|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 16K. Cybersecurity
The Partnership recognizes the critical importance of developing, implementing, and maintaining a robust cybersecurity risk management, strategy, and governance program in order to safeguard the confidentiality, integrity, and availability of Partnership systems and information.
Board Oversight of Cybersecurity Matters
The Partnership’s Board of Directors has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats.
In particular, the Board oversees the Partnership’s cybersecurity threats, risk management, strategy, and governance; receives updates from Partnership management regarding the same; and approves certain changes or adaptations that support the same.
Management of Cybersecurity Matters
The Partnership’s management assumes executive responsibility for assessing, identifying, and managing cybersecurity threats, incidents, and risks.
particular, the Partnership’s Company Cyber Security Officer (CCSO) reports via the IT Manager to the Chief Executive Officer and Chairman of the Board. The CCSO plays a pivotal role in assessing and managing cybersecurity threats, incidents, and risks at the Partnership. Our CCSO holds a Bachelor degree in Information Technology and has 5 years’ experience in a cyber security role along with more than 10 years’ experience with the Partnership, KNOT and its affiliates. Our CCSO’s professional development is sustained through various courses and certifications within the IT and information security industry.
The CCSO is supported by other key members of Partnership management and dedicated information technology and security personnel and resources, both internally and from third parties. Collectively, these personnel and resources allow the Partnership to strategically integrate cybersecurity into its broader risk management framework and decision-making process.
Partnership’s management has processes in place by which it is informed of and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and aligns its controls with industry-accepted frameworks, such as NSM Grunnprinsipper (the basic principles authorized by Norway’s National Security Authority), the NIST Cybersecurity Framework, the ISO/IEC 27001 standard, and the CIS Controls. These processes include, but are not limited to:
Engagement of Third Parties on Risk Management
Partnership leverages the cybersecurity expertise, insight, and resources of various external third parties, including but not limited to cybersecurity service providers, assessors, consultants, auditors, and other third parties engaged on an as-needed basis. The Partnership engages with these third parties to perform audits, threat and vulnerability assessments, incident response plan testing, Partnership monitoring of cybersecurity risks, and consultation on security enhancements.
Managing Third Party Risk
Partnership recognizes the risks associated with the use of vendors, service providers, and other third parties that provide information system services to it, process information on its behalf, or has access to the Partnership’s information systems, and Partnership management has processes in place to oversee and identify material cybersecurity risks associated with its use of such third parties. These processes include, but are not limited to:
Communicating and Reporting on Cybersecurity Matters
The IT Manager maintains ongoing dialogue with the CEO to ensure awareness of the Partnership’s cybersecurity posture and developments, including but not limited to new threats, incidents, risks, risk management solutions, tools, trainings, strategy pivots, or governance changes.
, the IT Manager reports to the Board regarding significant developments in the above topics. This ensures the Board is equipped with information to exercise oversight on critical cybersecurity issues.
Material Impact on Partnership
far, to the Partnership’s knowledge, the Partnership’s business strategy, operations, or financial condition have not been materially affected by, and are not likely to be materially affected by, any largescale cybersecurity threats or incidents.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Partnership’s management has processes in place by which it is informed of and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and aligns its controls with industry-accepted frameworks, such as NSM Grunnprinsipper (the basic principles authorized by Norway’s National Security Authority), the NIST Cybersecurity Framework, the ISO/IEC 27001 standard, and the CIS Controls
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board Oversight of Cybersecurity Matters
The Partnership’s Board of Directors has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats.
In particular, the Board oversees the Partnership’s cybersecurity threats, risk management, strategy, and governance; receives updates from Partnership management regarding the same; and approves certain changes or adaptations that support the same.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Board of Directors
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Communicating and Reporting on Cybersecurity Matters
The IT Manager maintains ongoing dialogue with the CEO to ensure awareness of the Partnership’s cybersecurity posture and developments, including but not limited to new threats, incidents, risks, risk management solutions, tools, trainings, strategy pivots, or governance changes.
, the IT Manager reports to the Board regarding significant developments in the above topics. This ensures the Board is equipped with information to exercise oversight on critical cybersecurity issues.
|Cybersecurity Risk Role of Management [Text Block]
|
Management of Cybersecurity Matters
The Partnership’s management assumes executive responsibility for assessing, identifying, and managing cybersecurity threats, incidents, and risks.
particular, the Partnership’s Company Cyber Security Officer (CCSO) reports via the IT Manager to the Chief Executive Officer and Chairman of the Board. The CCSO plays a pivotal role in assessing and managing cybersecurity threats, incidents, and risks at the Partnership. Our CCSO holds a Bachelor degree in Information Technology and has 5 years’ experience in a cyber security role along with more than 10 years’ experience with the Partnership, KNOT and its affiliates. Our CCSO’s professional development is sustained through various courses and certifications within the IT and information security industry.
The CCSO is supported by other key members of Partnership management and dedicated information technology and security personnel and resources, both internally and from third parties. Collectively, these personnel and resources allow the Partnership to strategically integrate cybersecurity into its broader risk management framework and decision-making process.
Partnership’s management has processes in place by which it is informed of and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and aligns its controls with industry-accepted frameworks, such as NSM Grunnprinsipper (the basic principles authorized by Norway’s National Security Authority), the NIST Cybersecurity Framework, the ISO/IEC 27001 standard, and the CIS Controls. These processes include, but are not limited to:
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Company Cyber Security Officer (CCSO) reports via the IT Manager
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CCSO plays a pivotal role in assessing and managing cybersecurity threats, incidents, and risks at the Partnership. Our CCSO holds a Bachelor degree in Information Technology and has 5 years’ experience in a cyber security role along with more than 10 years’ experience with the Partnership, KNOT and its affiliates. Our CCSO’s professional development is sustained through various courses and certifications within the IT and information security industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The IT Manager maintains ongoing dialogue with the CEO to ensure awareness of the Partnership’s cybersecurity posture and developments, including but not limited to new threats, incidents, risks, risk management solutions, tools, trainings, strategy pivots, or governance changes.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef