Our commitment to security:
I, HÃ¥kon Volldal, as the Chief Executive Officer of Nel ASA, hereby commit to the following:
- I will ensure that the organization has an effective information security management system (ISMS) in place.
- I will provide the necessary resources to support the implementation and maintenance of the ISMS.
- I will promote a culture of information security awareness and responsibility throughout the organization.
- I will hold all employees accountable for complying with the ISMS.
I will keep the Board of Directors appraised of material developments, deviations, and events related to the information security policy framework. I am aware that the effective protection of our information assets is essential to the success of our organization. I am committed to ensuring that we have in place the necessary controls to protect our information from unauthorized access, use, disclosure, modification, or destruction.
I am aware that the security of Nel and its customers’ information assets depends on having critical suppliers maintaining or exceeding the security standards of Nel. I am committed to ensuring that the critical suppliers for Nel’s production and products undergo proper screening, and that the supply chain risk management is an ongoing and effective security measure at Nel.
This commitment is made on behalf of the entire organization and will be reviewed and updated on a regular basis to ensure that it remains relevant and effective.
HÃ¥kon Volldal, CEO
Compliance
Nel is certified to ISO/IEC 27001:2022, the internationally recognized standard for information security management systems.
This certification confirms that our security controls, risk management processes, and operational practices meet rigorous global standards.
Our security program is regularly assessed through independent reviews and internal audits to ensure ongoing compliance and continuous improvement.
We align with globally recognized security and privacy frameworks and maintain documented controls across all operational processes.
Security controls
Internal Security Procedures: We maintain documented internal security procedures to protect systems and information assets. These include risk assessment and management, security policies, change management controls, and regular review of operational risks. Identified risks are assessed and treated through defined mitigation plans.
Infrastructure Security: We protect infrastructure through layered controls, secure system configurations, network segmentation, and continuous monitoring. Nel has partnered with an external supplier for 24/7 Security Operation Center support.
Access to systems and environments is controlled and logged. Infrastructure configurations are regularly reviewed and maintained.
Vulnerabilities Management: We proactively identify and remediate security vulnerabilities through vulnerability scans, annual penetration testing, patch management, and responsible disclosure. Patching is prioritized based on risk impact.
The Human Factor: We maintain organizational security through employee background checks (where permitted by law, and based on role and risk qualifiers), security awareness training, confidentiality agreements, secure electronic asset disposal, and supplier security assessments.
Business Continuity & Resilience: We maintain business continuity and disaster recovery (BC/DR) plans to support service availability and recovery from disruptions. These include data backup procedures and defined recovery processes.
Security Incidents: Nel maintains formal incident detection, response, and escalation procedures. Security incidents are logged, investigated, and managed in accordance with defined response plans. Regular testing of incident response and recovery plans are performed via annual tabletop exercises.
Responsible disclosure
Documents
Information Security Policy
Download ↓
Certifications
ISO 27001 - ASA
Download ↓
ISO 27001 - Electrolyser AS
Download ↓
ISO 27001 - US
Download ↓