Digitalisation and cyber security

Digitalisation

In 2024, KMG successfully completed all planned initiatives in time and ensured dull compliance with the Development Strategy until 2031. Current efforts focus on corporate data consolidation, business process re‑engineering for the ERP system upgrade, and seamless IT technology integration. These initiatives enhance operational efficiency and ensure uninterrupted IT services across all KMG divisions, directly supporting our long‑term strategic objectives.

Completed projects

Contract Record‑Keeping System

To ensure transparent distribution of oil products across Kazakhstan, KMG developed and implemented the Contract Record‑Keeping System. It enables buyers of lubricants and fuels to manage the entire document flow via a personal account and monitor their purchase requests in real time. The system fulfils the requirements of clause 6.1 of Decree of the President of Kazakhstan On Measures to Liberalise the Economy by providing digital access to KMG's commercial services and ensuring transparent fuels and lubricants distribution.

Electronic Job Order

Ozenmunaigas has implemented the Electronic Job Order project enabling automated creation, review and approval of job orders in well servicing. The project connects a number of departments to a unified digital system: Oil and Gas Production Department 1, 2, 4, 3, Reservoir Pressure Maintenance Shop, and Kezbi. In 2024, some 5,470 job orders were created and approved digitally thanks to the project, reducing coordination and approval times from two hours to just ten minutes. The system minimises errors and inconsistencies through automated field verification, whilst enhancing operational transparency.

Online Work Acceptance Certificate

In order to ensure transparency of processes and remove red tape in approving and signing work acceptance certificates, Ozenmunaigas run the Online Work Acceptance Certificate project. The system provides both procuring entities and counterparties with clear visibility of the coordination process, accessible from any device, thereby streamlining administrative procedures.

ORDA

The ORDA project unifies 23 subsidiaries under a single kmg.kz domain, including migration of user accounts and mail services to Microsoft Exchange architecture. This consolidation simplifies administration, strengthens access management, and enhances centralised infrastructure oversight. Serving approximately 8 thous. users, the project provides transparent resource access and improved cross‑domain interaction, whilst reducing IT support costs, boosting the kmg.kz brand recognition, and facilitating infrastructure modernisation and new software implementation.

IT Service Management System (ITSM)

While establishing a unified IT service management system for the Group, we rolled out the ITSM platform to eight subsidiaries (piloting since 18 November 2024). The current ITSM system covers:

• 17 subsidiaries and associates, all supported IT services are under control and monitoring (100% coverage).
• 65 subsidiaries and associates, with established control and monitoring of centralised IT services, including technical support for Electronic Document Flow (Directum) and Automated Master Data Management systems across KMG Group.

Projects in progress

KMG DATA project

Creating a centralised monitoring system to collect daily production and corporate data, and performance indicators across the KMG Group, enhancing management control and speeding up decision‑making.

Migration to SAP S4 HANA project

Focuses on business process reengineering and upgrade to the more efficient SAP S/4HANA system. As a result, we will comply with regulatory requirements (by Samruk‑Kazyna and the Ministry of Finance) whilst establishing end‑to‑end processes that enhance internal business operations and improve the quality and completeness of data for management decisions.

Automated Master Data Management project

It will remove duplication and enhance planning processes, directly contributing to inventory reduction. The centralised analysis of goods, works, and services, combined with warehouse balance monitoring, increases operational efficiency and supports more informed decision‑making. The system also maintains a comprehensive reference database of business partners. It covers 35 subsidiaries and associates.

Cyber security

In cyber security, KMG aims to protect information from external and internal threats, prevent potential losses and minimise damage from cyber attacks and unauthorised actions to ensure undisrupted full‑fledged operations of KMG and its subsidiaries and associates.

Ensuring information security is an ongoing process that combines legal, organisational and technical measures of protection. Important components here are regular analysis, audits, and penetration tests, as large‑scale information systems are most often used in geographically distributed infrastructure environments of large oil and gas production sites with continuous process cycles. Unauthorised access to KMG’s protected networks and systems may have a devastating impact on infrastructure and consumers as well as the country as a whole. There were no incidents significantly impacting KMG systems or equipment in the reporting period.

To ensure its information security, KMG strictly complies with Kazakhstan’s respective laws and adheres to international approaches and ISO/IEC 27001 standard on information security management systems. We have been certified under the ISO/IEC 27001:2022 standard showcasing KMG’s commitment to excellence in data protection. This certification both elevates stakeholder confidence in us and demonstrates our preparedness to meet and exceed global information security benchmarks.

Information security includes organisational and technical measures to protect IT infrastructure of KMG’s information systems, critical ICT components and automated process management systems.

On an ongoing basis, the Company assesses information security risks to identify and prevent respective threats and lower cyber attack risks through continuous monitoring of information security incidents via the information security operations centre. In the reporting period, the centre reported and handled 1,800 potential incidents.

KMG regularly holds external assessments and audits of cyber security, along with initiatives aimed at identifying and addressing vulnerabilities in the information infrastructure. To that end, we conduct regular scans and pen testing of systems across KMG, its subsidiaries and associates to detect potential vulnerabilities, with prompt measures implemented to fix them.

KMG places a special emphasis on awareness‑raising activities for employees regarding information security, including prevention of phishing and social engineering threats. The Company regularly conducts training sessions, workshops, and testing aimed at fostering safe behaviour skills when using email and other communication channels.

We utilise the latest and innovative technologies, including automated systems for vulnerability analysis and incident monitoring, enabling the Company to proactively manage cyber threats. In 2024, our security infrastructure successfully repelled more than 7 mln cyber attacks targeting corporate web resources.

This dual approach – combining human expertise with technological excellence – provides comprehensive protection for our information infrastructure.

Information security is a special focus for KMG’s management.

Strong information security management as a rule contributes to the Company's ongoing development by protecting it from threats, ensuring legal compliance, securing its reputation and fostering the uptake of innovations. Integrating information security aspects into the business strategy is now a major part of corporate governance efforts.

Going forward, KMG will continue following these key security pillars, embracing international best practices and standards for information security management, maintaining strict compliance with Kazakhstan’s laws, and leveraging emerging technologies and innovations.