Item 1C. Cybersecurity.

SLB maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company’s enterprise risk management system and addresses both the corporate information technology environment and customer-facing products.

The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization Standardization (“ISO”) 27001 Information Security Management System Requirements. SLB has an annual assessment, performed by a third party, of the Company’s cyber risk management program against the NIST CSF.

SLB has a Cyber Security Operations Center operating in three locations to provide 24/7 monitoring of its global cybersecurity environment and to coordinate the investigation and remediation of alerts. A program for staging incident response drills is in place to prepare support teams in the event of a significant incident.

Cyber partners are a key part of SLB’s cybersecurity infrastructure. SLB partners with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. SLB engages with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in SLB’s environment.

14

---

 

SLB’s Cyber Security Director reports to SLB’s Chief Information Officer and is the head of the Company’s cybersecurity team. The Cyber Security Director is responsible for assessing and managing SLB’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by SLB.

The Audit Committee of the Board of Directors oversees SLB’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee on the effectiveness of SLB’s cyber risk management program, typically on a quarterly basis. In addition, cybersecurity risks are reviewed by the SLB Board of Directors, at least annually, as part of the Company’s corporate risk mapping exercise.

SLB faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. SLB has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on SLB’s business, financial condition, results of operations, or cash flows. See “Risk Factors – Business and Operational Risks – Our operations are subject to cyber incidents that could have a material adverse effect on our business, financial condition, results of operations, and cash flows.”