industry standards and regulations – Summary slides

Received in the TRL slides

N/A

Description of Security Management

The contract includes security and how this is managed

N/A

Send a description of the Equinor TRL process (1-4)

Attached to the report