COSL strengthens information security with ISO 27001 certification from DNV

With ISO 27001 certification for Information Security from DNV, COSL Drilling Europe has now obtained its fifth DNV certificate. The certification covers the entire organisation – both information technology (IT) and operational technology (OT) systems onshore and offshore – and marks a new step in the company’s holistic approach to safety and quality.

The Norway-based drilling and rig company COSL Drilling Europe has a strong culture for governance and improvement, and the ISO 27001 certification adds to a series of certifications that already include ISO 9001 for Quality Management, ISO 14001 for Environmental Management, ISO 45001 for Occupational Health and Safety Management, and ISO 50001 for Energy Management.

For COSL Drilling Europe, this is not only about compliance but about staying ahead.

“We are forward-looking and want to be early movers. The world is becoming increasingly digital, and we are highly focused on ensuring that data does not go astray – and on securing the integrity of our data. ISO 27001 has therefore become essential for us, both to protect our own operations and to meet customer requirements,” says Torfinn Kalstø, ICT Manager at COSL Drilling Europe.

Applies to the entire organisation
For COSL, information security is closely linked to safe and secure operations. The ISO 27001 certification covers all of COSL Drilling Europe’s operations, both IT and OT, and applies to the entire organisation – both onshore and offshore.

“We have not seen any other company do this before, at least not in our industry. We have always been highly effective at protecting people, and we are now well-positioned to protect systems as well. While IT is important to us, OT and control systems are critical. They represent the very core of our operation, with many systems and extensive mechanical equipment. An operational technology-directed attack can have serious consequences for both safety and operations,” says Kalstø.

A standard that provides real value
The need for robust information security has increased significantly in the energy sector in recent years. COSL Drilling Europe finds that the certification has great practical value in interactions with customers.

“Three years ago, no one asked questions about IT security beyond whether you had a backup. Now things are entirely different. One of our customers recently sent an audit team that almost exclusively asked questions related to ISO 27001. If we had had the certificate at that time, both we and the customer could have saved around ten days of work. Now that we can refer to this certificate, it makes our day-to-day work far easier,” says Kalstø.

With five ISO certifications in place, COSL Drilling Europe demonstrates how systematic work with standards and audits can create real value for operations, customers, and safety.

“We see a clear shift in the industry. Operational technology systems are no longer isolated but connected to networks and therefore exposed to new types of risk. COSL Drilling Europe is a role model for how to work strategically and holistically with safety, where information security becomes a natural part of quality management,” says Paul Carr, ISO 27001 lead auditor in DNV.

Synergy from having multiple certifications
For COSL Drilling Europe, the certifications are not only about documentation, but about quality and improvement. The company has been certified according to ISO 9001 for many years, which has made this certification much easier.

“We are proactive and focused on continuous improvement. We always make a plan for what we want to achieve, and we have had ISO 27001 on the radar for a long time and taken the necessary steps to be ready. Implementing management systems in advance and then certifying afterwards has become our way of working. At the start of the ISO 27001 certification, around 70 per cent of the new standard was already in place, and we experience many synergies from the other standards we have implemented,” says Kalstø.

Seamless process with DNV
COSL Drilling Europe has had a long collaboration with DNV, which has also certified the company under several other standards.

“We cooperate with DNV because they are the strictest, and the certificates therefore provide the highest value in the market. When we can present our certificates from DNV, it has positive ripple effects and high credibility,” says Kalstø.

The certification process was carried out as part of DNV’s seamless certification process, a coordinated and integrated approach where different audits are aligned to reduce overlap and streamline the work.

“The seamless process has been invaluable to us. We are a streamlined organisation without dedicated staff working on certifications, so the fact that DNV can coordinate our audits means a lot. We get one joint physical audit, often the same auditors, and an approach that places minimal burden on operations,” says Kalstø.

“COSL Drilling Europe has an impressive level of management systems and a clear strategy for continuous improvement. Our goal has been to support them in gaining maximum value from the standards through an integrated audit process that covers quality, environment, safety, energy, and information security,” says Paul Carr, ISO 27001 Lead Auditor at DNV.

Together, COSL Drilling Europe and DNV demonstrate how targeted use of international standards can contribute to safer, more robust, and more sustainable operations in an increasingly digital energy sector.

COSL Drilling Europe now holds the following certifications:

• ISO 9001 - Quality Management

• ISO 14001 - Environmental Management

• ISO 45001 - Occupational Health and Safety Management

• ISO 50001 - Energy Management

• ISO 27001 - Information Security Management